For now, Boomla has minimal access control features.
Only 2 kinds of users are supported:
Anyone who is not logged in. This user has read-only access.
The website owner when logged in. This user has read-write access.
All requests are served (executed) in the name of the requesting user. This means that for Anonymous visitors, you can not create logs on the server.
A branch may be private or open source, which is affecting who can fork, pull, and otherwise access the filesystem of the branch. Private branches can only be accessed by their owner. Open source branches may be accessed by anyone, with read accesss. You can mark a branch private or open source on the Control Panel.