4.27 - Add Static Separation of Duty (SSD) Set Member

SDSet addSsdRoleMember( SDSet ssdSet, Role role ) throws SecurityException;

This command adds a role to a named SSD set of roles. The cardinality associated with the role set remains unchanged.

The command is valid if and only if:

  • The SSD role set exists.
  • The role to be added is a member of the ROLES data set but not of a member of the SSD role set.
  • The SSD constraint for the new role set is satisfied.

This method:

  • Adds a member to an existing SSD set.
  • Affects admin time role assignments.

required parameters:

  • SDSet#name - contains the name for the Set to be modified.
  • Type of SD Set - ‘STATIC’ (automatically set via this method).
  • Role#name - of new set member.


  • SecurityException - thrown in the event of data validation or system error.


import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.AdminMgrFactory;
import org.apache.directory.fortress.core.model.SDSet;
import org.apache.directory.fortress.core.model.Role;
import org.apache.directory.fortress.core.SecurityException;

public static void testAddSsdRoleMember()
    String szLocation = ".testAddSsdRoleMember";
        AdminMgr adminMgr = AdminMgrFactory.createInstance();
        SDSet inSsdSet = new SDSet();
        // existing set name:
        inSsdSet.setName( "mySsdSetName" );
        // existing role name:
        Role inRole - new Role( "role1" );
        SDSet outSsdSet = am.addSsdRoleMember( inSsdSet, inRole );
    catch (SecurityException ex)
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);