Regarding Portal page permissions, add the following to each page entry: <page> | . . . | <security-constraint> | <policy-permission /> | </security-constraint> | </page> You have to explicitly give an empty permission or the default (Unchecked, viewrecursive) is applied. Regarding portlet permissions, you cannot set permissions on a portlet window (actually you can, the Managament Portlet will let you, but the portal ignores the setting). Instead, set the permission on the portlet instance. To do this, in the Management Portlet, click on the Instances link at the top of the portlet window, then scroll through the list of instances until you find the instance for Portlet A, click the instance link (not the portlet link!) then click on Security at the right side of the window. Then you can set the security (only view access shows up for the various roles). (Wish I could post a screen shot...) View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3990131#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...