Access to enterprise bean methods is based on the concept of security
roles. These are described in Security roles.
To
implement the use of security roles in a CICS® enterprise bean environment, you must:
- Determine which security roles are defined in the application's
deployment descriptor.
- Determine the display names associated with the security roles in the
application's deployment descriptor. The display name qualifies the security
role at the application level.
- Decide whether you need to qualify the security role name
at the system level, and — if you do — the value of the prefix which you will
use in each system where the application executes.
- Using the information gathered in steps 1 through 3, determine the names of the deployed security
roles used by the application in each system. Characters in the security role
and display name that do not have a direct equivalent in EBCDIC code page
37 (and some other characters) must be replaced with a different character
or an escape sequence when constructing the deployed security role. See Character substitution in deployed security roles for more information.
- Using the information gathered in steps 1 through 3, define RACF® profiles for the deployed security
roles. See Defining security roles to RACF for more information.
- Associate individual users or groups of users with each deployed security
role in RACF. See Defining security roles to RACF for more information.
- Specify these system initialization parameters:
- SEC=YES
- XEJB=YES. This is the default value, so you do not need
to specify it explicitly.
- For those systems where the deployed security roles contain a system level
qualifier (see step 3), specify the EJBROLEPRFX system initialization
parameter.