Does your website have a third party CMS under the hood?
If yours is a DIY web site, the essential elements in writing a basic permissions system to control access to content could be (one of many ways):
Roles table defining fields role ID and name (1="Admin",2="Standard", etc)
Users table joining role table based on role ID
Content table with content and field which defines which roles ID are permissed.
When the user visits a given page, a permissions check function is called which queries their role ID and permissed role ID's and ensures a match and display content. Otherwise deny access to the page.
Most custom CMS's follow this same basic procedure except some of them groups content into content types as an easy way to invoke permissions, or they create SDK's or API's which make it easier for developers to query user/content/role data without SQL statements. As you mentioned you prefer the "best and most secure" way - be aware of these pitfalls in your design:
Try to avoid shortcuts like storing roles only in cookies. Cookies are easily spoofed. Use sessions (which also involve cookies) with limited information such as user ID and a hash with a hash table and session expiry on the back end. Make sure all forms are protected from SQL injection and follow basic XSS procedures to ensure safe session control. These are reasons folks use third party CMS's.
Hope this helped you in terms of generic, high level view of things.
