Thanks for the reply. Your post makes total sense: sticking to First-Normal form is the ideal, and thus I should have a row in my ROLES table for each username->Role mapping. What is weird though is that in my current application-policy (which uses DatabaseServerLoginModule) my module-option for "rolesQuery" has the following: <module-option name = "rolesQuery">SELECT role_name, role_group FROM __user_roles WHERE user_id=?</module-option> ... and in my __user_roles table I have just one row for each username, and under the role_name column I have a comma-separated list of Roles. I am using this because that's what the jboss docs advised. I guess what is confusing to me is the fact that this still works. So bearing in mind that the comma-separate roles approach works just fine, are there any real benefits to sticking to First-Normal form in this case? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4100086#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...