What does the source for your rule look like? It should be something like this: rule IsUserSuperUser | no-loop | activation-group "permissions" | when | check: PermissionCheck(name == "rolecheck", action == "super-user", granted == false) | Role(name == 'super-user') | then | check.grant(); | end In this case the expression would be hasPermission('rolecheck', 'super-user', null). View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4091287#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...