4.23 - Create a Static Separation of Duty (SSD) Set

SDSet createSsdSet(SDSet ssdSet) throws SecurityException

This command creates a named Static Separation of Duty (SSD) set of roles and sets the cardinality n of its subsets that cannot have common users.

The command is valid if and only if:

  • The name of the SSD set is not already in use.
  • All the roles in the SSD set are members of the ROLES data set.
  • n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
  • The SSD constraint for the new role set is satisfied.

This method:

  • Adds new SSD set.
  • Affects admin time role assignments.

required parameters:

  • SDSet#name - contains the name of SSD set to be created.
  • Type of SD Set - ‘STATIC’ (automatically set via this method).

optional parameters:

  • SDSet#members - multivalued attribute contains the RBAC Role names to be added to this set.
  • SDSet#cardinality - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set.
  • SDSet#description - contains any safe text.


  • SecurityException - thrown in the event of data validation or system error.


import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.AdminMgrFactory;
import org.apache.directory.fortress.core.model.SDSet;
import org.apache.directory.fortress.core.SecurityException;

public static void testCreateSsdSet()
    String szLocation = ".testCreateSsdSet";
        AdminMgr adminMgr = AdminMgrFactory.createInstance();
        SDSet inSsdSet = new SDSet();
        inSsdSet.setName( "mySsdSetName" );
        inSsdSet.setDescription( "Test static separation of duty set" );
        // Use existing role names:
        inSsdSet.addMember( "role1" );
        inSsdSet.addMember( "role2" );
        // Users may only be assigned one of the roles in this set:
        inSsdSet.setCardinality( 2 );
        SDSet outSsdSet = am.createSsdSet( inSsdSet );
    catch (SecurityException ex)
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);