Assign to users/clients only those privileges that are strictly necessary for them to perform their duties and block access to everything else (the principle of least privilege).
Ensure that the workflow's privileges are correctly checked and enforced at every step.
Deny all access by default and then allow users to perform tasks/access information after an explicit verification of authorization.
Users, roles, and authorizations should be stored in a flexible media, such as a database or a configuration file, so that they can be added, deleted, or updated. Do not hardcode them.
Again, security through obscurity is not a good posture to take.
