4.28 - Delete Static Separation of Duty (SSD) Set Member

SDSet deleteSsdRoleMember( SDSet ssdSet, Role role ) throws SecurityException;

This command removes a role from a named SSD set of roles. The cardinality associated with the role set remains unchanged.

The command is valid if and only if:

  • The SSD role set exists.
  • The role to be removed is a member of the SSD role set.
  • The cardinality associated with the SSD role set is less than the number of elements of the SSD role set.

This method:

  • Removes a member from an existing SSD set.
  • Affects admin time role assignments.

required parameters:

  • SDSet#name - contains the name of Set to be modified.
  • Type of SD Set - ‘STATIC’ (automatically set via this method).
  • Role#name - of set member targeted for removal.


  • SecurityException - thrown in the event of data validation or system error.


import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.AdminMgrFactory;
import org.apache.directory.fortress.core.model.SDSet;
import org.apache.directory.fortress.core.model.Role;
import org.apache.directory.fortress.core.SecurityException;

public static void testDeleteSsdRoleMember()
    String szLocation = ".testDeleteSsdRoleMember";
        AdminMgr adminMgr = AdminMgrFactory.createInstance();
        SDSet inSsdSet = new SDSet();
        // existing set name:
        inSsdSet.setName( "mySsdSetName" );
        // existing role name:
        Role inRole - new Role( "role1" );
        SDSet outSsdSet = am.deleteSsdRoleMember( inSsdSet, inRole );
    catch (SecurityException ex)
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);