In RACF, deployed security roles are managed as general resources. To define the deployed security roles, define profiles in the GEJBROLE or EJBROLE resource classes, with appropriate access lists.
RDEFINE GEJBROLE securityrole_group UACC(NONE)
ADDMEM(deployed_security_role_1, deployed_securityrole_2, ...)
NOTIFY(sys_admin_userid)
PERMIT securityrole_group CLASS(GEJBROLE) ID(user1, user2) ACCESS(READ)
Alternatively, use the following commands to define deployed security
roles in the EJBROLE class, and to give users READ access to each
deployed security role:
RDEFINE EJBROLE (deployed_security_role1, deployed_security_role2, ...) UACC(NONE)
NOTIFY(sys_admin_userid)
PERMIT deployed_security_role1 CLASS(EJBROLE) ID(user1, user2) ACCESS(READ)
PERMIT deployed_security_role2 CLASS(EJBROLE) ID(user1, user2) ACCESS(READ)