Controlling Access to an XPage with the XPage's ACL
Wednesday, July 15, 2009 at 1:20PM When you are designing with the "old" forms, you are able to restrict access to it using the security tab of the form properties, setting who had reader access, who had could create forms, etc, and you could use readers fields as well.
in XPages, you have something similar with the ACL, located in the data section of the xPage's All Properties. Here you can create aclEntries that can give Reader, Editor, or Deny Access to an user, group, Role or OrgUnit.
With this, you can control who sees what xPages, and what they can do with them. Remember, this is a refinement of the database's Access Control List, so you can't grant access to someone to view the page unless they have access to the database (but you can further restrict them).
Happy Coding!
ACL in Development, Tips and Tricks 