Either this is a bug or I'm just not doing something right. I have the following WORKING policy:
{
"Version": "1.0.0",
"Statement": [
{
"Effect": "deny",
"Resource": [
"URI:/account",
"URI:/account/my-account/",
"URI:/account/change-account-password/",
"URI:/account/email-password-reset-link/",
"URI:/account/child-users/"
],
"Condition": {
"Equals": {
"(*string)${USER_META.BillingId}": ""
}
}
}
]
}
But if I add the redirect:on:access-denied param, the user is still shown "Access Denied" and the redirect does not happen. I've tried using both "frontend" and "backend". Neither one of them works. Here is what I'm trying to use:
{
"Version": "1.0.0",
"Statement": [
{
"Effect": "deny",
"Resource": [
"URI:/account",
"URI:/account/my-account/",
"URI:/account/change-account-password/",
"URI:/account/email-password-reset-link/",
"URI:/account/child-users/"
],
"Condition": {
"Equals": {
"(*string)${USER_META.BillingId}": ""
}
}
}
],
"Param": [
{
"Key": "redirect:on:access-denied:frontend",
"Value": {
"Type": "URL",
"URL": "/billing-id-not-set"
}
}
]
}