User Authentication Setup

[David Lloyd]

Hi There!

I've managed to get Freeside running, however I have an issue:

If I have an agent "basic agent", how does one stop "basic agent" from
fiddling with the administration settings?

- running a separate page without those settings on doesn't seem secure
enough to me
  (i.e. I could authenticate as the real user, setup a trojan freeside
on my own web servers and so on...)

- specifically, it looks as though once a user is authenticated they
have full administration rights; a clerk at the desk, for example, could
invent an unlimited download plan with no costs with the click of a few
buttons

DSL
-- 
"The greatest thing you'll ever learn is
  just to love and to be loved in return."
  - David Bowie (Nature Boy from Moulin Rouge)