Technically "doable" Craig is spot on mentioning multiple groups. Unless there is an admin with positive interest in your app it might not be advisable ;-))
But why not give basic secured access to your app via AD and restrict visible area (site #?) via login name ?

>Thank you very much. The more I learn about this process/approach the more I think it won't fly (in this particular organization). Back to the encryption or hash approach.
>
>>You could do this in the application or in AD. If done in AD, there would be multiple groups for your application. You could query AD to determine which groups the user is in and expose functionality that way.
>>
>>
>>>This explains some things. Thank you.
>>>
>>>But in my application a user would have to be assigned to a specific area of the application, by the application Administrator. The customer wants this to be transparent to the user. That is, when user John Smith loads the application, the value of "Site Number" (hidden from the user in a table) is set to the application object. And based on this Site Number the user will have a restricted access. Therefore, if AD is the way to go, I would need to give the VFP Administrator a tool to set each user (from AD) to a Site. Maybe this is not possible; this is why I am asking.