You can use the Application Deployment Descriptor editor to define security roles for your enterprise applications.
A security role is a logical grouping of principals. Access to operations (such as EJB methods) is controlled by granting access to a role. You can grant access to users individually or in groups.
For each security role that you define in the deployment descriptor editor, a <security-role> element is added to the application.xml file.
To add security roles using the Application Deployment Descriptor editor: