A security role is a logical grouping of principals. Access to operations (such as EJB methods) is controlled by granting access to a role. A security role reference is a role name used in a module's code. This role name is then linked to a unique security role name used in the encompassing application.
Security roles are mapped to users or groups during the installation of the application.