This document discusses implementing role-based access control (RBAC) on a web application. It begins by defining access control and RBAC. It then examines different approaches to access control, including level-based, user-based, role-based, and responsibility-based. For the project, it recommends a role-based or responsibility-based approach using tables to define users, roles, tasks, and permissions to allow restricting access based on a user's role(s). It also discusses designing this as a draft and considering requirements to control data updates based on user roles.