URL based authorization
We have used the single role
USER so far, but most applications have multiple roles for their users. This allows only certain operations (like deleting e a user) for certain roles (like administrators).
As an example of how this works, we will create a second hardcoded user
admin which has the