Implementing security roles

Access to enterprise bean methods is based on the concept of security roles. These are described in Security roles.

To implement the use of security roles in a CICS® enterprise bean environment, you must:
  1. Determine which security roles are defined in the application's deployment descriptor.
  2. Determine the display names associated with the security roles in the application's deployment descriptor. The display name qualifies the security role at the application level.
  3. Decide whether you need to qualify the security role name at the system level, and — if you do — the value of the prefix which you will use in each system where the application executes.
  4. Using the information gathered in steps 1 through 3, determine the names of the deployed security roles used by the application in each system. Characters in the security role and display name that do not have a direct equivalent in EBCDIC code page 37 (and some other characters) must be replaced with a different character or an escape sequence when constructing the deployed security role. See Character substitution in deployed security roles for more information.
  5. Using the information gathered in steps 1 through 3, define RACF® profiles for the deployed security roles. See Defining security roles to RACF for more information.
  6. Associate individual users or groups of users with each deployed security role in RACF. See Defining security roles to RACF for more information.
  7. Specify these system initialization parameters:
    • SEC=YES
    • XEJB=YES. This is the default value, so you do not need to specify it explicitly.
  8. For those systems where the deployed security roles contain a system level qualifier (see step 3), specify the EJBROLEPRFX system initialization parameter.