What else must the developer do to ensure that the intended security goal is achieved()?
A.
Create a user called vip in the security realm
B.
Define a group within the security realm and call it vip
C.
Define a security-role named vip in the development descriptor
D.
Declare a security-role-ref for vip in the deployment descriptor