The first consideration I had when designing the system was to ensure that it complied with the licensing agreement for the underlying database. This meant ensuring that there were never more than twenty connections from the webserver. As part of the logon process, the system checks how many sessions are currently active. A new session can only be started if the number was below the limit set in the configuration file. Sessions that are inactive for a period defined in the configuration file are automatically ended, and the user is logged out.
The system was designed the system to allow for granular permissions based on role or individual user. Users log in to the system where they can see a list of utilities to which they have access. Users are unable to access any tool to which they have access to.
I designed the system to ensure that all access (and attempted access) is logged in a separate audit database.