i gave it a "security-role" and the exclusion disappeared, but it didnt work anyway. | <instance> | <instance-id>CustomerPortletInstance</instance-id> | <portlet-ref>CustomerPortlet</portlet-ref> | <security-constraint> | <policy-permission> | <action-name>admin</action-name> | <role-name>Admin</role-name> | </policy-permission> | <policy-permission> | <action-name>view</action-name> | <role-name>Admin</role-name> | </policy-permission> | <policy-permission> | <action-name>view</action-name> | <role-name>User</role-name> | </policy-permission> | </security-constraint> | <security-role> | <role-name>Admin</role-name> | </security-role> | </instance> | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4218730#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...