Fortress
Downloads
Documentation
- Overview
- Installation Guide
- JavaDocs
- Users Guide
- Advanced Users Guide
- Coding Standards
- Testimonials
- Developer Guide
Support
Community
About Apache
4.23 - Create a Static Separation of Duty (SSD) Set
SDSet createSsdSet(SDSet ssdSet) throws SecurityException
This command creates a named Static Separation of Duty (SSD) set of roles and sets the cardinality n of its subsets that cannot have common users.
The command is valid if and only if:
- The name of the SSD set is not already in use.
- All the roles in the SSD set are members of the ROLES data set.
- n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
- The SSD constraint for the new role set is satisfied.
This method:
- Adds new SSD set.
- Affects admin time role assignments.
required parameters:
- SDSet#name - contains the name of SSD set to be created.
- Type of SD Set - ‘STATIC’ (automatically set via this method).
optional parameters:
- SDSet#members - multivalued attribute contains the RBAC Role names to be added to this set.
- SDSet#cardinality - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set.
- SDSet#description - contains any safe text.
Throws:
- SecurityException - thrown in the event of data validation or system error.
createSsdSet
import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.AdminMgrFactory;
import org.apache.directory.fortress.core.model.SDSet;
import org.apache.directory.fortress.core.SecurityException;
@test
public static void testCreateSsdSet()
{
String szLocation = ".testCreateSsdSet";
try
{
AdminMgr adminMgr = AdminMgrFactory.createInstance();
SDSet inSsdSet = new SDSet();
inSsdSet.setName( "mySsdSetName" );
inSsdSet.setDescription( "Test static separation of duty set" );
// Use existing role names:
inSsdSet.addMember( "role1" );
inSsdSet.addMember( "role2" );
// Users may only be assigned one of the roles in this set:
inSsdSet.setCardinality( 2 );
SDSet outSsdSet = am.createSsdSet( inSsdSet );
}
catch (SecurityException ex)
{
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}