In addition to security configuration, developer defined filtering configuration can manage the output produced by client invocations of REST. This is accomplished using Java bean filtering:
/atg/dynamo/service/filter/bean/beanFilteringConfiguration.xml
See the Bean Filtering section of the ATG Web Services and Integration Framework Guide for more information.