Currently, temporary destinations are assigned the default security configuration when they are created. This means that if I log in as a user who has less permissions than required by the default security configuration, and create a temporary destination, I can't access it afterwards. Something should be done about it. Here are some options: 1) Skip permission checks on temporary destinations. Bad because there's a possibility of DoS attacks if someone guesses the temp destination name. 2) Disallow creating temporary destinations that the logged-in user will not be able to use - doesn't solve the actual problem. 3) Have some configuration mechanism for temporary destination permissions - not sure where it would go, to make it sufficiently flexible. Any ideas? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4055557#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...