This is for the Cookbook.UserAuth2 recipe.

Comparison UserAuth2 vs. AuthUser

Specifying permission settingscentralized in admin tool; user-orienteddistributed over attribute pages; page-oriented
Default policyopen for readingopen to what extent?
Pagelists with protection of read-restricted pagesfaster[1]slower
Adhoc protecting pagesrequires two operations[2]requires one operation

[1] In UserAuth2 there will be only one file access for this user (the user's permission record), with which all pages under consideration are checked against. No multiple file load for each page necessary; rather a number of preg_matches are necessary for each page, the number depending on the complexity of the permission derivation hierarchy (number of patrons, group memberships etc.) only.

Note that for generally open sites, one will probably have $EnablePageListProtect disabled, so this point wouldn't matter.

[2] For UserAuth2 the ad-hoc protection of pages requires two steps done by the administrator: (1) closing away the page in the GuestUsers record, and (2) opening the page for the specific user desired. In AuthUser this can be done with one operation: placing an id: password.