I am developing a model on OSB with EJB transport. I have a remote ejb and I can able to access it through ejb client from proxy service. I have few methods that EJB was implementing. Now, I want to secure my proxy service (I am thinking of UserNameToken policy). My question is depending on the username can we give access to the users? For example there are 10 methods in EJB, if User A calls the proxy service he can access all the 10 methods, if User B calls the proxy service he can access 1-5 methods and User C can access 6-10 methods. Is there any way that I can implement this in OSB? Please help me. Thanks in advance..