SGM Any idea if this role-level access to portlets can be setup at a more granular user-level. Making it role-based like you have illustrated can be achieved declaratively since roles do not get added that often. However, user-level access can be implemented only through a more dynamic database or LDAP lookup I believe. Say for example I have two users in my system both of who are mapped to the Admin-role. However, I want to restrict one of the admins from viewing certain portlets. One may think that creating a new role is the option. Fair enough if the role were only "Admin" because no. of admins usually is limited but the moment you want to implement it for role "User" the solution does not scale. Any thoughts on how one can achieve this ? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4086827#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...