"PeterJ" wrote : nollie, your assumption is correct: you have to remove view/view recursive from the portal and set it for every page or portlet instance. | Thanks for your response Peter - that was driving me nuts. I have to say though, that this is the answer I didn't want to hear. The portal I'm working on has over a hundred pages and I'm only interested in securing 2 or 3. Given this permission granting scheme I have to add markup to 100 pages (and all future pages) so that I can hide my admin tools. The security scheme would be fine if one could override at any node. I could have a public portal, allow most of my pages to inherit that, and then put markup on 3 pages to check for the Admin role. Nollie View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4111324#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...