Now that https://jira.jboss.org/jira/browse/JBMESSAGING-1629 is implemented, the SecurityStore does not bypass anymore the permission check for the clustered user. This means that *every address which can be clustered* must add the "cluster.management" role to its address settings for the different permissions. The cluster user is used by management, bridges, cluster connections, etc. This makes the configuration complex: to make sure it works, I'm adding the "cluster.management" role to all permissions types in every address settings... it's not something that is user-friendly. I'm considering backtracking what I've done a little bit and bypass again the cluster user when checking the role in the security store. The cluster user will still be configurable and authenticated as a normal user, but it will be bypassed when checking roles (i.e. it will have all the roles). With this backtracking, the user'd not have to consider the cluster user when assigning the permissions to its addresses. It's something that will be completely internal to JBoss Messaging. wdyt? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4236919#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...