Provided is a method, system, and an article of manufacture for implementing security at a portal server. The portal server provides a client with access to backend applications, where the backend applications are stored at backend servers separate from the portal server. Associated with each backend application are privileges and other security features. The privileges and the security features are stored at a database in the portal server. The portal server receives a request from a client and constructs a list of allowable interactions for a plurality of the backend applications, by consulting the database. The portal server sends a page containing the list of allowable interactions to the client. The client selects an interaction and requests the portal server for a result of the interaction. The portal server requests a backend server to provide the result, and returns the result to the client, along with a set of new allowable interactions for the client to select.