one of the documented procedures in this installation of the ACS
im_user_is_authorized_p   db   user_id   { second_user_id "0" }
What it does:
Returns 1 if a the user is authorized for the system. 0 Otherwise. Note that the second_user_id gives us a way to say that this user is inded authorized to see information about another particular user (by being in a common group with that user).
Defined in: /web/philip/tcl/intranet-defs.tcl

Source code:

    set authorized_p [database_to_tcl_string $db  "select decode(count(1),0,0,1) 
               from user_group_map 
              where user_id=$user_id 
                and (group_id=[im_employee_group_id $db]
                     or group_id=[im_authorized_users_group_id $db])"]
    if { $authorized_p == 0 } {
	set authorized_p [im_is_user_site_wide_or_intranet_admin $db $user_id]
    if { $authorized_p == 0 && $second_user_id > 0 } {
	# Let's see if this user is looking at someone else in one of their groups...
	# We let people look at other people in the same groups as them.
	set authorized_p [database_to_tcl_string $db  "select decode(count(1),0,0,1)
                   from user_group_map ugm, user_group_map ugm2
                  where ugm.user_id='$user_id'
                    and ugm2.user_id='$second_user_id'
                    and ugm.group_id=ugm2.group_id"]
    return $authorized_p