4.13 - Add Permission

Permission addPermission(Permission perm) throws SecurityException

This method will add permission operation to an existing permission object. The perm operation entity may have Role or User associations. The target Permission must not exist prior to calling. A Fortress Permission instance exists in a hierarchical, one-many relationship between its parent: (PermObj->Permission).

required parameters:

  • Permission#objName - contains the name of existing object being targeted for the permission add
  • Permission#opName - contains the name of new permission operation being added

optional parameters:

  • Permission#roles * - multi occurring attribute contains RBAC Roles that permission operation is being granted to
  • Permission#users * - multi occurring attribute contains Users that permission operation is being granted to
  • Permission#props * - multi-occurring property key and values are separated with a ‘:'. e.g. mykey1:myvalue1
  • Permission#type - any safe text


  • perm - must contain the object, org.apache.directory.fortress.core.model.Permission#objName, and operation, Permission#opName, that identifies target along with optional other attributes.


  • copy of Permission entity


  • SecurityException - thrown in the event of perm object data or system error.


import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.AdminMgrFactory;
import org.apache.directory.fortress.core.ReviewMgr;
import org.apache.directory.fortress.core.ReviewMgrFactory;
import org.apache.directory.fortress.core.model.Permission;
import org.apache.directory.fortress.core.SecurityException;

public static void testAddPermission(String objName, String operation)
    String szLocation = ".testAddPermissions";
        AdminMgr adminMgr = AdminMgrFactory.createInstance();
        // The Permission entity is associated with PermObj (name) entity and is uniquely identified by Operation name:
        Permission inPerm = new Permission(objName, operation);

        // The Permission entity will be a child node of specified PermObject entity.

        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance();

        // now read the newly created Permission entity back.
        Permission outPerm = reviewMgr.readPermission(inPerm);

        // Do some validations.
        assertTrue(szLocation + " failed permission check", outPerm.equals(inPerm));
        LOG.info(szLocation + " permission object [" + outPerm.getObjName() + "] operation name [" + outPerm.getOpName() + "] success");
    catch (SecurityException ex)
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);