The security roles that are permitted to execute a bean method are also specified in the bean's deployment descriptor, again by the application assembler. In the example, methods which update the hours worked by employees each week might be assigned to the data_entry role, while methods which delete an employee from the payroll might be assigned to the team_leader role.
team_leader
payroll.team_leader
test.payroll.team_leader
The mapping of security roles to individual users is done in the external security manager. The mapping is not necessarily one-to-one. For example, several users might be assigned to the data_entry role, while a some users might be assigned to both the team_leader role and the data_entry role. For more information, see Implementing security roles.
The security role and display name in the deployment descriptor can contain any ASCII or Unicode character. This is not so for names used in RACF®, which are restricted to characters in EBCDIC code page 037. In addition, some characters — the asterisk (*) for example — have special meaning when used in RACF commands. Therefore, when CICS constructs the deployed security role from its components, some characters are replaced with a different character, and others are replaced with an escape sequence. For details, see Character substitution in deployed security roles.