User security authenticates users when they log into a ColdFusion application, and then assigns privileges based on group membership or other criteria that you determine. For example, suppose you've used ColdFusion to build and host your company's intranet. The Human Resources department maintains a page on the intranet where all employees can access timely information about the company, like the latest company policies, upcoming events, and job postings. You'd want everyone to be able to read the information, but you'd only want certain authorized HR employees to be able to add, update, or delete information. In addition, you might want to let employees view customized information about their salaries, job levels, and performance reviews. You certainly wouldn't want one employee to view sensitive information about another employee, but you'd want managers to be able to see, and possibly update, information about their direct reports. User security authenticates and authorizes users each time they try to access or work with sensitive data.
User security is made up of two components:
Before you can implement user security in your applications, you must make sure that your ColdFusion administrator has installed Advanced security on the server and has configured the appropriate security framework for your application. After the security framework is in place, you can code security features into your ColdFusion applications. For complete information about installing Advanced security and setting up a security framework, See Administering ColdFusion Server.