System and method for application-level security

Software applications having a hierarchy of functions, sub-function and sub-sub-functions that are made available to one or more clients. The ability of the clients to utilize the various functionality of the applications is controlled by an application security database system (ASDS) which maintains a database of application function hierarchy and client entitlements. The applications consult with the ASDS to determine whether a client'"'"'s user is authorized to perform a requested function and either performs, or fails to perform, the requested function based on the reply from the ASDS. In particular, rules regarding access to proprietary data associated with different functionality are also maintained by the ASDS. The client entitlements are associated with the end-users of the clients not by user name but, rather, by user roles reflecting the business structure of the client.