You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by gi...@apache.org on 2022/07/28 04:31:53 UTC
[directory-site] branch asf-site updated: Updated site from master (984639ceccc73eef817d7020ea7c5e048d7c674f)
This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/directory-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 5620cf9a Updated site from master (984639ceccc73eef817d7020ea7c5e048d7c674f)
5620cf9a is described below
commit 5620cf9ac0f067d22b9dfa5aa666e8a71eae0987
Author: jenkins <bu...@apache.org>
AuthorDate: Thu Jul 28 04:31:49 2022 +0000
Updated site from master (984639ceccc73eef817d7020ea7c5e048d7c674f)
---
content/fortress/index.xml | 42 +++++++++++-
content/fortress/user-guide.html | 8 +--
.../user-guide/4-fortress-code-samples.html | 4 ++
.../user-guide/4.14-delete-permission.html | 6 +-
...elete-permission.html => 4.15-assign-user.html} | 74 ++++++++++------------
...ete-permission.html => 4.16-deassign-user.html} | 65 ++++++++-----------
...-permission.html => 4.17-grant-permission.html} | 62 +++++++-----------
...permission.html => 4.18-revoke-permission.html} | 56 ++++++----------
content/index.xml | 42 +++++++++++-
content/sitemap.xml | 28 ++++++--
10 files changed, 220 insertions(+), 167 deletions(-)
diff --git a/content/fortress/index.xml b/content/fortress/index.xml
index 981f7b5c..4e2c3975 100644
--- a/content/fortress/index.xml
+++ b/content/fortress/index.xml
@@ -137,7 +137,7 @@ More info here on how it works:
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://directory.apache.org/fortress/user-guide/4-fortress-code-samples.html</guid>
- <description>4 - Apache Fortress Code Samples Table of content 4.1 - Create Session 4.2 - Check Access 4.3 - Session Permissions 4.4 - Add Active Role 4.5 - Drop Active Role 4.6 - Get Authorized Roles 4.7 - Add Role 4.8 - Delete Role 4.9 - Add User 4.10 - Delete User 4.11 - Add Permission Object 4.12 - Delete Permission Object 4.13 - Add Permission 4.14 - Delete Permission </description>
+ <description>4 - Apache Fortress Code Samples Table of content 4.1 - Create Session 4.2 - Check Access 4.3 - Session Permissions 4.4 - Add Active Role 4.5 - Drop Active Role 4.6 - Get Authorized Roles 4.7 - Add Role 4.8 - Delete Role 4.9 - Add User 4.10 - Delete User 4.11 - Add Permission Object 4.12 - Delete Permission Object 4.13 - Add Permission 4.14 - Delete Permission 4.</description>
</item>
<item>
@@ -207,6 +207,46 @@ required parameters:
perm - must contain the object, Permission#objName, and operation, Permission#opName, that identifies target.</description>
</item>
+ <item>
+ <title>4.15 - Assign User</title>
+ <link>https://directory.apache.org/fortress/user-guide/4.15-assign-user.html</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>https://directory.apache.org/fortress/user-guide/4.15-assign-user.html</guid>
+ <description>4.15 - Assign User void assignUser(UserRole uRole) throws SecurityException This command assigns a user to a role. The command is valid if and only if:
+ The user is a member of the USERS data set The role is a member of the ROLES data set The user is not already assigned to the role The SSD constraints are satisfied after assignment. required parameters:
+ UserRole#name - contains the name for already existing Role to be assigned UserRole#userId - contains the userId for existing User optional parameters</description>
+ </item>
+
+ <item>
+ <title>4.16 - Deassign User</title>
+ <link>https://directory.apache.org/fortress/user-guide/4.16-deassign-user.html</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>https://directory.apache.org/fortress/user-guide/4.16-deassign-user.html</guid>
+ <description>4.16 - Deassign User void deassignUser(UserRole uRole) throws SecurityException This command deletes the assignment of the User from the Role entity. The command is valid if and only if:
+ the user is a member of the USERS data set the role is a member of the ROLES data set the user is assigned to the role. required parameters:
+ UserRole#name - contains the name for already existing Role to be deassigned UserRole#userId - contains the userId for existing User Throws:</description>
+ </item>
+
+ <item>
+ <title>4.17 - Grant Permission</title>
+ <link>https://directory.apache.org/fortress/user-guide/4.17-grant-permission.html</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>https://directory.apache.org/fortress/user-guide/4.17-grant-permission.html</guid>
+ <description>4.17 - Grant Permission void grantPermission(Permission perm, Role role) throws SecurityException This command grants a role the permission to perform an operation on an object to a role. The command is implemented by granting permission by setting the access control list of the object involved. The command is valid if and only if the pair (object, operation) represents a permission, and the role is a member of the ROLES data set.</description>
+ </item>
+
+ <item>
+ <title>4.18 - Revoke Permission</title>
+ <link>https://directory.apache.org/fortress/user-guide/4.18-revoke-permission.html</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>https://directory.apache.org/fortress/user-guide/4.18-revoke-permission.html</guid>
+ <description>4.14 - Revoke Permission void revokePermission(Permission perm, Role role) throws SecurityException This command revokes the permission to perform an operation on an object from the set of permissions assigned to a role. The command is implemented by setting the access control list of the object involved. The command is valid if and only if the pair (object, operation) represents a permission, the role is a member of the ROLES data set, and the permission is assigned t [...]
