I've noticed something odd when dealing with roles, but not sure if it's just me, or a known issue. I finally got Weblogic to authenticate users through Active Directory (woo hoo!). I have a set of roles defined, but that's where the problem comes in. I can't seem to add a group name to a role unless that group is defined in Weblogic. Not only that, but if that group does not have a user assigned to it, I can't add the group to the role. I'd like to be able to create roles that are assigned groups from AD, not ones defined in Weblogic. Is there a way to do this? I'd hate to have to create bogus users and groups just to allow proper authentication and role assignment to occur. For instance, my account is in a group called analyst in AD. I have a role called Analyst, which states that members of the analyst group are assigned that role. This works when logging in with my AD account, but I have to create an analyst group in Weblogic, also, AND put a dummy user into the group. Kinda silly. If anyone has experienced this, or might know what I am doing wrong, I'd appreciate the help. Thanks!