Protected graphical user interface for role-based application and data access

What is claimed is: 1. A method for controlling access on an endpoint device to at least a portion of an application, the method comprising the steps of: obtaining a default user interface for said application with one or more widget functions associated with said application enabled; generating a mask user interface to update said default user interface using an additional control layer between a user of said application and said default user interface by comparing said one or more widget functions to a privilege configuration for said access, wherein said privilege configuration comprises a specification of one or more of said widget functions that have a disabled status for a particular user role; combining said default user interface and said mask user interface substantially simultaneously with said access to generate a final user interface such that one or more of the widget functions from said default user interface are modified to a disabled status in said final user interface based on said privilege configuration; determining, by an event filter, if one or more user click events generated using said final user interface are associated with a widget function having said disabled status; and preventing, by said event filter, said user click events having said disabled status from being provided to an operating system for further processing, wherein at least one of said steps is carried out by a computing device. 2. The method of claim 1 , wherein said privilege configuration maps one or more of widget functions to roles, tasks to roles, widget functions to endpoints and tasks to times-of-day. 3. The method of claim 1 , wherein said one or more widget functions having said disabled status has a visual indicator illustrating said disabled status. 4. The method of claim 3 , wherein said visual indicator comprises presenting said one or more widget functions having said disabled status with a predefined color or with a semi-transparent display technique. 5. The method of claim 1 , wherein said privilege configuration further comprises a specification of one or more of said widget functions having said disabled status for one or more of: a period of time, for a particular user, for a particular task, for accessing a particular file and for loading of a particular application. 6. The method of claim 1 , wherein said privilege configuration is based on one or more of (i) a policy that maps one or more of said widget functions to one or more user roles; and (ii) one or more policies that map a given role to one or more tasks and map a given task to one or more of said widget functions. 7. A computer program product for controlling access on an endpoint device to at least a portion of an application, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computing device to cause the computing device to perform the following steps: obtaining a default user interface for said application with one or more widget functions associated with said application enabled; generating a mask user interface to update said default user interface using an additional control layer between a user of said application and said default user interface by comparing said one or more widget functions to a privilege configuration for said access wherein said privilege configuration comprises a specification of one or more of said widget functions that have a disabled status for a particular user role; combining said default user interface and said mask user interface substantially simultaneously with said access to generate a final user interface such that one or more of the widget functions from said default user interface are modified to a disabled status in said final user interface based on said privilege configuration; determining, by an event filter, if one or more user click events generated using said final user interface are associated with a widget function having said disabled status; and preventing, by said event filter, said user click events having said disabled status from being provided to an operating system for further processing, wherein at least one of said steps is carried out by a computing device. 8. The computer program product of claim 7 , wherein said privilege configuration maps one or more of widget functions to roles, tasks to roles, widget functions to endpoints and tasks to times-of-day. 9. The computer program product of claim 7 , wherein said one or more widget functions having said disabled status is presented with one or more of a predefined color and a semi-transparent display technique. 10. The computer program product of claim 7 , wherein said one or more widget functions having said disabled status is disabled for one or more of a period of time, for a particular user, for a particular task, for accessing a particular file and for loading of a particular application. 11. The computer program product of claim 7 , wherein said privilege configuration is based on one or more of (i) a policy that maps one or more of said widget functions to one or more user roles; and (ii) one or more policies that map a given role to one or more tasks and map a given task to one or more of said widget functions. 12. A system for controlling access on an endpoint device to at least a portion of an application, said system comprising: a memory; and at least one hardware device coupled to the memory and configured for: obtaining a default user interface for said application with one or more widget functions associated with said application enabled; generating a mask user interface to update said default user interface using an additional control layer between a user of said application and said default user interface by comparing said one or more widget functions to a privilege configuration for said access, wherein said privilege configuration comprises a specification of one or more of said widget functions that have a disabled status for a particular user role; combining said default user interface and said mask user interface substantially simultaneously with said access to generate a final user interface such that one or more of the widget functions from said default user interface are modified to a disabled status in said final user interface based on said privilege configuration; determining, by an event filter, if one or more user click events generated using said final user interface are associated with a widget function having said disabled status; and preventing, by said event filter, said user click events having said disabled status from being provided to an operating system for further processing, wherein at least one of said steps is carried out by a computing device. 13. The system of claim 12 , wherein said privilege configuration maps one or more of widget functions to roles, tasks to roles, widget functions to endpoints and tasks to times-of-day. 14. The system of claim 12 , wherein said one or more widget functions having said disabled status has a visual indicator illustrating said disabled status. 15. The system of claim 14 , wherein said visual indicator comprises presenting said one or more widget functions having said disabled status with a predefined color or with a semi-transparent display technique. 16. The system of claim 12 , wherein said privilege configuration further comprises a specification of one or more of said widget functions having said disabled status for one or more of: a period of time, for a particular user, for a particular task, for accessing a partic