Page Specific Security in SPA SDK

Hello, we have a requirement to mark a page as protected. As in, require that the user needs to be logged in or a part of a specific role outside of the Experience manager. Some concerns/approaches:

  1. We could create a page document to define these rules for each page/route.
  2. We could create a Custom Page Tool to control these types of settings.

Problems with both approaches. If we want to lock down the page/route if a user is logged in or a part of a role, we don’t want to expose the page model for people to inspect. This would defeat the purpose and expose the page contents when we don’t want to.

Is there a way to achieve this? @machak @jasper.floor