>Well, I was thinking if the end user wants to give a higher resolution on what to allow and what not, he/she could add flags corrosponding with new user groups in the active directory. this would make the security setup of the app very flexible.

If you need that then a pure table based solution may be the way to go (in which case dragging you down the enum route was a mistake :-{ )

IIRC, the Mere Mortals framework has something like this available 'out-of-the-box' including a mode that allows an 'Administrator' mode when displaying a form at runtime to allow setting permissions down to individual control level.
Been a while since I looked at it - someone else might confirm. But it might be worth looking at....