4.14 - Revoke Permission

void revokePermission(Permission perm, Role role) throws SecurityException

This command revokes the permission to perform an operation on an object from the set of permissions assigned to a role. The command is implemented by setting the access control list of the object involved. The command is valid if and only if the pair (object, operation) represents a permission, the role is a member of the ROLES data set, and the permission is assigned to that role.

required parameters:

  • Permission#objName - contains the object name
  • Permission#opName - contains the operation name
  • Role#name - contains the role name


  • SecurityException - Thrown in the event of data validation or system error.


import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.AdminMgrFactory;
import org.apache.directory.fortress.core.model.Role;
import org.apache.directory.fortress.core.model.Permission;
import org.apache.directory.fortress.core.SecurityException;

public static void testRevokePermission(String roleName, String object, String operation)
    String szLocation = ".testRevokePermission";
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance();
        Role inRole = new Role(roleName);
        Permission inPerm = new Permission(object, operation);
        adminMgr.revokePermission(inPerm, inRole);
    catch (SecurityException ex)
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);