In Ignition, projects as a whole can specify a list of roles that are required to even log-in in the first place.