anonymous wrote : "/" - make readable to all roles including "myRole" except Users and Anonymous | "/MyTopDirectory/TheUsableDirectory" - make readable and writable to "myRole" | | let me know what you get with this setup. | | note: this is essentially the same result you are trying to achieve except its a simpler way to approach it. OK, I understand this is a simpler conf because I don't need to declare again the same rights than the rights already granted in the parent directories. I try and I got the following : - "Create a folder", in "/MyTopDirectory/TheUsableDirectory", for a user with "myRole" ==> exception "access denied" - "Upload a file" : idem But there is another effect I don't understand : "myRole" got read access to "/MyTopDirectory/TheUsableDirectory" and not to other directories where it has not been granted write access. Do I miss something(s) ? I see the second effect because actually I need to get the following : I have also "myRole2" that should have write access on "/MyTopDirectory/TheUsableDirectory2" but not read access to "/MyTopDirectory/TheUsableDirectory" - and vice versa for "myRole" - in fact I have 20 different roles and corresponding "TheUsableDirectoryN". And also "mySupervisor" that has read/write access to all these directories, but not "/" ! I try to not give read access to all roles on "/", granting the read access on "/MyTopDirectory" - I get "access denied" (the exception) immediatly on the CMS administration. (N.B. : anonymous get "access denied" as a gentle message) So what can I do ? I am a bit lost... Thanks a lot for your help. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4115085#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...