This implementation of the AccessController interface performs access control based on access rights. You specify the access rights through the allowedAccessRightNames property, which is a List of access right names. If a page’s URL is mapped to an AccessRightAccessController component (through the Access Control Servlet’s accessControllers property) , then that component’s access rights are used to control access to the page.

Access rights are associated with users through global and organization roles. If a user’s role and the AccessRightsAccessController associated with the page have at least one access right in common, the user is allowed to access the page.