How many instances of the class you instantiate, you get the same code and the same logic and is applicable to all instances...
Srini,
Think of 'instance-level' security as fine grained security logic that is coded based on the 'values' of instance variables (for entity and stateful session beans) or method parameters (for stateless session beans).
Here is a very trivial example:
The above is an example of instance-level security. It does not allow anyone in 'restrictedCustomer' role to have more than 10 items in shopping cart. This security policy may not apply for another instance for the same bean because its 'state' may be different. This type of fine-grained business rules based security policy is difficult to specify in an instance agnostic way.
SCJP, SCWCD, SCBCD, OCA J8