Hi Julien, just to summarize your answer and to verify if I understood you correctly 1) There is no role-based declarative security for portlets defined by portlet spec. 2) For local portlets in JBoss Portal it is solved by securing portlet instances. 3) For WSRP, JBoss Portal has no solution currently. Neither propagation of a User id, nor role based access control is solved. If we need something there, we should implement it ourselves. Regards Karin View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4022382#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...