[eluser]webthink[/eluser]
The very general overview of how this is achieved is to store the user_id and role in a session var when the user logs in. Then for each controller you need protecting put calls to code that check the allowed roles against the role in the session var then, once authorized, use the user_id to grab the relevant user record(s) from the db.
Of course within that basic structure there are hundreds of possible variations. How you achieve it is entirely up to you.