Is this true or did I misunderstood something? Can I realise something like that with the security framework or do I have to implement my own soltution (aka bypassing the authorization part and only use the authentication)? Thanks!