Note – Users and groups are designated for the entire Enterprise Server, whereas each
application denes its own roles. When the application is being packaged and deployed, the
application species mappings between users/groups and roles, as illustrated in the following
gure.
Users
A user is an individual (or application program) identity that has been dened in the Enterprise
Server. A user can be associated with a group. The Enterprise Server authentication service can
govern users in multiple realms.
Groups
A Java EE group (or simply group) is a category of users classied by common traits, such as job
title or customer prole. For example, users of an e-commerce application might belong to the
customer group, but the big spenders would belong to the preferred group. Categorizing users
into groups makes it easier to control the access of large numbers of users.
FIGURE9–1 Role Mapping
UnderstandingUsers,Groups,Roles,and Realms
Chapter9 • ConguringSecurity 105