Whenever a REST call occurs, the system checks the AccessControllerService to determine if access to the URL should be granted for the given user. Access control to REST services is set with access controllers that are defined in the /atg/dynamo/servlet/dafpipeline/AccessControlServlet.

The access controller recognizes the /rest/model/ syntax and then maps the actor and call to a controller.