IMHO, this is the deal:
the roles table(file) does not describe only roles, it describes the association between a user and it's roles and the association between a user and a caller principal. In this table(file) there are two categories of associations:
1--A one to one association between an user and a principal: the principal associated with the user here, will be returned by the context.getCallerPrincipal() method call inside a bean.
2--A many to many association between a user and a role. The roles defined by this associations are used in <method-permission> tags from ejb-jar.xml