21.3.4 Specification of security identities in the deployment descriptor
The Application Assembler should specify the requirements for the caller�s principal management of
enterprise bean invocations by means of the security-identity deployment descriptor element
and as part of the description. If use-caller-identity is specified as the value of the security-
identity element, the caller principal is propagated from the caller to the callee. (That is, the
called enterprise bean will see the same returned value of the EJBContext.getCallerPrincipal()
as the calling enterprise bean.) If the run-as element is specified, a security principal that has
been assigned to the specified security role will be used for the execution of the bean�s methods and will
be visible as the caller principal in the callee.
You can you use-caller-identity or run-as element for make a call to another method in which role.
hope this help...