is it a known bug, that the value for the ROLEGROUP colum must be "Roles" ?
With every other configuration for ROLEGROUP the access to a secured recource will always be denied!
(if you use the default query:
select Role, RoleGroup from Roles where PrincipalID='yoda')
Hope this hint will save your time and this "bug"? will be fixed in futur.
This is not a bug. It's the principal group name within the JAAS subject where the role principal is added.