Cohesion has a module to store a role-based model for complete access control. Credentials covering basic table operation of Create, Report, Update, and Delete is provided for every single table. Every field gets privileges for View, Edit, Query, and List to control the Cohesion Editor and default table reports.
The roles are defined by giving an access level into each module and the permissions tailored for that access level. Access levels are hierarchical so that if the administrator role does not have it, no other role will, and if the highest use role doesn't have it, no lower role will. This makes it a little easier to manage multiple levels on a given field or table, and it is rare to have to define more that a couple of roles beyond the administrative role.
Every Servlet is also given role level access, although it is possible for any given Servlet to bypass all security checks because it is provided information for public access.
Security is often added as an afterthought or it is done at a very coarse-grained level by partitioning your users and creating two separate applications tailored to each.
Cohesion was originally developed with the goal of providing Software As A Service (SAAS) applications where standing up a database per user group was not practical.
Cohesion has the ability to not only use the role-based security, but to be able to partition a table into overlapping groups to support different groups of users.