This figure shows you can use a logical name for a role within your bean implementation, and map this logical name to the correct database role or user. The mapping of the logical name to a database role is specified in the OC4J-specific deployment descriptor.

The figure uses a code example and depicts the mapping with two arrows pointing between code elements. 

One arrow goes from <role-link>myMgr</role-link> to <security-role><role-name>myMgr</role-name></security-role>.

The arrow other goes from <security-role><role-name>myMgr</role-name></security-role> to <method-permission><role-name>myMgr</role-name></security-role></method-permission>.