tufla- To setup security policy just login as the "admin' user. Once the policy is setup for the respective users/roles, then logout and re-login as those users and test it out. the original 'admin' user is treated as the root and has permission to perform all functions including setting up security policies on nodes. Hence, make sure 'admin' password is properly secured See here for more details: http://wiki.jboss.org/wiki/Wiki.jsp?page=CMS_Security on the semantics of permissions that can be setup on the CMS resources Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4067489#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...