As we build our apps, there are going to be screens that we only want our elevated users to access—for example, administration screens. To achieve this, we need to be able to distinguish users from each other and understand what roles they have available to them. One of the key ways of doing this within Office 365 is through the use of AAD security groups.
Storing access lists within the app
One of the simplest ways of being able to secure parts of your app is by using locally controlled access lists. This is a way that is usually favored by users who are producing less critical apps and want to maintain their own access control lists in a very simple way.
One way that is quite common is to store the user information within a collection that contains the username and the level of access you wish to give them. The advantage of this method is that it is completely within the control of the app owner to add and remove users from elevated rights; however, there...
