Adding to what Solutioner has said, you need to De-Activate the Before Query BRs that are currently working for the Roles for your Configuration to Work Properly.

Having said that, i think granting access to Modules, Applications is best done through Roles.

Thanks,

Subhajit

2 ways :

1. Write a UI script and use DOM object to hide / unhide modules

2. See the solution I gave in below post.

Want to hide a module under "Self-Service" app if user has a specific domain

Regards,

Bhavesh

http://www.igate.com

Hide Application or Module

Table: Application Menu [sys_app_application] or Module[sys_app_module]

When: before

Query = true

if(!gs.getUser().isMemberOf('Group A') && !gs.getUser().isMemberOf('Group B') && !gs.getUser().isMemberOf('GroupC') && !gs.hasRole('admin'))

    {

    current.addQuery('sys_id','!=','5212632ced4f5500b14f689a971ad873');//sys_id of the application

    }

Above scripts should hide an application (sys_id =5212632ced4f5500b14f689a971ad873)   or can be used to hide module (change the table you run the BR and the sys_id to that of the module you want to hide) for all users who are not part of Group A or B or C or are not admin