4.11 - Add Permission Object

PermObj addPermObj(PermObj pObj) throws SecurityException

This method will add permission object to perms container in directory. The perm object must not exist before making this call. A PermObj instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: (PermObj->Permission).

required parameters:

  • PermObj#objName - contains the name of new object being added
  • PermObj#ou - contains the name of an existing PERMS OrgUnit this object is associated with

optional parameters:

  • PermObj#description - any safe text
  • PermObj#type - contains any safe text
  • PermObj#props * - multi-occurring property key and values are separated with a ‘:'. e.g. mykey1:myvalue1


  • pObj - must contain the PermObj#objName and PermObj#ou. The other attributes are optional.


  • copy of PermObj entity.


  • SecurityException - - thrown in the event of perm object data or system error.


import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.AdminMgrFactory;
import org.apache.directory.fortress.core.ReviewMgr;
import org.apache.directory.fortress.core.ReviewMgrFactory;
import org.apache.directory.fortress.core.model.PermObj;
import org.apache.directory.fortress.core.SecurityException;

public static void testAddPermObject(String objName, String permOu)
    String szLocation = ".testAddPermObject";
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance();

        // Add the PermObj entity to ldap.  The PermObj entity must have a name and an OrgUnit affiliation.
        adminMgr.addPermObj(new PermObj(objName, permOu));

        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance();
        // now read the newly created Object entity back:
        PermObj outObj = reviewMgr.readPermObj(new PermObj(objName));

        // Do some validations.
        assertTrue(szLocation + " failed obj name check", objName.equals(outObj.getObjName()));
        assertTrue(szLocation + " failed obj ou check", permOu.equals(outObj.getOu()));
        LOG.info(szLocation + " permission object [" + outObj.getObjName() + "] success");
    catch (SecurityException ex)
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);