Hi, I am using AS 4.2.2 + portal 2.6.2. I try to configure the CMS Security. I have defined a role : myRole. And various users but I want to define CMS security only with roles. I have defined the following security on the following directories : For all directories, "Administrators" role has the manage permissions and it is the only one to get it. It has also the read and write permissions everywhere but other roles got them sometimes. "/" is readable by all the roles excepted "Users" and "Anonymous". No more permissions on "/". "/MyTopDirectory" is readable by all the roles excepted "Users" and "Anonymous". No more permissions on "/MyTopDirectory". "/MyTopDirectory/TheUsableDirectory" is readable and writable by "myRole". No more permissions on "/MyTopDirectory/TheManagerDirectory". I have also defined a new page with the AdminCMSPortlet to let "MyRole" users access it. But "MyRole" users does not see any directories in this portlet. Just the action menu and get "access denied" or various exceptions if trying to use it. But even a very simple example does not work : - do not give any permissions to "Anonymous" role on "/" directory and give it "read" permissions on "default" directory (no permissions are defined on index.html for any role or user) : Access is denied on the /default/index.html of the CMS portlet home page. If "Anonymous" role has read permissions on "/" directory, it works. So "Any Permissions specified explicitly on the CMS Node overrides the policy inherited via recursive propagation" as indicated in 14.2 chapter of portal reference guide is not working ? Yes, I know, I miss something. I have not found it in documentation or in portal user forum. Thanks a lot for some help. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4113935#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...