Does GlassFish v2 support role-based access control?

As discussed in this thread, GlassFish v2 does not support role-based access control. There can be multiple "admin users and passwords," but they are all identical in terms of what they can achieve. An admin user "admin1" can step on another admin user "admin2" and vice versa. That means some kind of understanding and shared norms between users is required – the software does not prevent an innocent developer from making a mistake that might make the server unstable. This situation is being improved in GlassFish v3.

A feature of GlassFish v2 that can help in multi-developer environments is called the personalized admin domain. Every developer group can create a domain, be the owner, and have full and unrestricted access to the server. If you are the owner of the GlassFish domain that contains your production applications, you can own that domain and password sharing is not required. This is a good way to move to production from several staging environments (although a bit round-about, and again, this is being improved in GlassFish v3).

A sample command for creating a personalized admin domain called mydomain2 is:

asadmin create-domain --adminport 4849 --profile cluster mydomain2

The create-domain man page will also be helpful.