Better approach to restricting users access to managed controllers?

[eluser]gwerner[/eluser]
What is the best approach to allow/deny users from accessing certain controllers? Currently I've been building the checks into a MY_Controller.php. In that file I have an Admin_Controller class which extends the CI_Controller. First I check to see if a user is "logged_in". If so, then I run a query that pulls the ids associated to the various sections/controllers of the site. Based on that query a menu is generated with only the links of the areas that user has permission to access. This check also prevents a user from simply typing the url in the browser. If URI segment doesn't match the IDs in the query I mentioned earlier they are redirected.

Is this the right approach? This is for an administration area of a site I'm developing. It will receive light traffic only. The down side that I think I see (but there may be more) is that a database query exists for every page request for every user using the admin. I'm not coming up with a better way to handle this though. This seems to be the only way to handle this dynamically. By that I mean, a user would need to log out and log back in if a new area of the site is created or their permissions have been updated. With the check happening at every page request this seems to ensure that users only have access to areas they've been granted access in real time.

Any thoughts or advice on this is appreciated.