Thank you for answer. Unfortunatelly it is not enough for me. The problem is that I need to check permission of the current user for any PortalObjectNode instance from within my portlet (my custom navigation portlet). Of course, I can invent my own security-role property of page/window and getting it from my portlet and then check permissions using isUserInRole functionality, but i would not like to reinnvent the wheel. I believe that I can achieve my goal in the same way as it was implemented in org.jboss.portal.core.aspects.controller.PageCustomizerInterceptor.injectTabbedNav() Bu, PageCustomizer has access to PortalAuthorizationManagerFactory, thus to PortalAuthorizationManager for permission checking. PortalAuthorizationManagerFactory pamf = (PortalAuthorizationManagerFactory) JMX.getMBeanProxy(PortalAuthorizationManagerFactory.class, "portal:service=PortalAuthorizationManagerFactory"); Factory and Manager seemed like got OK, but when I use checkPermission() method of the Manager, org.hibernate.HibernateException: Unable to locate current JTA transaction exception is thrown. Do you have any ideas? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4000371#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...