4.5 - Drop Active Role

void dropActiveRole(Session session, UserRole role) throws SecurityException

This function deletes a role from the active role set of a session owned by a given user.

The function is valid if and only if:

  • the user is a member of the USERS data set
  • the session object contains a valid Fortress session
  • the session is owned by the user
  • the role is an active role of that session


  • session - object contains the user’s returned RBAC session from the createSession method.
  • role - object contains the role name, UserRole.name, to be deactivated.


  • SecurityException - is thrown if user is not allowed to deactivate or runtime error occurs with system.


import org.apache.directory.fortress.core.AccessMgr;
import org.apache.directory.fortress.core.AccessMgrFactory;
import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.model.Session;
import org.apache.directory.fortress.core.model.UserRole;

public static void testDropActiveRole( Session session, String roleName )
    String szLocation = ".testDropActiveRole";
        // Instantiate the AccessMgr implementation.
        AccessMgr accessMgr = AccessMgrFactory.createInstance();
        UserRole userRole = new UserRole( session.getUserId(), roleName );
        accessMgr.dropActiveRole( session, userRole );
    catch ( SecurityException ex )
        LOG.error( szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex );
        fail( ex.getMessage() );