A secure data processing system having a plurality of resources accessible over a network arrangement such as the Internet and including a server, maintains lists of three categories of access authorization information. A resource list contains path or location information such as a universal resource locator (URL). A profile list maintains a plurality of profile data specifying individual resources or combinations of resources. A user list contains a userID or other data by which a user may be authenticated to the server and one or more profiles freely assignable to respective users. An access control program allows administrator supervision of editing of the lists of user access authorization information. An authorization program performs authorizations to resources for all users based on the profile information of respective users upon completion of editing. A user is authenticated by the server upon communication by the user to the server and user requests of authenticated users to resources for which authorization has already been performed in accordance with the path or location information in the resource list.