Don't worry - the data isn't that precious and hardly any of it is there yet, anyway. I'm just doing proof of concepts right now

Yes, the roles idea has to be used, thanks - also it sounds like you are suggesting that I use the database itself to store users and roles; hadn't thought of that - sounds good.

I'd like to KISS so would like to avoid doing the authentication myself - having read some more following the ideas in this thread, I think I'm happy with basic http authentication