The Framework security is optional. In this way you can still control who accesses your application, but you won't be able to control what they can do within the Framework.
