Sudha,
I think the only way to figure the problem out for sure is to do a detailed compare on test vs. production configuration, but on the face of it, it sounds suspiciously like a problem we had recently.
LDAP had the right person in the right group & the right permissions asigned to the group, but WebSphere didn't recognise the person as belonging to the group.
If you think this might be your problem too, try setting up the permissions in application.xml for individual users rather than groups. If this fixes it, then
you should go into the 'Advanced LDAP Settings" in the admin cnosole & play around with the values of "Group Member ID Map". "group:member; memberof:member" works for us, but I think it depends what implementation of LDAP you're using (ours is Active Directory).
Good luck!
Louise