+ </item>
+
<item>
<title>4.2 - Check Access</title>
<link>https://directory.apache.org/fortress/user-guide/4.2-check-access.html</link>
diff --git a/content/fortress/user-guide.html b/content/fortress/user-guide.html
index 4c0b34fa..9c6778fd 100644
--- a/content/fortress/user-guide.html
+++ b/content/fortress/user-guide.html
@@ -173,15 +173,15 @@
<li><a href="user-guide/4.12-delete-permobj.html">4.12 - Delete Permission Object</a></li>
<li><a href="user-guide/4.13-add-permission.html">4.13 - Add Permission</a></li>
<li><a href="user-guide/4.14-delete-permission.html">4.14 - Delete Permission</a></li>
+<li><a href="user-guide/4.15-assign-user.html">4.15 - Assign User</a></li>
+<li><a href="user-guide/4.16-deassign-user.html">4.16 - Deassign User</a></li>
+<li><a href="user-guide/4.17-grant-permission.html">4.17 - Grant Permission</a></li>
+<li><a href="user-guide/4.18-revoke-permission.html">4.18 - Revoke Permission</a></li>
</ul>
</li>
<li>
<p>TODO (more code samples):</p>
<ul>
-<li>[4.15 - assignUser]</li>
-<li>[4.16 - deassignUser]</li>
-<li>[4.17 - grantPermission]</li>
-<li>[4.18 - revokePermission]</li>
<li>[4.19 - addInheritance]</li>
<li>[4.20 - deleteInheritance]</li>
<li>[4.21 - createSsdSet]</li>
diff --git a/content/fortress/user-guide/4-fortress-code-samples.html b/content/fortress/user-guide/4-fortress-code-samples.html
index f316a76f..804f81e1 100644
--- a/content/fortress/user-guide/4-fortress-code-samples.html
+++ b/content/fortress/user-guide/4-fortress-code-samples.html
@@ -169,6 +169,10 @@
<li><a href="4.12-delete-permobj.html">4.12 - Delete Permission Object</a></li>
<li><a href="4.13-add-permission.html">4.13 - Add Permission</a></li>
<li><a href="4.14-delete-permission.html">4.14 - Delete Permission</a></li>
+<li><a href="4.15-assign-user.html">4.15 - Assign User</a></li>
+<li><a href="4.16-deassign-user.html">4.16 - Deassign User</a></li>
+<li><a href="4.17-grant-permission.html">4.17 - Grant Permission</a></li>
+<li><a href="4.18-revoke-permission.html">4.18 - Revoke Permission</a></li>
</ul>
diff --git a/content/fortress/user-guide/4.14-delete-permission.html b/content/fortress/user-guide/4.14-delete-permission.html
index 46890b4d..c543d8e8 100644
--- a/content/fortress/user-guide/4.14-delete-permission.html
+++ b/content/fortress/user-guide/4.14-delete-permission.html
@@ -143,7 +143,8 @@
</div>
<div class="nav_next">
-
+
+ <a href="4.15-assign-user.html">4.15 - Assign User</a>
</div>
<div class="clearfix"></div>
@@ -230,7 +231,8 @@ The perm operation must exist before making this call.</p>
</div>
<div class="nav_next">
-
+
+ <a href="4.15-assign-user.html">4.15 - Assign User</a>
</div>
<div class="clearfix"></div>
diff --git a/content/fortress/user-guide/4.14-delete-permission.html b/content/fortress/user-guide/4.15-assign-user.html
similarity index 65%
copy from content/fortress/user-guide/4.14-delete-permission.html
copy to content/fortress/user-guide/4.15-assign-user.html
index 46890b4d..a4ed04e3 100644
--- a/content/fortress/user-guide/4.14-delete-permission.html
+++ b/content/fortress/user-guide/4.15-assign-user.html
@@ -3,7 +3,7 @@
<html lang="en">
<head>
<meta charset="utf-8">
- <title>4.14 - Delete Permission — Apache Directory</title>
+ <title>4.15 - Assign User — Apache Directory</title>
<link href="/css/common.css" rel="stylesheet" type="text/css"/>
<link href="/css/turquoise.css" rel="stylesheet" type="text/css"/>
@@ -132,7 +132,7 @@
<div class="nav_prev">
- <a href="4.13-add-permission.html">4.13 - Add Permission</a>
+ <a href="4.14-delete-permission.html">4.14 - Delete Permission</a>
</div>
<div class="nav_up">
@@ -143,7 +143,8 @@
</div>
<div class="nav_next">
-
+
+ <a href="4.16-deassign-user.html">4.16 - Deassign user</a>
</div>
<div class="clearfix"></div>
@@ -151,60 +152,54 @@
- <h1 id="414---delete-permission">4.14 - Delete Permission</h1>
-<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">deletePermission</span><span style="color:#666">(</span>Permission perm<span style="color:#666">)</span> <span style="color:#a2f;font-weight:bold">throws</span> SecurityException
-</code></pre></div><p>This method will remove permission operation entity from permission object.
-A Fortress permission is (object->operation).
-The perm operation must exist before making this call.</p>
+ <h1 id="415---assign-user">4.15 - Assign User</h1>
+<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">assignUser</span><span style="color:#666">(</span>UserRole uRole<span style="color:#666">)</span> <span style="color:#a2f;font-weight:bold">throws</span> SecurityException
+</code></pre></div><p>This command assigns a user to a role.
