Modifying the main SecurityContext.csv in the aveksa.ear is not recommended due to supportability issues and modifications provided with patches and upgrades.
Defect ACM-72713 has been created to change this feature to generate an error if an existing builtin entitlement is uploaded through the user interface.
It is recommended to not override existing Aveksa application privileges but instead create new ones.
Never upload a full SecurityContext.csv or one changing any existing entitlement(s) through the UI.
The preferred method is to create a new Aveksa entitlement based on a custom role user attribute. In the example of a Role Owner that you want to have read only access, you could create a new entitlement based on a custom role user attribute. In the following example, we are creating a new role Aveksa entitlement called Monitor using the unique SECURE_OBJECT_TYPE,NAME of Role, Monitor:
Create a new unique role custom user attribute using a name other than owner to avoid confusion. In this example we will use Monitor and add it from the UI b navigating to Admin > Attributes > Role > Edit. Note the name of the custom user attribute selected. In this example it is CAU1.
Modify the roles through a collector or manually in the UI to remove the original owner assignment and to propagate the new Role Monitor attribute.
Create a new SecurityContext.csv file with only the header and following entry (and any other new attributes needed for other purposes):