Two approaches can control access when it comes to security: blacklisting and whitelisting. Blacklisting involves building an application with any number of features and functions and then restricting a specific user from accessing a subset of those features. Whitelisting is just the opposite: building an application with any number of features and functions and then granting access on a subset of those features to a specific user. While the end result with either approach is the same, the overall manageability and liability with each differs.
A major drawback with the blacklisting approach is that as new features and ...