Thank you Sohil, So if default portal policy is used, then thirdparty web applications need both roles "Admin" and "Authenticated". And if thirdparty web apps doesn't have the Authenticated role, then portal needs to be reconfigured for correct usage (roles "Admin" and "User" added to security constraints in jboss-portal.sar/portal-server.war/WEB-INF/web.xml) I was little confused because scenario mentioned in reference guide (chapter 21.2.2 ) describes the situation when only "Admin" role is used for "admin" user in jmx-console but not "Authenticated" role. So I was interested if it is bad behaviour or only the inaccuracy in portal documentation. Shouldn't be this mentioned in the doc? Thanks, Marek View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4227686#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...