I was playing around with access control feature, and found that if I pass array() to 'users' like this:
array('allow', 'actions'=>array('contact'), 'users'=>array(), ),
I expect the controller will deny all access to action 'contact', however,
the controller allow all users to access it instead, so here array() == array('*').
This is not covered in any document that I have read, so I was wondering,
if it's a bug or a intended behavior.