How to Prevent Unauthorized Access in Applications

Application security includes securing the transaction and all functions within a transaction:

Transaction security denies or permits user access to one or more transactions.
For example, transaction security prevents a non-manager from accessing the maintain payroll transaction.
Transaction security is typically a requirement of all application systems.
Functional security determines a user's access based on the transaction function being attempted.
For example, functional security allows a manager to access the maintain payroll transaction but will prevent a non-finance manager from approving the payroll.
Functional level security is less common.