[ https://issues.jboss.org/browse/AS7-4417?page=com.atlassian.jira.plugin.s... ] jaikiran pai commented on AS7-4417: ----------------------------------- AS7 (and even previous versions of AS), "add" the method permission roles. So if you have role1 configured in ejb-jar.xml for foo method and role2 in jboss-ejb3.xml for the same foo method, then the foo method is allowed to be accessed by role1 _and_ role2. That's how it behaves currently. I do see one reason why we might want to change this to treat the roles as "overrides", but at the same time I believe letting this remain the way it is will be more useful since that's how users have been accustomed to this. I had a quick look at your testcase and I believe changing the test to expect the role2Echo method to be accessed by both role1 and role2 should be the right assertion in that test. I'm closing this as not a bug. If you still have concerns or test failures (after that change), then feel free to reopen and add the details. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira