If you have configured any security role mapping on your OSGi Composition Unit assets in the WebSphere Application Server, republshing the OSGI application in Rational Application Developer will reset the security role mapping.
If you have configured any security role mapping on your OSGi Composition Unit assets in the WebSphere Application Server, after you make a change in the OSGI application inside the Rational Application Developer and republish the OSGI application, the security role mapping is removed.
If the security roles are defined through the deployment descriptor of the OSGI application, the security roles are still available in the server, only the user, group or special subject mapping is removed.
This is a product design limitation.
Whenever you make any changes in an OSGI application, a new composition unit will be created when you publish your application from the Rational Application Developer to the server. This will overwrite any security role mapping which is set at the composition unit level.
Resolving the problem
You will need to configure the security role mapping every time after you republish from the Rational Application Developer.