Many database-driven web applications need to identify users. For example, you log in to access your Gmail account, or to use Amazon bookstore services. TurboGears therefore provides an identity system that you can use in your applications. This system supports both authentication (who is the user?) and authorization (which rights does the user have?) features, and allows role-based access control by assigning users to groups.
You use identity decorators to require user authentication and to authorize specific accesses:
class Root(controllers.RootController):
@expose()
@identity.require(identity.in_group('admin'))
def index(self):
...
You can use identity management in both controllers and templates: