I wanted to create a list of useful design information for user access rights. This isn’t such a common term in the industry just in our office. What we really want to talk about is user authorization. Authorization can be broken into two main listings Access Control Lists(ACL) and Role Based Access Control(RBAC)
ACL
Access control list(wikipedia )
Access Control Lists & Access Control Objects, good tutorial?(stackoverflow)
Access Control List
RBAC
How to build role-based access control in SQL
How To: Use Authorization Manager (AzMan) with ASP.NET 2.0
What Is Authorization Manager
Implementing Role Based Security using CSharp
Role-Based Security