To give access to private custom routes, you need to add an entry in the config/permissions.php file.
The name should be the same as the model part of the route.
Adding to new entry to the config/permissions.php file will add the proper entry in the Rights section in User and Group.
To give access to a service, you need to give rights to the user. In the case of API access, API ACL has to be considered.
If you use some new action in the route, you will have to map the action to a privilege in config/privilegeMap.php.
The privilegeMap can be used to skip the rights all together. Add an entry mapped to 'none' to skip permission enforcement.
$privilegesMap["action"] = array_merge(
$privilegesMap["action"],
[
'Barn-account' => 'none'
]
);This new service is on the /Barn/account route.