Method groups are categories of methods, created for the purpose of assigning permissions for the method group as a whole. For example, you can place read-only methods into one group and read-write methods into another, and then allow everyone to execute the read-only methods but restrict access to the read-write methods to a subset of users. It is easier to manage authorization on a set of methods than on each method individually, especially when the number of methods grows.
Technically, a method group is a named collection of (resource-method) pairs. Resources are represented by Web resources (for example, a Web resource configured for a particular servlet), and methods are methods within the resource.
Method groups are created explicitly by an administrator, although WebSphere Application Server provides a set of six predefined groups, and it provides a default mechanism for categorizing methods. Administrators can use the default categorizations and refine them, or they can create other method groups explicitly.
A method in a resource can be associated with multiple method groups, but each method must belong to at least one method group. Applications (Web and enterprise) can have many method groups associated with them.
For example, suppose the administrator wants to grant the user mickey access to any read-only methods in an application, but deny him access to any write methods in an application.
The administrator can place some or all of the read-only methods in a method group and assign mickey permission to use any of the methods in the group. That is much simpler than specifying explicitly, for each method, to give mickey access to the method.