I have gone through many questions in SO on claims. I did not get a clarification and hence this question. Assuming I have a Forms Based Authentication enabled Web app (with claims enabled) and all configurations are fine and the forms user (SQL Stored) "User1" is "able" to login fine.

Given this, my question is

a. We HAVE to somewhere map "User1" to a equivalent SharePoint group / rights inside my claims enabled Intranet site. In other words, i have to say -> User1 (FBA) == Designer thru pre-configuration. Is this correct or is looking up per individual User ID's a wrong practice ?

b. If a "new user gets added to the Forms Based database", then how does claims authentication work as far as that newly added user rights are concerned. Should I have to add "that" user again in my Intranet site?

Sorry if my question looks confused because I am confused.

Cheers

Once the user has been added to the FBA database, they have to be added to a SharePoint group in order to have permissions in SharePoint (Site Settings -> Users and Permissions -> People and Groups).

If you want the user to immediately have permissions in SharePoint after being added to the FBA database, without adding them to a SharePoint group, create a role in the FBA database. Give the role the appropriate permissions under people and groups in SharePoint. After creating a user in the FBA database, assign them to that role. Now you'll be able to login to SharePoint with that user.