Hi Thomas "thomas.heute(a)jboss.com" wrote : If you want them to be admin why don't you add them the admin role ? | Because I later want to integrate the portal with my existing ldap. Instead of adding a new role for every system I attach to my ldap ('admin' for the portal, 'root' for system x, 'administrator' for system y), I want to use already existing roles. "thomas.heute(a)jboss.com" wrote : But you can map this role to any of your business role (see the spec and Java security in general) That was what I was trying to do. Do the examples I posted look sensible? Or did I approach this in all wrongly? The above is what looks right to me, but I don't know much about java security. I did read the reference guide about that topic though, that's how I came up with the above. Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4066885#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...