4.29 - Add Dynamic Separation of Duty Set Member
4 - Fortress Code Samples
4.31 - Set SSD Set Cardinality

4.30 - Delete Dynamic Separation of Duty (DSD) Set Member

SDSet deleteDsdRoleMember( SDSet ssdSet, Role role ) throws SecurityException;

This command removes a role from a named DSD set of roles. The cardinality associated with the role set remains unchanged.

The command is valid if and only if:

  • The DSD role set exists.
  • The role to be removed is a member of the DSD role set.
  • The cardinality associated with the DSD role set is less than the number of elements of the DSD role set.

This method:

  • Removes a member from an existing DSD set.
  • Affects (runtime) role activations.

required parameters:

  • SDSet#name - contains the name of Set to be modified.
  • Type of SD Set - ‘DYNAMIC’ (automatically set via this method).
  • Role#name - of set member targeted for removal.

Throws:

  • SecurityException - thrown in the event of data validation or system error.

deleteDsdRoleMember

import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.AdminMgrFactory;
import org.apache.directory.fortress.core.model.SDSet;
import org.apache.directory.fortress.core.model.Role;
import org.apache.directory.fortress.core.SecurityException;

@test
public static void testDeleteDsdRoleMember()
{
    String szLocation = ".testDeleteDsdRoleMember";
    try
    {
        AdminMgr adminMgr = AdminMgrFactory.createInstance();
        SDSet inDsdSet = new SDSet();
        // existing set name:
        inDsdSet.setName( "myDsdSetName" );
        // existing role name:
        Role inRole - new Role( "role1" );
        SDSet outDsdSet = am.deleteDsdRoleMember( inDsdSet, inRole );
    }
    catch (SecurityException ex)
    {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}
4.29 - Add Dynamic Separation of Duty Set Member
4 - Fortress Code Samples
4.31 - Set SSD Set Cardinality