+The command is valid if and only if:</p>
+<ul>
+<li>The user is a member of the USERS data set</li>
+<li>The role is a member of the ROLES data set</li>
+<li>The user is not already assigned to the role</li>
+<li>The SSD constraints are satisfied after assignment.</li>
+</ul>
<p>required parameters:</p>
<ul>
-<li>Permission#objName - contains the name of existing object being targeted for the permission delete</li>
-<li>Permission#opName - contains the name of existing permission operation being removed</li>
+<li>UserRole#name - contains the name for already existing Role to be assigned</li>
+<li>UserRole#userId - contains the userId for existing User</li>
</ul>
-<p>Parameters:</p>
+<p>optional parameters</p>
<ul>
-<li>perm - must contain the object, Permission#objName, and operation, Permission#opName, that identifies target.</li>
+<li>UserRole#beginTime - HHMM - determines begin hour role may be activated into user’s RBAC session</li>
+<li>UserRole#endTime - HHMM - determines end hour role may be activated into user’s RBAC session.</li>
+<li>UserRole#beginDate - YYYYMMDD - determines date when role may be activated into user’s RBAC session</li>
+<li>UserRole#endDate - YYYYMMDD - indicates latest date role may be activated into user’s RBAC session</li>
+<li>UserRole#beginLockDate - YYYYMMDD - determines beginning of enforced inactive status</li>
+<li>UserRole#endLockDate - YYYYMMDD - determines end of enforced inactive status</li>
+<li>UserRole#dayMask - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user’s RBAC session</li>
</ul>
<p>Throws:</p>
<ul>
-<li>SecurityException - thrown in the event of perm object data or system error.</li>
+<li>SecurityException - in the event of validation or system error.</li>
</ul>
-<h2 id="deletepermission">deletePermission</h2>
+<h2 id="assignuser">assignUser</h2>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.AdminMgr</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.AdminMgrFactory</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.GlobalErrIds</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.ReviewMgr</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.ReviewMgrFactory</span><span style="color:#666">;</span>
-<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.model.Permission</span><span style="color:#666">;</span>
+<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.model.UserRole</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.SecurityException</span><span style="color:#666">;</span>
<span style="color:#a2f">@test</span>
-<span style="color:#a2f;font-weight:bold">public</span> <span style="color:#a2f;font-weight:bold">static</span> <span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">testDelPermission</span><span style="color:#666">(</span>String objName<span style="color:#666">,</span> String operation<span style="color:#666">)</span>
+<span style="color:#a2f;font-weight:bold">public</span> <span style="color:#a2f;font-weight:bold">static</span> <span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">testAssignUser</span><span style="color:#666">(</span>String userId<span style="color:#666">,</span> String roleName<span style="color:#666">)</span>
<span style="color:#666">{</span>
- String szLocation <span style="color:#666">=</span> <span style="color:#b44">".testDelPermission"</span><span style="color:#666">;</span>
-
+ String szLocation <span style="color:#666">=</span> <span style="color:#b44">".testAssignUser"</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">try</span>
<span style="color:#666">{</span>
- <span style="color:#080;font-style:italic">// Instantiate the AdminMgr implementation which is used to provision RBAC policies.
+ <span style="color:#080;font-style:italic">// Instantiate the AdminMgr implementation.
</span><span style="color:#080;font-style:italic"></span> AdminMgr adminMgr <span style="color:#666">=</span> AdminMgrFactory<span style="color:#666">.</span><span style="color:#b44">createInstance</span><span style="color:#666">(</span><span style="color:#666">)</span><span style="color:#666">;</span>
- <span style="color:#080;font-style:italic">// this will remove the permission:
-</span><span style="color:#080;font-style:italic"></span> Permission inPerm <span style="color:#666">=</span> <span style="color:#a2f;font-weight:bold">new</span> Permission<span style="color:#666">(</span>objName<span style="color:#666">,</span> operation<span style="color:#666">)</span><span style="color:#666">;</span>
- adminMgr<span style="color:#666">.</span><span style="color:#b44">deletePermission</span><span style="color:#666">(</span>inPerm<span style="color:#666">)</span><span style="color:#666">;</span>
-
- <span style="color:#080;font-style:italic">// Instantiate the ReviewMgr implementation which is used to interrogate policy information.
-</span><span style="color:#080;font-style:italic"></span> ReviewMgr reviewMgr <span style="color:#666">=</span> ReviewMgrFactory<span style="color:#666">.</span><span style="color:#b44">createInstance</span><span style="color:#666">(</span><span style="color:#666">)</span><span style="color:#666">;</span>
- <span style="color:#a2f;font-weight:bold">try</span>
- <span style="color:#666">{</span>
- <span style="color:#080;font-style:italic">// this should fail:
-</span><span style="color:#080;font-style:italic"></span> reviewMgr<span style="color:#666">.</span><span style="color:#b44">readPermission</span><span style="color:#666">(</span><span style="color:#a2f;font-weight:bold">new</span> Permission<span style="color:#666">(</span>objName<span style="color:#666">,</span> operation<span style="color:#666">)</span><span style="color:#666">)</span><span style="color:#666">;</span>
- fail<span style="color:#666">(</span>szLocation <span style="color:#666">+</span> <span style="color:#b44">" permission delete failed"</span><span style="color:#666">)</span><span style="color:#666">;</span>
- <span style="color:#666">}</span>
- <span style="color:#a2f;font-weight:bold">catch</span> <span style="color:#666">(</span>SecurityException se<span style="color:#666">)</span>
- <span style="color:#666">{</span>
- assertTrue<span style="color:#666">(</span>szLocation <span style="color:#666">+</span> <span style="color:#b44">" excep id check"</span><span style="color:#666">,</span> se<span style="color:#666">.</span><span style="color:#b44">getErrorId</span><span style="color:#666">(</span><span style="color:#666">)</span> <span style="color:#666">=</span><span style="color:#666">=</span> GlobalErrIds<span style="color:#666">.</span><span style="color:#b44">PERM_OP_NOT_FOUND</s [...]
