web2py includes a powerful and customizable Role Based Access Control mechanism (RBAC)
In order to use RBAC, users need to be identified. This means that they need to register (or be registered) and log in.
Auth provides multiple login methods. The default one consists of identifying users based on the local auth_user table. Alternatively, it can log in users against third-party authentication systems and single sign on providers such as Google, PAM, LDAP, Facebook, LinkedIn, Dropbox, OpenID, OAuth, etc..
To start using Auth, you need at least this code in a model file, which is also provided with the web2py "welcome" application and assumes a db connection object:
from gluon.tools import Auth
auth = Auth(db, hmac_key=Auth.get_or_create_key())