Before a user can access a method or field, the web client performs authorization checks before the page is initially loaded. If the user does not have access, the client authorization check fails, and the server is not invoked. This check is configurable in the curam-config.xml by setting the SECURITY_CHECK_ON_PAGE_LOAD property. Section 3.12.13 General Configuration in the Cúram Web Client Reference Manual should be consulted for further details on this.
By default any such web client authorization failures are not recorded. This behavior is configurable. Controlling the Logging of Authorization Failures for the Client should be consulted for further details.