Basic authorization is built into the system, and is used for navigation and slots security objects.

The icons displayed by core/nav are the entry points into the major functional groups areas in the system. Authorization to these entry pages is automatically checked by core/nav, so the user only sees those entry points that they are authorized to. In a similar way, the slots module/index, displays only pages that the user is authorized to see.

In addition, authorization to each slot is determined as the slot is loaded. So, even if a user were to type in the page name into the URL, they would not be shown any of the slots that they were not authorized to.