Role Name under the <security-role-ref> tag is defined by the Bean Provider whereas the <role-link> is usually defined by the application assembler so, while making ejb-jar.xml file, its not mandatory to fill up the <role-link> tag. Sometime time afterwards, this <role-link> can be added to the DD by Application Assembler.
From what I understand, <role-link> is not really required very often. It's only REALLY needed if there is a naming clash between what one bean producer created and another created. This is because instead of <role-link>, the AA can just re-use whatever the bean producer created in <security-role-ref>, and it will work.
World domination requires a hollowed out volcano with good submarine access. Tiny ads are optional.
SKIP - a book about connecting industrious people with elderly land owners