You can define user roles for your app and then use those roles to restrict access to modules, views and fields. At runtime, the login procedure can send the list of available roles and the server can mark which are valid for this user. It is important to remember that this will hide the UI so it is important for the Data Service to not send any data over the wire that the user is not authorized to see.