All, I have followed the wiki documentation to set up jmx and web console security. All is good till this point. Is it possible to have a bit more granular level security? That is, user depending upon the role, can "browse", "invoke" or "no access" the MBeans? With the current setup, once if user logs in, he'll can do whatever he likes (like stoppingDelivery on a MDB or killing a service etc). Any pointers? Thanks Madhu View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4049678#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...