I am interesting in learning how to create a user access system complete with different levels of access for certain components of an application. Based on user level, the user may or may not be able to see a control, and if the user can see the control, they may or may not be able to use/view it.

I would REALLY like to tie the user access into our network access (this application will eventually be global), which appears to use Active Directory. What I would need to do then is figure out:

a.) ... the most appropriate way to facilitate giving users access to certain areas of the application. Do I do it through user groups and have to submit some type of change request, or do I simply create table in the Oracle server and link user levels to the login name?
b.) ... how to actually change the attributes of various controls to allow/disallow viewing and/or usage.

Any ideas on good resources to start researching? Not expecting someone to write this for me - it's work I need to do. But I am just starting in .NET, so hoping a little guidance will speed me along. Thanks!