Let me see if I got this right. to give a module security rights you have to modify the jboss_services.xml to set the permissions for the module. Is this correct? If this is the case this seems very wrong to me. I add a user or group to Nukes as an admin, I should also be able to set module security from inside Nukes.