To associate authorization data to a user, the security role must be linked to the user.
To do this, update the entry for the specified user in the Users.dmx file located in the %SERVER_DIR%/components/<custom>/data/initial , where <custom> is any new directory created under components that conforms to the same directory structure as components/core , setting the rolename attribute to be the rolename as specified on the SecurityRole table.