Once a user has been authenticated (typically by a username and password), your systems need to determine what that user is entitled to do. This would typically make use of a permissions system that would specify the actions that each user is permitted to carry out. Of course this will need to be periodically reviewed and reported on, with controls to make sure that the appropriate changes are made when someone changes roles or leaves the business. There are often specific procedures to be followed when a user requests a new permission, and we can provide or develop software that will manage this procedure, generally by emailing the relevant approvers for their permission