Restricting rights and buttons
18.10.2.2.5. Restricting rights and hiding buttons

In the Default Token Controller UI under section Security Settings, the roles required to carry out an action like saving or adding a token can be defined.In case an action like "delete token" is not desirable in general, one can use a role that no one has in the system.

When configuring access rights, it is usually necessary to specify corresponding REST access control rules. These rules can be configured in Adminapp >> Access Control >> REST Access Controller. Otherwise, it is possible that buttons are shown in the UI, but REST calls caused by a button get blocked.