You could do it any number of ways. It depends on your database structure and user experience you want to support. I usually use a single table with a user group column that identifies the type of user. I save the user group in the session on login and then I can create a security assist rule checking the group before giving access to administrative pages.