Hi Jeff, Yes you can have more than one security-domain in an ear. However, you need to make sure that the roles that intersect the two security domains are defined in each. In other words, if EJB A in security domain A needs to communicate with EJB B in security domain B, then the run-as role defined for A must match that required by B. AFAIK! cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959109#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...