The present invention is a method, system and apparatus for programmatically applied role-based security in a dynamically generated user interface. In accordance with the present invention, a server page can be configured for processing by a server page engine. The server page can include at least one markup language fragment defining a user interface for a first view and an additional markup language fragment defining a link to a second view. A custom tag can be included in the additional markup language fragment to conditionally include the link to the second view only if a role detected for an end user attempting to access the first view also has been defined in a deployment descriptor as an authorized role for accessing the second view. Notably, in a preferred aspect of the invention, the first and second views can be JSPs and the deployment descriptor can be a configuration file for an application framework incorporating the JSPs. In this regard, the application framework can be the Struts framework.