No, actually. The user just adds the module like normal. The default module properties are "AllPermission" but you can specify a more restrictive set in the module.xml file. The reason we went away from signing is that it doesn't really afford any more security - if you have access to the filesystem, you can make the AS run without a security manager anyway.
It is also possible to further restrict permissions using the JDK's default policy mechanism. The effective permissions are the intersection of the module specified permissions and the global policy. But it is designed so that a policy file is not required in the simplest case.
Finally we will have *some* mechanism (not yet determined) to specify a policy that applies to deployments.