&quot;shane.bryzak(a)jboss.com&quot; wrote : You can place a element within a element inside pages.xml, like this: | | <page view-id="/orderDetail.xhtml"> | | <restrict>#{s:hasRole('admin')}</restrict> | | </page> What is the recommended alternative implementation strategy to hard-coding the role(s) like above in pages.xml? for example, storing the role information in a RDBMS table so that we can update role data real-time and users are granted roles when they begin a new session. Is it even necessary to do this? the argument bein that roles for page level access do not change frequently enough to need real-time updates? Also, is it sufficient in most cases to use s:hasRole for component level restriction on JSF's instead of using s:hasPermission? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4123159#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...