Defining security roles to RACF

In RACF, deployed security roles are managed as general resources. To define the deployed security roles, define profiles in the GEJBROLE or EJBROLE resource classes, with appropriate access lists.

For example, to use the following commands to define deployed security roles deployed_security_role_1and deployed_securityrole_2 as members of the securityrole_group profile in the GEJBROLE class, and give READ access to user1 and user2:
RDEFINE GEJBROLE securityrole_group UACC(NONE)
                 ADDMEM(deployed_security_role_1, deployed_securityrole_2, ...)
                 NOTIFY(sys_admin_userid)
PERMIT securityrole_group CLASS(GEJBROLE) ID(user1, user2) ACCESS(READ)  
Alternatively, use the following commands to define deployed security roles in the EJBROLE class, and to give users READ access to each deployed security role:
RDEFINE EJBROLE (deployed_security_role1, deployed_security_role2, ...) UACC(NONE)
                 NOTIFY(sys_admin_userid)
PERMIT deployed_security_role1 CLASS(EJBROLE) ID(user1, user2) ACCESS(READ)
PERMIT deployed_security_role2 CLASS(EJBROLE) ID(user1, user2) ACCESS(READ)
Note:
  1. The security role you specify is the deployed security role, and not the unqualified security role which is defined in the deployment descriptor.
  2. To execute a bean method, or to receive a true response from the isCallerInRole() method, a user requires READ access.