Thanks for your reply. I changed the 's' into a 'z' but that does not make any difference. In the trace/log files I do not see traces about the security constraints. I looked at the PortalDS and noticed that in the table jbp_object_node_sec the action is ok, but the role-name is equal to '__unchecked__'. It seems that the actions-name is updated correctly; but the role-name does not get stored in the database. Do I need to inject additional interceptors or start specific mbean services to configure portlet security? regards, pieter View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3969016#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...