portal hasn't a central system to describe admin roles. It let do to external applications. LDAP has an option 'defaultAdminRole' never used into ldap_identity-config.xml file so it could to be used. But about DB authorization we should to create a new option to know that information. What do you think about a new option 'defaultAdminRole' into identity-config.xml? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4210175#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...