Ok, I've improved the experiment. AD hierearchy is OPENKM_ROLE has member groups: OPENKM_ROLE_ADMIN, OPENKM_ROLE_USER and OPENKM_ROLE_OTHER Charlie is a member of OPENKM_ROLE_OTHER Mike is a member of OPENKM_ROLE_OTHER and OPENKM_ROLE_USER Both can log in ok and subscribe to a doc, but when Admin mo...