Access control is giving users appropriate rights so that they can do what they need to but are blocked from doing anything else.
Example - a button in a web application should only be use able by certain people.
Another consideration in web applications are web properties. Client-side web properties have a weakness because a user can change values in web browsers and send them back to the server. In other words, users can manipulate the web properties. To avoid that from happening, a better choice is to use server-side web properties. Server-side web properties are not sent to the client, but they are saved with the session. With every call to the server the properties are retrieved and available. Using server-side web properties makes applications much more secure.
There is one method to check if a user has access to a view called AllowedAccess. AllowedAccess is called before the view is loaded and is triggered when the URL features are used. OnChangeRights is used with the menu and is automatically triggered by the session manager when a user logs in or out.