4.36 - Remove Role Constraint

RoleConstraint removeRoleConstraint( UserRole uRole, RoleConstraint roleConstraint ) throws SecurityException;

This method removes a role constraint from the user.

The function is valid if and only if:

  • The user is a member of the USERS data set.
  • The role is a member of the ROLES data set.
  • The user is assigned to the role and has a constraint applied to it.

Required Parameters:

  • UserRole#userId - the userId for an existing User.
  • UserRole#name - contains the name of a Role assigned to the User.
  • RoleConstraint#type - type of role constraint: [USER, FILTER, OTHER].
  • RoleConstraint#key - the name of an attribute set targeted for removal from the User-Role.
  • RoleConstraint#value - contains the value of the role constraint.


  • SecurityException - is thrown if user is not allowed to activate or runtime error occurs with system.


import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.AdminMgrFactory;
import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.model.UserRole;
import org.apache.directory.fortress.core.model.RoleConstraint;

public static void testRemoveRoleConstraint( User user, Role role, String key, String value )
        String szLocation = ".testRemoveRoleConstraint";
            AdminMgr adminMgr = AdminMgrFactory.createInstance();
            UserRole userRole = new UserRole( user.getUserId(), role.getName() );
            RoleConstraint constraint = new RoleConstraint();
            constraint.setKey( key );
            constraint.setValue( value );
            RoleConstraint out = adminMgr.removeRoleConstraint( userRole, constraint );
        catch ( SecurityException ex )
            LOG.error( szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex );
            fail( ex.getMessage() );