IBM Business Automation Workflow application Java EE roles

IBM® Business Automation Workflow application Java EE roles are application-defined logical constructs, which are bound to specific principals at deployment time. A principal can be a user or a group.

By default, IBM Business Automation Workflow maps many of the Java EE roles to All Authenticated users. If your IBM Business Automation Workflow system is only accessed by a subset of users, for example, from your corporate LDAP, you should create a group that contains all relevant IBM Business Automation Workflow users and assign this group to the roles that are set to All Authenticated users.

Unlike IBM Business Automation Workflow security roles, Java EE roles contain a set of permissions that are specified as constraints. These permissions provide the user or group access to a particular method, bean, or URLs. Role-based authorization in Java EE can be defined by using:

Declarative authorization, which is configured in the web.xml and ejb-jar.xml files.
Programmatic authorization, which uses of the standard Java EE application programming interface.