- <span style="color:#080;font-style:italic">// pass
-</span><span style="color:#080;font-style:italic"></span> <span style="color:#666">}</span>
- LOG<span style="color:#666">.</span><span style="color:#b44">info</span><span style="color:#666">(</span>szLocation <span style="color:#666">+</span> <span style="color:#b44">" delete permission success"</span><span style="color:#666">)</span><span style="color:#666">;</span>
+ UserRole inUserRole <span style="color:#666">=</span> <span style="color:#a2f;font-weight:bold">new</span> UserRole<span style="color:#666">(</span>userId<span style="color:#666">,</span> roleName<span style="color:#666">)</span><span style="color:#666">;</span>
+ adminMgr<span style="color:#666">.</span><span style="color:#b44">assignUser</span><span style="color:#666">(</span> inUserRole <span style="color:#666">)</span><span style="color:#666">;</span>
<span style="color:#666">}</span>
<span style="color:#a2f;font-weight:bold">catch</span> <span style="color:#666">(</span>SecurityException ex<span style="color:#666">)</span>
<span style="color:#666">{</span>
@@ -219,7 +214,7 @@ The perm operation must exist before making this call.</p>
<div class="nav_prev">
- <a href="4.13-add-permission.html">4.13 - Add Permission</a>
+ <a href="4.14-delete-permission.html">4.14 - Delete Permission</a>
</div>
<div class="nav_up">
@@ -230,7 +225,8 @@ The perm operation must exist before making this call.</p>
</div>
<div class="nav_next">
-
+
+ <a href="4.16-deassign-user.html">4.16 - Deassign user</a>
</div>
<div class="clearfix"></div>
diff --git a/content/fortress/user-guide/4.14-delete-permission.html b/content/fortress/user-guide/4.16-deassign-user.html
similarity index 65%
copy from content/fortress/user-guide/4.14-delete-permission.html
copy to content/fortress/user-guide/4.16-deassign-user.html
index 46890b4d..7ac5c2b4 100644
--- a/content/fortress/user-guide/4.14-delete-permission.html
+++ b/content/fortress/user-guide/4.16-deassign-user.html
@@ -3,7 +3,7 @@
<html lang="en">
<head>
<meta charset="utf-8">
- <title>4.14 - Delete Permission — Apache Directory</title>
+ <title>4.16 - Deassign User — Apache Directory</title>
<link href="/css/common.css" rel="stylesheet" type="text/css"/>
<link href="/css/turquoise.css" rel="stylesheet" type="text/css"/>
@@ -132,7 +132,7 @@
<div class="nav_prev">
- <a href="4.13-add-permission.html">4.13 - Add Permission</a>
+ <a href="4.15-assign-user.html">4.15 - Assign User</a>
</div>
<div class="nav_up">
@@ -143,7 +143,8 @@
</div>
<div class="nav_next">
-
+
+ <a href="4.17-grant-permission.html">4.17 - Grant Permission</a>
</div>
<div class="clearfix"></div>
@@ -151,60 +152,43 @@
- <h1 id="414---delete-permission">4.14 - Delete Permission</h1>
-<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">deletePermission</span><span style="color:#666">(</span>Permission perm<span style="color:#666">)</span> <span style="color:#a2f;font-weight:bold">throws</span> SecurityException
-</code></pre></div><p>This method will remove permission operation entity from permission object.
-A Fortress permission is (object->operation).
-The perm operation must exist before making this call.</p>
-<p>required parameters:</p>
+ <h1 id="416---deassign-user">4.16 - Deassign User</h1>
+<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">deassignUser</span><span style="color:#666">(</span>UserRole uRole<span style="color:#666">)</span> <span style="color:#a2f;font-weight:bold">throws</span> SecurityException
+</code></pre></div><p>This command deletes the assignment of the User from the Role entity.
+The command is valid if and only if:</p>
<ul>
-<li>Permission#objName - contains the name of existing object being targeted for the permission delete</li>
-<li>Permission#opName - contains the name of existing permission operation being removed</li>
+<li>the user is a member of the USERS data set</li>
+<li>the role is a member of the ROLES data set</li>
+<li>the user is assigned to the role.</li>
</ul>
-<p>Parameters:</p>
+<p>required parameters:</p>
<ul>
-<li>perm - must contain the object, Permission#objName, and operation, Permission#opName, that identifies target.</li>
+<li>UserRole#name - contains the name for already existing Role to be deassigned</li>
+<li>UserRole#userId - contains the userId for existing User</li>
</ul>
<p>Throws:</p>
<ul>
-<li>SecurityException - thrown in the event of perm object data or system error.</li>
+<li>SecurityException - in the event data error in user or role objects or system error.</li>
</ul>
-<h2 id="deletepermission">deletePermission</h2>
+<h2 id="deassignuser">deassignUser</h2>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.AdminMgr</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.AdminMgrFactory</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.GlobalErrIds</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.ReviewMgr</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.ReviewMgrFactory</span><span style="color:#666">;</span>
-<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.model.Permission</span><span style="color:#666">;</span>
+<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.model.UserRole</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.SecurityException</span><span style="color:#666">;</span>
<span style="color:#a2f">@test</span>
-<span style="color:#a2f;font-weight:bold">public</span> <span style="color:#a2f;font-weight:bold">static</span> <span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">testDelPermission</span><span style="color:#666">(</span>String objName<span style="color:#666">,</span> String operation<span style="color:#666">)</span>
+<span style="color:#a2f;font-weight:bold">public</span> <span style="color:#a2f;font-weight:bold">static</span> <span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">testDeassignUser</span><span style="color:#666">(</span>String userId<span style="color:#666">,</span> String roleName<span style="color:#666">)</span>
<span style="color:#666">{</span>
- String szLocation <span style="color:#666">=</span> <span style="color:#b44">".testDelPermission"</span><span style="color:#666">;</span>
-
+ String szLocation <span style="color:#666">=</span> <span style="color:#b44">".testDeassignUser"</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">try</span>
<span style="color:#666">{</span>
- <span style="color:#080;font-style:italic">// Instantiate the AdminMgr implementation which is used to provision RBAC policies.
