Are you using a MySQL Database? And is your PHP application coded using any frameworks that you know of, Zend, Symfony, Yii, Laravel, Codeigniter? A lot of those frameworks already have permission systems built in. Assuming you're not using any of those, one option is creating roles, then assigning those roles to your different PHP pages, and you would then assign the roles to a user. Here's an example of how to structure the database. You need at least 4 tables roles: id, name This would be for adding the role names (admin, users, partners, etc) role_permissions: id, role_id, page_name This would be assigning what pages a specific role can access. user_roles: id, user_id, role_id This is where you assign a user to a role users: id, username, password, email (I'm assuming you already have a users table, but this is were your users would be stored) Now let's assume you have all the roles configured and a users assigned. SELECT COUNT(rp.page_name) FROM user_roles AS ur JOIN role_permissions AS rp ON rp.role_id=ur.role_id WHERE ur.user_id=:user_id AND rp.page_name=:page_name If the result equals 1 the user has permission to view the page, if 0, they do not. This is one of the most scalable and configurable ways to handle RBAS (Role Based Access Systems) If you'd like I can draw out detailed blueprints (WireFrames) on how the UI would look for configuring roles and assigning them to users and how to implement a re-useable class so you only need to write 1 line of code to check if a user has permission to access a specific page. I'd be happy to speak with you over the phone to go over this more in detail.