I have this coded and my final testing with the tck is looking good. I will have this checked in, in few hours. You can review the code then and then give me some feedback. Basically, have a a) central place (JaccPolicy service bean) to create the jacc permissions given the metadata, link the policy configuration to the top-level pc etc. b) security deployer to take care of the service metadata for the Jacc Policy for top-level deployments. c) The component deployers have dependence on the JaccPolicy. Over further iterations, I can get this straight. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3993162#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...