+ <span style="color:#080;font-style:italic">// Instantiate the AdminMgr implementation.
</span><span style="color:#080;font-style:italic"></span> AdminMgr adminMgr <span style="color:#666">=</span> AdminMgrFactory<span style="color:#666">.</span><span style="color:#b44">createInstance</span><span style="color:#666">(</span><span style="color:#666">)</span><span style="color:#666">;</span>
- <span style="color:#080;font-style:italic">// this will remove the permission:
-</span><span style="color:#080;font-style:italic"></span> Permission inPerm <span style="color:#666">=</span> <span style="color:#a2f;font-weight:bold">new</span> Permission<span style="color:#666">(</span>objName<span style="color:#666">,</span> operation<span style="color:#666">)</span><span style="color:#666">;</span>
- adminMgr<span style="color:#666">.</span><span style="color:#b44">deletePermission</span><span style="color:#666">(</span>inPerm<span style="color:#666">)</span><span style="color:#666">;</span>
-
- <span style="color:#080;font-style:italic">// Instantiate the ReviewMgr implementation which is used to interrogate policy information.
-</span><span style="color:#080;font-style:italic"></span> ReviewMgr reviewMgr <span style="color:#666">=</span> ReviewMgrFactory<span style="color:#666">.</span><span style="color:#b44">createInstance</span><span style="color:#666">(</span><span style="color:#666">)</span><span style="color:#666">;</span>
- <span style="color:#a2f;font-weight:bold">try</span>
- <span style="color:#666">{</span>
- <span style="color:#080;font-style:italic">// this should fail:
-</span><span style="color:#080;font-style:italic"></span> reviewMgr<span style="color:#666">.</span><span style="color:#b44">readPermission</span><span style="color:#666">(</span><span style="color:#a2f;font-weight:bold">new</span> Permission<span style="color:#666">(</span>objName<span style="color:#666">,</span> operation<span style="color:#666">)</span><span style="color:#666">)</span><span style="color:#666">;</span>
- fail<span style="color:#666">(</span>szLocation <span style="color:#666">+</span> <span style="color:#b44">" permission delete failed"</span><span style="color:#666">)</span><span style="color:#666">;</span>
- <span style="color:#666">}</span>
- <span style="color:#a2f;font-weight:bold">catch</span> <span style="color:#666">(</span>SecurityException se<span style="color:#666">)</span>
- <span style="color:#666">{</span>
- assertTrue<span style="color:#666">(</span>szLocation <span style="color:#666">+</span> <span style="color:#b44">" excep id check"</span><span style="color:#666">,</span> se<span style="color:#666">.</span><span style="color:#b44">getErrorId</span><span style="color:#666">(</span><span style="color:#666">)</span> <span style="color:#666">=</span><span style="color:#666">=</span> GlobalErrIds<span style="color:#666">.</span><span style="color:#b44">PERM_OP_NOT_FOUND</s [...]
- <span style="color:#080;font-style:italic">// pass
-</span><span style="color:#080;font-style:italic"></span> <span style="color:#666">}</span>
- LOG<span style="color:#666">.</span><span style="color:#b44">info</span><span style="color:#666">(</span>szLocation <span style="color:#666">+</span> <span style="color:#b44">" delete permission success"</span><span style="color:#666">)</span><span style="color:#666">;</span>
+ UserRole inUserRole <span style="color:#666">=</span> <span style="color:#a2f;font-weight:bold">new</span> UserRole<span style="color:#666">(</span>userId<span style="color:#666">,</span> roleName<span style="color:#666">)</span><span style="color:#666">;</span>
+ adminMgr<span style="color:#666">.</span><span style="color:#b44">deassignUser</span><span style="color:#666">(</span> inUserRole <span style="color:#666">)</span><span style="color:#666">;</span>
<span style="color:#666">}</span>
<span style="color:#a2f;font-weight:bold">catch</span> <span style="color:#666">(</span>SecurityException ex<span style="color:#666">)</span>
<span style="color:#666">{</span>
@@ -219,7 +203,7 @@ The perm operation must exist before making this call.</p>
<div class="nav_prev">
- <a href="4.13-add-permission.html">4.13 - Add Permission</a>
+ <a href="4.15-assign-user.html">4.15 - Assign User</a>
</div>
<div class="nav_up">
@@ -230,7 +214,8 @@ The perm operation must exist before making this call.</p>
</div>
<div class="nav_next">
-
+
+ <a href="4.17-grant-permission.html">4.17 - Grant Permission</a>
</div>
<div class="clearfix"></div>
diff --git a/content/fortress/user-guide/4.14-delete-permission.html b/content/fortress/user-guide/4.17-grant-permission.html
similarity index 66%
copy from content/fortress/user-guide/4.14-delete-permission.html
copy to content/fortress/user-guide/4.17-grant-permission.html
index 46890b4d..cb1f2b44 100644
--- a/content/fortress/user-guide/4.14-delete-permission.html
+++ b/content/fortress/user-guide/4.17-grant-permission.html
@@ -3,7 +3,7 @@
<html lang="en">
<head>
<meta charset="utf-8">
- <title>4.14 - Delete Permission — Apache Directory</title>
+ <title>4.17 - Grant Permission — Apache Directory</title>
<link href="/css/common.css" rel="stylesheet" type="text/css"/>
<link href="/css/turquoise.css" rel="stylesheet" type="text/css"/>
@@ -132,7 +132,7 @@
<div class="nav_prev">
- <a href="4.13-add-permission.html">4.13 - Add Permission</a>
+ <a href="4.16-deassign-user.html">4.16 - Deassign User</a>
</div>
<div class="nav_up">
@@ -143,7 +143,8 @@
</div>
<div class="nav_next">
-
+
+ <a href="4.18-revoke-permission.html">4.18 - Revoke Permission</a>
</div>
<div class="clearfix"></div>
@@ -151,60 +152,42 @@
- <h1 id="414---delete-permission">4.14 - Delete Permission</h1>
-<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">deletePermission</span><span style="color:#666">(</span>Permission perm<span style="color:#666">)</span> <span style="color:#a2f;font-weight:bold">throws</span> SecurityException
-</code></pre></div><p>This method will remove permission operation entity from permission object.
