Raghu, > In the default.psml file for the user "Turbine",I replaced the > word "HelloVelocity" with "RoleBrowser" > and the RoleBrowser portlet was visible when I logged in as Turbine.
What version of Jetspeed are you using? I tested it using CVS head build and the portlet appears but you get an error message "You have no access to this portlet" which is the correct behaviour for this scenario. Do you allow your users to manually edit their psml files? If not, then if RoleBrowser is properly secured in the registry, an ordinary user should never be able to select it in the customizer. > How does this happen when the security reference for the > RoleBrowser as been set as "admin-only" in the xreg file? Unless you manually added a security ref for this entry, such as "user-only", you should not be able to see the content of this portlet. > > What is the purpose of <security role="user"> in the xreg file? > It's there for backwards compatibility - it doesn't do anything right now. > Can the security references in the default.psml (for a > specific user) override the security references in the xreg file > for that particular portlet? Yes. Security references to portlets in your default.psml should only be changed via the portlet customizer. By default, this is disabled. Best regards, Mark Orciuch - [EMAIL PROTECTED] Jakarta Jetspeed - Enterprise Portal in Java http://jakarta.apache.org/jetspeed/ -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
