How to restrict access to the cms and console applications
Editors and authors don't need to be able to log in to the console application; site users shouldn't be able to log in to the cms application either. Because all these users are managed in the same way, restrictions are placed on the types of users that can log in to either application to begin with. By default users must at least have the role hippo:author on the node /content/documents to be able to log in to the CMS and the role hippo:admin on that same node to be able to log in to the console.
To customize these settings edit the properties frontend:privileges and frontend:privileges.path on the root nodes of these respective applications (i.e. /hippo:configuration/hippo:frontend/cms and /hippo:configuration/hippo:frontend/console).