-A Fortress permission is (object->operation).
-The perm operation must exist before making this call.</p>
+ <h1 id="417---grant-permission">4.17 - Grant Permission</h1>
+<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">grantPermission</span><span style="color:#666">(</span>Permission perm<span style="color:#666">,</span> Role role<span style="color:#666">)</span> <span style="color:#a2f;font-weight:bold">throws</span> SecurityException
+</code></pre></div><p>This command grants a role the permission to perform an operation on an object to a role.
+The command is implemented by granting permission by setting the access control list of the object involved.
+The command is valid if and only if the pair (object, operation) represents a permission, and the role is a member of the ROLES data set.</p>
<p>required parameters:</p>
<ul>
-<li>Permission#objName - contains the name of existing object being targeted for the permission delete</li>
-<li>Permission#opName - contains the name of existing permission operation being removed</li>
-</ul>
-<p>Parameters:</p>
-<ul>
-<li>perm - must contain the object, Permission#objName, and operation, Permission#opName, that identifies target.</li>
+<li>Permission#objName - contains the object name</li>
+<li>Permission#opName - contains the operation name</li>
+<li>Role#name - contains the role name</li>
</ul>
<p>Throws:</p>
<ul>
-<li>SecurityException - thrown in the event of perm object data or system error.</li>
+<li>SecurityException - Thrown in the event of data validation or system error.</li>
</ul>
-<h2 id="deletepermission">deletePermission</h2>
+<h2 id="grantpermission">grantPermission</h2>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.AdminMgr</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.AdminMgrFactory</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.GlobalErrIds</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.ReviewMgr</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.ReviewMgrFactory</span><span style="color:#666">;</span>
+<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.model.Role</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.model.Permission</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.SecurityException</span><span style="color:#666">;</span>
<span style="color:#a2f">@test</span>
-<span style="color:#a2f;font-weight:bold">public</span> <span style="color:#a2f;font-weight:bold">static</span> <span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">testDelPermission</span><span style="color:#666">(</span>String objName<span style="color:#666">,</span> String operation<span style="color:#666">)</span>
+<span style="color:#a2f;font-weight:bold">public</span> <span style="color:#a2f;font-weight:bold">static</span> <span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">testGrantPermission</span><span style="color:#666">(</span>String roleName<span style="color:#666">,</span> String object<span style="color:#666">,</span> String operation<span style="color:#666">)</span>
<span style="color:#666">{</span>
- String szLocation <span style="color:#666">=</span> <span style="color:#b44">".testDelPermission"</span><span style="color:#666">;</span>
-
+ String szLocation <span style="color:#666">=</span> <span style="color:#b44">".testGrantPermission"</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">try</span>
<span style="color:#666">{</span>
<span style="color:#080;font-style:italic">// Instantiate the AdminMgr implementation which is used to provision RBAC policies.
</span><span style="color:#080;font-style:italic"></span> AdminMgr adminMgr <span style="color:#666">=</span> AdminMgrFactory<span style="color:#666">.</span><span style="color:#b44">createInstance</span><span style="color:#666">(</span><span style="color:#666">)</span><span style="color:#666">;</span>
- <span style="color:#080;font-style:italic">// this will remove the permission:
-</span><span style="color:#080;font-style:italic"></span> Permission inPerm <span style="color:#666">=</span> <span style="color:#a2f;font-weight:bold">new</span> Permission<span style="color:#666">(</span>objName<span style="color:#666">,</span> operation<span style="color:#666">)</span><span style="color:#666">;</span>
- adminMgr<span style="color:#666">.</span><span style="color:#b44">deletePermission</span><span style="color:#666">(</span>inPerm<span style="color:#666">)</span><span style="color:#666">;</span>
-
- <span style="color:#080;font-style:italic">// Instantiate the ReviewMgr implementation which is used to interrogate policy information.
