You have users. You also have groups. You assign a user to one or more group(s). Therefore, you usually have one or more actions, or permissions. You assign one or more permissions to each group.
That, in turn, allows your users access to the application. What I do is to pass in a URL such as something like this,
There I take the parameter 'products' as the group, and the parameter 'view', as the action, based on an ID. Authentication takes care of the rest. Fire and forget basically?