The EJB standard accommodates the definition of security roles in the EJB container that may be implemented by the application server. These roles, which are determined by the security credentials (if any) specified in the sas.client.props file, ultimately can be used to determine which EJBs a client (that is, Adapter for Enterprise Javabeans) can access and even which methods on a specific EJB a client can invoke. Any unauthorized attempts to access a restricted EJB will result in runtime exceptions being reported back to the adapter and the adapter runtime. All supported WebSphere versions can be configured to utilize these security features.