4.34 - Disable Role Constraint

public void disableRoleConstraint( Role role, RoleConstraint roleConstraint ) throws SecurityException;

This method disables a role from being constrained by attributes.

The function is valid if and only if:

  • The role is a member of the ROLES data set.
  • The role has previously been enabled by a member in the ROLE CONSTRAINTS data set.

Required Parameters:

  • Role#name - contains the name of a Role.
  • RoleConstraint#type - type of role constraint: [USER, FILTER, OTHER].
  • RoleConstraint#key - the name of an attribute set targeted for the User-Role.


  • SecurityException - is thrown if user is not allowed to activate or runtime error occurs with system.


import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.AdminMgrFactory;
import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.model.Role;
import org.apache.directory.fortress.core.model.RoleConstraint;

public static void testDisableRoleConstraint( Role role, String key )
    String szLocation = ".testDisableRoleConstraint";
        AdminMgr adminMgr = AdminMgrFactory.createInstance();
        RoleConstraint constraint = new RoleConstraint();
        constraint.setKey( key );
        RoleConstraint out = adminMgr.disableRoleConstraint( role, constraint );
    catch ( SecurityException ex )
        LOG.error( szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex );
        fail( ex.getMessage() );