4.30 - Delete Dynamic Separation of Duty (DSD) Set Member

SDSet deleteDsdRoleMember( SDSet ssdSet, Role role ) throws SecurityException;

This command removes a role from a named DSD set of roles. The cardinality associated with the role set remains unchanged.

The command is valid if and only if:

  • The DSD role set exists.
  • The role to be removed is a member of the DSD role set.
  • The cardinality associated with the DSD role set is less than the number of elements of the DSD role set.

This method:

  • Removes a member from an existing DSD set.
  • Affects (runtime) role activations.

required parameters:

  • SDSet#name - contains the name of Set to be modified.
  • Type of SD Set - ‘DYNAMIC’ (automatically set via this method).
  • Role#name - of set member targeted for removal.


  • SecurityException - thrown in the event of data validation or system error.


import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.AdminMgrFactory;
import org.apache.directory.fortress.core.model.SDSet;
import org.apache.directory.fortress.core.model.Role;
import org.apache.directory.fortress.core.SecurityException;

public static void testDeleteDsdRoleMember()
    String szLocation = ".testDeleteDsdRoleMember";
        AdminMgr adminMgr = AdminMgrFactory.createInstance();
        SDSet inDsdSet = new SDSet();
        // existing set name:
        inDsdSet.setName( "myDsdSetName" );
        // existing role name:
        Role inRole - new Role( "role1" );
        SDSet outDsdSet = am.deleteDsdRoleMember( inDsdSet, inRole );
    catch (SecurityException ex)
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);