Hi, not sure myself, but it seems that the runas role is being applied before the rolesallowed is checked, hence the call will be denied. If I add the InternalGroup to Rolesallowed, it's OK
-- View this message in context: http://openejb.979440.n4.nabble.com/Tomee-and-security-role-mapping-tp4663567p4663670.html Sent from the OpenEJB User mailing list archive at Nabble.com.
