In a role-based authentication software system, users are assigned one or more predefined roles. These roles then determine the user's privileges; the information they can see, areas they can access, and items they are able to change. Users in the database can be assigned roles in a variety of ways, but most commonly get their roles by participating in Kavi® Groups and through their classification in Kavi® Members.

Kavi Members categorizes users of the web site into different types, which indirectly grant each user a set of roles. These roles are monitored by the web site software to determine which areas a user can access. A user without any roles will not be able to log in to protected areas of the site. Users with highly privileged roles will be able to access all the information stored on the site, manage this information, and even reconfigure the web site software.

Figure 3.1. Members-Only Tools Available by Role

When a regular user with limited roles logs in to the members-only area of the web site, they are presented with only a limited set of tools. In contrast, when a user with many roles logs in, they see links to access a variety of powerful tools.

The roles assigned to a particular user are not typically shown on the web site. To determine which roles a user has, administrators can look at the user's types, their company's company types, and the groups in which the user participates. On a well-configured site, an examination of these types will make it immediately obvious which tools a user can access. For example, a user with the "Company Administrator" type can access tools for administering their company's information, and a user with the "Organization Admin" type can manage all the organization's information.