Are the users internal or external? Do you want to restrict by a user ID or by number of users? If by ID, then you would need some sort of verification to a table or by using a cookie perhaps.I am assuming you want to limit access after the application is complete not during the development. If it is to be during development are they are going to be the QC people doing the testing? You can go a few different ways..