So far, we have shown how to add simple user-based security into an application so that only authorized users (that is, those with a valid username and password) can log in to the system.
However, in real world systems, we need a finer level of granularity so that certain sets of users can perform certain sets of actions, and indeed certain sets of users cannot perform certain actions.
A system of user roles allows this type of functionality, where a role is a set of permissions or actions that a user can achieve.
To implement user roles within Seam, we can store the user roles within a relational database using JPA. To implement user roles, we need to follow a similar process to that of defining users:
Implement a role class
Add required Seam annotations
Assign a set of roles to a user