Thanks for the reply! Using the Management portlet yielded mixed results. I ended up making the portlets disappear altogether! Besides, my goal is to get the config files (portlet.xml, portlet-instances.xml, and *-object.xml) to where they completely specify the configuration without needing to use the Management portlet. To clarify the objects to which I've applied security, I've specified security settings for both a new portal of my own and on new pages within the default portal. Neither of them seem to work as I expect. As a simple test, I removed all security constraints in portal-instances.xml and *-object.xml, deployed those files, deleted the data, log, tmp, work directories, and started the server. But every portlet has the You must login before you can view this.Click here message! I really don't understand. Every object is set to <if-exists>overwrite</if-exists> Hopefully what I meant by "unsecure" is clearer. I don't want to have to login to see the content of any particular portlet. Note that at one point, I had them "unsecured." But somehow I can't get back to that point. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3997697#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...