The rmid exec policy should be checked by the registerGroup and setActivationGroupDesc methods, rather than being checked during activation. As things stand right now, there's no way for the policy to use information (such as authenticated identity) about the client that registered or set the group descriptor. The remote client that happens to be causing the activation is not particularly relevant, and there might not even be a remote client during activation if the group is auto-restarting.