There are different applications (web or desktop) implemented by one vendor. All of them need to log the user in and give him appropriate access according to the roles and permissions he has.
The goal is to reduce the amount of redundant implementations and standardize and centralize the account access for all applications.
A user has a single account for all applications.
The access control database is placed at a central location where it is accessed by multiple applications.
Roles are assignable to a user per application.
A hard-coded super user with all permissions granted is provided for setting up the users and permissions initially. The password for this user is configurable.
Apart from local integration using an assembly, the access control can be accessible by external applications on other servers.
The implementation is abstract and hides unnecessary details to avoid the application developer having to be confronted by them.