Like authentication, the canActivate guard check can also be used for authorization. Implement a class with the CanActivate interface and inject the SessionContext service into the constructor; then, check whether the user belongs to a specific role in the canActivate function using the SessionContext service. Check out the following code snippet:

export class AuthGuard implements CanActivate { 
  constructor(private session:SessionContext) { } 
  canActivate() { 
    return this.session.isAuthenticated &&  
      session.isUserInRole(['Contributor', 'Admin']); 
  } 
} 

Only users with roles of Contributor and Admin now have access to routes that have this guard condition.

But what happens when a page has view elements that are rendered based on the user's role?