Security is implemented for both authentication and authorization. Authentication is the simple process of confirming the user’s identify. Authorization is the process of controlling the user’s access to certain portions of the administration site. Authorization is much more importation in the administration side of the operation, for example limiting a user’s access to the intake processes and reports and not to the flighting portions.
From this list, you can block future login attempts, change passwords, and 'become' the user.
Each user can have 1 or more roles. An example of a role is Flighting. Users assigned to flighting would have access to flighting related processes and reports. Users not assigned to flighting would not have access to anything flight related. Roles are easily created, deleted or renamed to meet your needs.