inside the package.manifest.json file I have some scopes defined. This scopes are assigned to permissions inside the "menu" struct.
But the items on the ctrlX main menu can be called by any user, even if they do not have the necessary permissions.
The user have the correct permissions assigned and also the JWT permissions are correct.
How can I restrict the access of items inside the ctrlx menu, sidebar and settings?
Currently it is not possible to restrict the access of the ctrlX sidebar over the User&Permissions.
Means you can open every page linked in the ctrlX menue. If you don’t have the permission you will get a message that you are not allowed to use the function of this page. (unfortunately at some pages cryptical)
I will make a requirement of the (useful) feature into the develepment pipeline...
Thanks for the answer. Can I get feedback on when the feature is available?
The feature is now in the development backlog.
No sheduling until now. Sorry.