All systems need some sort of security model to prevent everyone from doing everything. Security models are usually made up of three things:

This is true in the physical world as well as the virtual computer world.

Take the simple example of a restaurant — say, Gordon Ramsay's The London in Manhattan (a fantastic restaurant where my friends and I actually met Gordon Ramsay after having dinner). There are three primary groups: the owners, the employees, and the customers.

The owners have the rights and privileges to go anywhere they want in the restaurant, can hire and fire employees, and most likely have the combination to the safe. They are the administrators and have rights to all objects: the restaurant, the bar, the kitchen, and the store rooms.

The employees are another group with more restricted rights. All employees likely have the rights to access the kitchen object. Waiters have the rights to the restaurant floor object. Bartenders have the rights to the employee-side-of-the-bar object. The maître d' has the rights to all the aforementioned objects. Yet, if you saw a waiter behind the bar, that might raise some questions, especially if he were having a drink!

Customers, on the other hand, have the most restricted set of rights. They have access only to their table object (reservations are recommended), the customer-side-of-the-bar object, and the restroom objects. ...