Now with this change, will need to add a "modeshapeUser", with roles of connect and readonly.   This user/password should be substituted into the datasource ModeShapeDS, not the admin user.

One issue I see with this is that the user is currently allowed to not define an EAP admin user if they're installing on top of EAP. With this change, this feature will have to be removed, and replaced with a check on the specified username in the existing user file. Not a problem, just a change in functionality.

In ER4, the modeshapeUser has roles 'connect' and 'admin'. Is it expected configuration? As it is inconsistent with ER1,ER2,ER3 milestones.

It was incorrect in the beginning to no include "admin" role, for which is needed to create the published areas when publishing files using the ModeShape JBDS tooling.

The modeshape roles were defined by horia for documentation in this bz: https://bugzilla.redhat.com/show_bug.cgi?id=1158561

So the need for "connect" and "admin" were determined to be the only 2 that are needed.  Adding "read-only" just duplicated the permissions already given by the "admin" role.