This allows disabling authentication after a higher level specifies an AccessRequirements value, eliminating the last reason to keep access.ars around.