Enforcing security consists of two parts, Authentication and Authorization. Authentication is the part of verifying your identity. The application verifies that you are the person you claim to be. This means the user to enter the user name and password.

Authorization is determining whether or not a user has the permission to perform an action in the application. Authorization relies on knowing the identity of the user and being able to find the security information associated with that user. Based on the security information, the application then can grant or deny permissions.
 

Vertikal Systems applications provide a role-based application authorization capability

In a multi-user application which is deployed over numerous devices which are linked together in a network it is more than likely that not all functionality will be available to all users. In this situation a method is required whereby functions / entities within the application can only be accessed by persons to whom permission has been granted.

Role-based access control attempts to allow administrators to specify access control in terms of the organizational structure of a company.

Role-based access control does this by using the concept called a role. You assign a user or group to a role to perform a job function. Unlike groups, however, a role defines the authorization permissions on some set of resources. In the Role-based access control model, the administrator uses the role to manage permissions and assignments.

The users are organized into groups and permissions are assigned to the group, also permission can be assigned to the individual user too. A user can belong to more than one group at the same time. Any change made to a group's permissions will automatically be inherited by all members of that group.

For example, a company may create a role called Sales Manager that has the permissions that a sales manager needs for their job. When sales managers are hired, they are added to the Sales Manager group (assigned the Sales Manager role) and instantly have all required permissions for that job. When they leave the position of sales manager, they are removed from the Sales Manager group and no longer have Sales Manager access. Since the role allows access to be granted in terms of a company's organizational model, it is more intuitive and natural for administrators to specify access control.

Application Administrators should plan and coordinate these security measures.