You manage security in Allaire Forums on two different levels:
You use authentication to determine the identity of a user. You might, for example, require users to provide a username and password to gain entry to a conference. Permissions, which are defined for each user group, determine what that user is allowed to do once they enter a conference. For example you might have two groups, Moderators and Everyone, each with very different permissions according to their role in a conference.
Authentication is managed on the conference level. You can use three different types of authentication:
You manage permissions at the conference and forum level. Permissions are assigned to user groups. And since all users are members of at least one group, you manage access to conference features by managing group permissions. Users inherit the permissions assigned to their group. Group permissions include the ability to access a specific conference, create message threads, or post replies to existing messages.
Forums, which are discussion areas within a conference, can be assigned to multiple conferences. By the same token, you can limit which forums are available to particular conferences. When users enter a conference, they only see the forums an administrator has explicitly defined for that conference.