-</span><span style="color:#080;font-style:italic"></span> ReviewMgr reviewMgr <span style="color:#666">=</span> ReviewMgrFactory<span style="color:#666">.</span><span style="color:#b44">createInstance</span><span style="color:#666">(</span><span style="color:#666">)</span><span style="color:#666">;</span>
- <span style="color:#a2f;font-weight:bold">try</span>
- <span style="color:#666">{</span>
- <span style="color:#080;font-style:italic">// this should fail:
-</span><span style="color:#080;font-style:italic"></span> reviewMgr<span style="color:#666">.</span><span style="color:#b44">readPermission</span><span style="color:#666">(</span><span style="color:#a2f;font-weight:bold">new</span> Permission<span style="color:#666">(</span>objName<span style="color:#666">,</span> operation<span style="color:#666">)</span><span style="color:#666">)</span><span style="color:#666">;</span>
- fail<span style="color:#666">(</span>szLocation <span style="color:#666">+</span> <span style="color:#b44">" permission delete failed"</span><span style="color:#666">)</span><span style="color:#666">;</span>
- <span style="color:#666">}</span>
- <span style="color:#a2f;font-weight:bold">catch</span> <span style="color:#666">(</span>SecurityException se<span style="color:#666">)</span>
- <span style="color:#666">{</span>
- assertTrue<span style="color:#666">(</span>szLocation <span style="color:#666">+</span> <span style="color:#b44">" excep id check"</span><span style="color:#666">,</span> se<span style="color:#666">.</span><span style="color:#b44">getErrorId</span><span style="color:#666">(</span><span style="color:#666">)</span> <span style="color:#666">=</span><span style="color:#666">=</span> GlobalErrIds<span style="color:#666">.</span><span style="color:#b44">PERM_OP_NOT_FOUND</s [...]
- <span style="color:#080;font-style:italic">// pass
-</span><span style="color:#080;font-style:italic"></span> <span style="color:#666">}</span>
- LOG<span style="color:#666">.</span><span style="color:#b44">info</span><span style="color:#666">(</span>szLocation <span style="color:#666">+</span> <span style="color:#b44">" delete permission success"</span><span style="color:#666">)</span><span style="color:#666">;</span>
+ Role inRole <span style="color:#666">=</span> <span style="color:#a2f;font-weight:bold">new</span> Role<span style="color:#666">(</span>roleName<span style="color:#666">)</span><span style="color:#666">;</span>
+ Permission inPerm <span style="color:#666">=</span> <span style="color:#a2f;font-weight:bold">new</span> Permission<span style="color:#666">(</span>object<span style="color:#666">,</span> operation<span style="color:#666">)</span><span style="color:#666">;</span>
+ adminMgr<span style="color:#666">.</span><span style="color:#b44">grantPermission</span><span style="color:#666">(</span>inPerm<span style="color:#666">,</span> inRole<span style="color:#666">)</span><span style="color:#666">;</span>
<span style="color:#666">}</span>
<span style="color:#a2f;font-weight:bold">catch</span> <span style="color:#666">(</span>SecurityException ex<span style="color:#666">)</span>
<span style="color:#666">{</span>
@@ -219,7 +202,7 @@ The perm operation must exist before making this call.</p>
<div class="nav_prev">
- <a href="4.13-add-permission.html">4.13 - Add Permission</a>
+ <a href="4.16-deassign-user.html">4.16 - Deassign User</a>
</div>
<div class="nav_up">
@@ -230,7 +213,8 @@ The perm operation must exist before making this call.</p>
</div>
<div class="nav_next">
-
+
+ <a href="4.18-revoke-permission.html">4.18 - Revoke Permission</a>
</div>
<div class="clearfix"></div>
diff --git a/content/fortress/user-guide/4.14-delete-permission.html b/content/fortress/user-guide/4.18-revoke-permission.html
similarity index 67%
copy from content/fortress/user-guide/4.14-delete-permission.html
copy to content/fortress/user-guide/4.18-revoke-permission.html
index 46890b4d..adaa263e 100644
--- a/content/fortress/user-guide/4.14-delete-permission.html
+++ b/content/fortress/user-guide/4.18-revoke-permission.html
@@ -3,7 +3,7 @@
<html lang="en">
<head>
<meta charset="utf-8">
- <title>4.14 - Delete Permission — Apache Directory</title>
+ <title>4.18 - Revoke Permission — Apache Directory</title>
<link href="/css/common.css" rel="stylesheet" type="text/css"/>
<link href="/css/turquoise.css" rel="stylesheet" type="text/css"/>
@@ -132,7 +132,7 @@
<div class="nav_prev">
- <a href="4.13-add-permission.html">4.13 - Add Permission</a>
+ <a href="4.17-grant-permission.html">4.17 - Grant Permission</a>
</div>
<div class="nav_up">
@@ -151,60 +151,42 @@
- <h1 id="414---delete-permission">4.14 - Delete Permission</h1>
-<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">deletePermission</span><span style="color:#666">(</span>Permission perm<span style="color:#666">)</span> <span style="color:#a2f;font-weight:bold">throws</span> SecurityException
-</code></pre></div><p>This method will remove permission operation entity from permission object.
-A Fortress permission is (object->operation).
-The perm operation must exist before making this call.</p>
+ <h1 id="414---revoke-permission">4.14 - Revoke Permission</h1>
+<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">revokePermission</span><span style="color:#666">(</span>Permission perm<span style="color:#666">,</span> Role role<span style="color:#666">)</span> <span style="color:#a2f;font-weight:bold">throws</span> SecurityException
+</code></pre></div><p>This command revokes the permission to perform an operation on an object from the set of permissions assigned to a role.
+The command is implemented by setting the access control list of the object involved.
