accessPermission is router parameter, which limits the usage of the route to users who are member of listed group(s) or have listed role(s)

 

Example

router.POST('customers/{id}') {
    strategy(DOCUMENT_FROM_VIEW_BY_KEY) {
        keyVariableName("{id}")
        viewName("customerById")
    }
    accessPermission "[CustomerService]"
    mapJson "company", json:'company',type:'STRING'
    mapJson "fdFirstName", json:'firstname', type:'STRING'
    events VALIDATE: {
        context -> 
        //Accessing the payload
        json = context.getJsonPayload()
        //Accessing the JsonObject
        id = json.getJsonProperty('id')
        if (id == '') {
            context.throwException("ID should not be null or empty")
        }
    }
}

In this case, POSTing to URL http://server.name/path-to/db.nsf/xsp/.xrest/customers/123 will be allowed only for users with role [CustomerService]