4.7 - Add Role

Role addRole(Role role) throws SecurityException

This command creates a new role. The command is valid if and only if the new role is not already a member of the ROLES data set. The ROLES data set is updated. Initially, no user or permission is assigned to the new role.

required parameters:

  • Role#name - contains the name to use for the Role to be created.

optional parameters:

  • Role#description - maps to description attribute on organizationalRole object class
  • Role#beginTime - HHMM - determines begin hour role may be activated into user’s RBAC session
  • Role#endTime - HHMM - determines end hour role may be activated into user’s RBAC session.
  • Role#beginDate - YYYYMMDD - determines date when role may be activated into user’s RBAC session
  • Role#endDate - YYYYMMDD - indicates latest date role may be activated into user’s RBAC session
  • Role#beginLockDate - YYYYMMDD - determines beginning of enforced inactive status
  • Role#endLockDate - YYYYMMDD - determines end of enforced inactive status
  • Role#dayMask - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user’s RBAC session


  • role - must contains Role#name (required) and optional Role#description.


  • copy of the added Role


  • SecurityException - thrown in the event of data validation or system error.


import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.AdminMgrFactory;
import org.apache.directory.fortress.core.ReviewMgr;
import org.apache.directory.fortress.core.ReviewMgrFactory;
import org.apache.directory.fortress.core.model.Role;
import org.apache.directory.fortress.core.SecurityException;

public static void testCreateRole()
    String szLocation = ".testCreateRole";
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance();
        // At its simplest a Role contains only a name.
        Role inRole = new Role("myRoleName");
        // Call the API to actually add the Role to ldap.
        // Instantiate the ReviewMgr implementation which is used to interrogate RBAC policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance();
        // now read the newly created Role entity back:
        Role outRole = reviewMgr.readRole(inRole);
        assertTrue(szLocation + " failed read", inRole.equals(outRole));
        LOG.info(szLocation + " [" + outRole.getName() + "] success");
    catch (SecurityException ex)
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);