You need to use roles, each role has permissions (permissions.ini)...
Begins here :
http://xataface.com/wiki/authenticationWell you have all this in the wiki
Security authentication - Overview of Xataface Authentication
registration form - Enabling User Registration in Xataface
permissions.ini file - Reference of the permissions.ini file directives.
Permissions - Use sessions and delegate classes to define permissions at the record and field level. (From the Getting Started tutorial).
Delegate class methods - Permissions-related functions
Relationship Permissions - Guide to permissions on related records.
How to disallow access to tables
site_with_backoffice - A site with a backoffice without obligation to log in
Security Filters - Use security filters to block users from seeing certain records.
How to granulate permissions on each field - Decide for each field who can edit, read...
no_access_text - Replace the default NO ACCESS permission text with another text.
LDAP or Active Directory - How to authenticate users with LDAP or Active Directory...
Jean