4.27 - Add Static Separation of Duty (SSD) Set Member

SDSet addSsdRoleMember( SDSet ssdSet, Role role ) throws SecurityException;

This command adds a role to a named SSD set of roles. The cardinality associated with the role set remains unchanged.

The command is valid if and only if:

The SSD role set exists.
The role to be added is a member of the ROLES data set but not of a member of the SSD role set.
The SSD constraint for the new role set is satisfied.

This method:

Adds a member to an existing SSD set.
Affects admin time role assignments.

required parameters:

SDSet#name - contains the name for the Set to be modified.
Type of SD Set - ‘STATIC’ (automatically set via this method).
Role#name - of new set member.

Throws:

SecurityException - thrown in the event of data validation or system error.

addSsdRoleMember

import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.AdminMgrFactory;
import org.apache.directory.fortress.core.model.SDSet;
import org.apache.directory.fortress.core.model.Role;
import org.apache.directory.fortress.core.SecurityException;

@test
public static void testAddSsdRoleMember()
{
    String szLocation = ".testAddSsdRoleMember";
    try
    {
        AdminMgr adminMgr = AdminMgrFactory.createInstance();
        SDSet inSsdSet = new SDSet();
        // existing set name:
        inSsdSet.setName( "mySsdSetName" );
        // existing role name:
        Role inRole - new Role( "role1" );
        SDSet outSsdSet = am.addSsdRoleMember( inSsdSet, inRole );
    }
    catch (SecurityException ex)
    {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

4.26 - Delete a Dynamic Separation of Duty Set

4 - Fortress Code Samples

4.28 - Delete SSD Set Member

Fortress

Downloads

Documentation

Support

Community

About Apache

4.27 - Add Static Separation of Duty (SSD) Set Member

addSsdRoleMember