If you are working with SQL Server, the Adventure Works DB, if I remember correctly, has an example of a table that you can set up to use with a recursive query, similar to this:
Where you list all the menu options, then using ParentMenu indicate which Sub Menu Item belongs to which Main Menu option. When I created this I was going to create more than one table, but then remembered the whole ParentMenu concept, so the ID column name will change to MenuID.
EDIT:
I decided to add a menu numbering system as well, because the primary ID numbers may get wonky.
CREATE TABLE [Menus].[MenuSystem](
[MenuID] [int] IDENTITY(1,1) NOT NULL,
[MenuName] [nvarchar](50) NOT NULL,
[DisplayName] [nvarchar](50) NOT NULL,
[DisplayOrder] [int] NOT NULL,
[ParentMenu] [int] NOT NULL,
[MenuNumber] [int] NOT NULL,
CONSTRAINT [PK_MainMenu] PRIMARY KEY CLUSTERED
(
[MenuID] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON, OPTIMIZE_FOR_SEQUENTIAL_KEY = OFF) ON [PRIMARY]
) ON [PRIMARY]
GO
ALTER TABLE [Menus].[MenuSystem] ADD CONSTRAINT [DF_MenuSystem_ParentMenu] DEFAULT ((0)) FOR [ParentMenu]
GO
EDIT:
Is it possible to send a session property to a project script to determine which menu values are available to an authorized user? Or would it be better to setup a table with the roles and menu items and just query that?
I don't see another way to dynamically enforce security without a lot of IF statements.