JBoss development, A new message was posted in the thread "How to impose role based security through management objects/profile service": http://community.jboss.org/message/519055#519055 Author : John Mazzitelli Profile : http://community.jboss.org/people/mazz Message: -------------------------------------------------------------- I can tell you how JON does it. The security model is wrapped around the abstract management model (in other words, JON relies on its own security mechanism, as opposed to relying on JBossAS security to do things like prohibit invoking operations or configuring things - this is how JON allows for the same security model to secure all types of managed resources in a generic way).   http://rhq-project.org/display/JOPR2/Security+Model   That link shows the different times of security permissions you can get. So, its possible you can view a resource but you can't do things like configure it or run operations on it. But again, this is at a layer above JBossAS (its at the management platform layer).   I'm not sure if this is helpful, but that's what it is wrt JON. -------------------------------------------------------------- To reply to this message visit the message page: http://community.jboss.org/message/519055#519055