The access to a Web App is controlled by roles assigned by the respective identity provider (IdP). In the X4 BPMS standard configuration, this was often Keycloak, but starting with X4 BPMS 7.5.0, other IdPs can also be used, provided they are OIDC-compatible.
Each user is assigned one or more roles in the IdP. The assigned roles can be used to control the access to a Web App. In the .wac file, you can specify which role must be assigned to a user in order for them to be granted access to the web app. With the Access Right setting in the .wac file, you can restrict the access to the entire Web App
and it is also possible to control access to individual components and modules pf the Web app via roles.
More information: