This'll be my second time doing a CMS and Inventory Management app for my client. This particular client wants it all to be online. Instead of a desktop app, like I did with my previous client. Which is fine I guess, however I'm a little concerned about the security stuff... What if it gets hacked? He basically wants to be able to manage, view, create new and edit existing orders via his website from an "Admin" type interface after he logs in as an Admin, so obviously I'm going to need Roles.
But is this common or normal practice? The website isn't an intranet, or hosted locally, it's remotely hosted.
Yes, its very normal all of my websites have admin interfaces that allow access to just about everything with the proper credentials.
A word of caution however: If you are not sure what you are doing, I'd be very careful about accepting/storing credit cards or other sensitive information(SSN's medical data etc) . Its easy to screw up, and if that stuff get hacked, you may have some serious legal problems to deal with. Consider hiring someone with the right experience to help with security.