Authorisation server that allows access to restricted services and files based on a user's authorisation level

590305 Disclosed is a secure portal system (10). The system (10) is comprised of at least one application server (16), a client computer (20) and a portal server (18). The application server (16) is operable to provide a plurality of secure services over a network. The client computer (20) is operable to display a graphical user interface (22). The portal server (18) couples the at least one application server (16) to the client computer (20). The portal server (18) is configured to create a login session with the graphical user interface (22), wherein the login session is associated with one authorisation level of a plurality of authorisation levels. The portal server (18) is also configured to display, on the graphical user interface (22), a service access point (24) for each of the plurality of secure services. The portal server (18) then restricts access to each of the plurality of secure services according to the one authorisation level of the login session. One of the plurality of secure services comprises a storage device that stores a plurality of files, each of the plurality of files having a tag indicating a file authorisation level of its respective file. The portal server (18) is configured to restrict access to the storage device by comparing the authorisation level of the login session with the file authorisation level of each of the plurality of files.