User Access Rights or Permissions to features of a web app patterns or best practices

I have to implement user access rights or permissions to different features in a web app. For example; if the user cannot view reports, do not show the Report menu, or if the user cannot create new employees开发者_JS百科, do not show the New button. These user access rights or permission would be turn on/off UI elements. I'm looking for patterns or best practices to accomplish this.

I was thinking on just creating a function called bool UserHasPermission(Activity). The function will be inside the UserSecurity Class. I'll pass some activity, like "Reports" and true or false. If true, then I will do manuoption.visible = true or the other way around.

Would this be a good idea? The only thing it bother me if that I'll have to pass a string with the activity "Reports".

Thank you your opinion/advice,

Aldo

---

Instead of reinventing the wheel, try and repackage the System.Web.Security

RoleProvider (http://msdn.microsoft.com/en-us/library/system.web.security.roleprovider.aspx)

and

MembershipProvider (http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.aspx) classes included with ASP.NET.

You can then leverage the pre-written and supported interfaces e.g. IsInRole("blah");

Tutorials:

http://www.15seconds.com/issue/050216.htm

http://www.devx.com/asp/Article/29256/0/page/3