Described is a method that comprises storing information that defines administration roles, that associates a user with one or more of the administrative roles, and that associates each administration role with one or more administrative privileges. An administrative privilege authorizes at least one administrative function. When the user requests the execution of an administrative function, the requests is honored only when one of the user's administrative roles includes an administrative privilege that authorizes the requested administrative function. In addition, information is stored that associates each of a plurality of users with one or more administrative roles. At least two users administer the access control computer system from different locations, or from computers connected to two different local area networks. Information associating a user with one or more administrative roles may be stored in a cookie, which may be encrypted. The information stored in the cookie is used to determine whether an administrative function requested by a user may be executed on behalf of the user.