Before you go live with an application, it is important to apply proper security measures. One of the most basic forms of protection that any web application must have is the enforcement of an authentication and authorization policy. Authentication deals with identifying users to the application; you’ve already implemented it in this application using a custom authentication scheme: a username and password. Authorization is the process of assessing whether the authenticated user is privileged to access certain data or perform a particular action. Recall that you have already laid the foundation of application authorization in Chapter 6, where you specified the application segments to which you want to apply authorization. Then, you created user groups and provided them with the appropriate application access privileges. In this chapter, you will create a bunch of authorization schemes to protect your application. These schemes will be created to protect menus, pages, buttons, and processes.