Did you want all four portlets on the same page or on different pages? For different pages, set it up as follows: Object RoleA RoleB Unchecked | Page1 view -none- -none- | Portlet1 -none- -none- view | Portlet2 -none- -none- view | Page2 -none- view -none- | Portlet3 -none- -none- view | Portlet4 -none- -none- view Or you could do: Object RoleA RoleB Unchecked | Page1 view -none- -none- | Portlet1 view -none- -none- | Portlet2 view -none- -none- | Page2 -none- view -none- | Portlet3 -none- view -none- | Portlet4 -none- view -none- If you want all four portlets on the same page: Object RoleA RoleB Unchecked | Page1 view -none- -none- | Portlet1 view -none- -none- | Portlet2 view -none- -none- | Portlet3 -none- view -none- | Portlet4 -none- view -none- And as Julien mentioned, the security on the portlets is done at the instance level, not on the window level. Finally, in jboss-portal.sar/conf/config.xml, change the value of the core.render.window_access_denied entry to 'hide': <entry key="core.render.window_access_denied">hide</entry> Without this final change, in the single page scenario the users will see errors for the portlets they are not allowed to view. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3974044#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...