This works awesome though, thanks again! S.D. "shane.bryzak(a)jboss.com" wrote : What does the source for your rule look like? It should be something like this: | | rule IsUserSuperUser | | no-loop | | activation-group "permissions" | | when | | check: PermissionCheck(name == "rolecheck", action == "super-user", granted == false) | | Role(name == 'super-user') | | then | | check.grant(); | | end | | In this case the expression would be hasPermission('rolecheck', 'super-user', null). View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4091307#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...