The ATG Platform REST Web Services provide the ability to secure groups of components within the same Nucleus subtree. This is accomplished by using the * wildcard character. Note that * is the only wildcard character allowed.
The following example sets the ACL for all components within the /atg/commerce
subtree to be accessible only by users with the restCommerceUser
role.
<rest-security> <default-acl>Profile$role$restUser:read,write,execute"</default-acl> <resource component="/atg/commerce/*"> <default-acl value="Profile$role$restCommerceUser:read,write,execute"/> </resource> </rest-security>