I might be way off here, but what can be done about the aspect thing in terms of adding/removing/narrowing mgmt capabilities for an mbean? Like ((AdminRights) o).edit() versus ((ClientRights) o).view(), or even having separate rights on mgmt of mbeans based on aspect, but with the same method signatures?