You need to have a security-role-ref that maps to a security-role in the ejb-jar.xml descriptor to get rid of the warning.
There are no security roles in the ejb-jar.xml, because I have set the ejb:permission to unchecked = true or false
and additionally I am using a security proxy:
@jboss.security-proxy name = ....
I do not want to have any reference to roles in the ejb-jar.xml, because the roles are hold in a database table (and used by the databaseServerLogonModule).
Then ignore the warning. You are going beyond the standard security model.