Determine Access Privileges
Identity Cloud determines what access a user has as follows:
Identity Cloud checks the
onRequestscript specified in
router.json. By default, this script calls
If access requirements are not satisfied, Identity Cloud then checks for any privileges associated with the user's roles.
onFailure scripts are supported when using privileges.
onFailure scripts are called only if both the
onRequest script and the privilege filter fail.
onFailure scripts are not required for the privilege mechanism.