We have a 2.4.5 site that we would like to limit to access to certain pages to only members of certain groups. My understanding is the Access tab normally would provide this behavior for any SilverStripe page, however it is not clear to me this is working for us.
I can create a new page, change the 'Who can view this page?' to 'Only these people (choose from list)' and select a group by clicking a checkbox for a particular Viewer Group.
However when I then navigate to the new page with a fresh browser (all cookies and history cleared), I will be prompted for access credentials but upon success am allowed to see the page content, regardless of the fact I am not in the particular Viewer Group. I've tested this behavior in our other SilverStripe installations as well and it appears to behave the same way.
###
On the same topic, I'm interested in learning how to create a new page type that takes a password before rendering the page content? I have yet to make up any SS page types. This would be for low-security items such as you might otherwise put behind an htaccess file.
A simple 1 password per page would be adequate. Primarily this would be to give non-internal users access to the page while preventing them from being crawled by various search engines and letting random people stumble upon it. We've disabled the default username/password login and only allow access via our single-sign on, so we cannot make arbitrary users in SilverStripe.