+The command is valid if and only if the pair (object, operation) represents a permission, the role is a member of the ROLES data set, and the permission is assigned to that role.</p>
<p>required parameters:</p>
<ul>
-<li>Permission#objName - contains the name of existing object being targeted for the permission delete</li>
-<li>Permission#opName - contains the name of existing permission operation being removed</li>
-</ul>
-<p>Parameters:</p>
-<ul>
-<li>perm - must contain the object, Permission#objName, and operation, Permission#opName, that identifies target.</li>
+<li>Permission#objName - contains the object name</li>
+<li>Permission#opName - contains the operation name</li>
+<li>Role#name - contains the role name</li>
</ul>
<p>Throws:</p>
<ul>
-<li>SecurityException - thrown in the event of perm object data or system error.</li>
+<li>SecurityException - Thrown in the event of data validation or system error.</li>
</ul>
-<h2 id="deletepermission">deletePermission</h2>
+<h2 id="revokepermission">revokePermission</h2>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.AdminMgr</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.AdminMgrFactory</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.GlobalErrIds</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.ReviewMgr</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.ReviewMgrFactory</span><span style="color:#666">;</span>
+<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.model.Role</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.model.Permission</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">import</span> <span style="color:#00f;font-weight:bold">org.apache.directory.fortress.core.SecurityException</span><span style="color:#666">;</span>
<span style="color:#a2f">@test</span>
-<span style="color:#a2f;font-weight:bold">public</span> <span style="color:#a2f;font-weight:bold">static</span> <span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">testDelPermission</span><span style="color:#666">(</span>String objName<span style="color:#666">,</span> String operation<span style="color:#666">)</span>
+<span style="color:#a2f;font-weight:bold">public</span> <span style="color:#a2f;font-weight:bold">static</span> <span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">testRevokePermission</span><span style="color:#666">(</span>String roleName<span style="color:#666">,</span> String object<span style="color:#666">,</span> String operation<span style="color:#666">)</span>
<span style="color:#666">{</span>
- String szLocation <span style="color:#666">=</span> <span style="color:#b44">".testDelPermission"</span><span style="color:#666">;</span>
-
+ String szLocation <span style="color:#666">=</span> <span style="color:#b44">".testRevokePermission"</span><span style="color:#666">;</span>
<span style="color:#a2f;font-weight:bold">try</span>
<span style="color:#666">{</span>
<span style="color:#080;font-style:italic">// Instantiate the AdminMgr implementation which is used to provision RBAC policies.
</span><span style="color:#080;font-style:italic"></span> AdminMgr adminMgr <span style="color:#666">=</span> AdminMgrFactory<span style="color:#666">.</span><span style="color:#b44">createInstance</span><span style="color:#666">(</span><span style="color:#666">)</span><span style="color:#666">;</span>
- <span style="color:#080;font-style:italic">// this will remove the permission:
-</span><span style="color:#080;font-style:italic"></span> Permission inPerm <span style="color:#666">=</span> <span style="color:#a2f;font-weight:bold">new</span> Permission<span style="color:#666">(</span>objName<span style="color:#666">,</span> operation<span style="color:#666">)</span><span style="color:#666">;</span>
- adminMgr<span style="color:#666">.</span><span style="color:#b44">deletePermission</span><span style="color:#666">(</span>inPerm<span style="color:#666">)</span><span style="color:#666">;</span>
-
- <span style="color:#080;font-style:italic">// Instantiate the ReviewMgr implementation which is used to interrogate policy information.
-</span><span style="color:#080;font-style:italic"></span> ReviewMgr reviewMgr <span style="color:#666">=</span> ReviewMgrFactory<span style="color:#666">.</span><span style="color:#b44">createInstance</span><span style="color:#666">(</span><span style="color:#666">)</span><span style="color:#666">;</span>
- <span style="color:#a2f;font-weight:bold">try</span>
- <span style="color:#666">{</span>
- <span style="color:#080;font-style:italic">// this should fail:
-</span><span style="color:#080;font-style:italic"></span> reviewMgr<span style="color:#666">.</span><span style="color:#b44">readPermission</span><span style="color:#666">(</span><span style="color:#a2f;font-weight:bold">new</span> Permission<span style="color:#666">(</span>objName<span style="color:#666">,</span> operation<span style="color:#666">)</span><span style="color:#666">)</span><span style="color:#666">;</span>
- fail<span style="color:#666">(</span>szLocation <span style="color:#666">+</span> <span style="color:#b44">" permission delete failed"</span><span style="color:#666">)</span><span style="color:#666">;</span>
- <span style="color:#666">}</span>
- <span style="color:#a2f;font-weight:bold">catch</span> <span style="color:#666">(</span>SecurityException se<span style="color:#666">)</span>
- <span style="color:#666">{</span>
- assertTrue<span style="color:#666">(</span>szLocation <span style="color:#666">+</span> <span style="color:#b44">" excep id check"</span><span style="color:#666">,</span> se<span style="color:#666">.</span><span style="color:#b44">getErrorId</span><span style="color:#666">(</span><span style="color:#666">)</span> <span style="color:#666">=</span><span style="color:#666">=</span> GlobalErrIds<span style="color:#666">.</span><span style="color:#b44">PERM_OP_NOT_FOUND</s [...]
- <span style="color:#080;font-style:italic">// pass
-</span><span style="color:#080;font-style:italic"></span> <span style="color:#666">}</span>
- LOG<span style="color:#666">.</span><span style="color:#b44">info</span><span style="color:#666">(</span>szLocation <span style="color:#666">+</span> <span style="color:#b44">" delete permission success"</span><span style="color:#666">)</span><span style="color:#666">;</span>
+ Role inRole <span style="color:#666">=</span> <span style="color:#a2f;font-weight:bold">new</span> Role<span style="color:#666">(</span>roleName<span style="color:#666">)</span><span style="color:#666">;</span>
+ Permission inPerm <span style="color:#666">=</span> <span style="color:#a2f;font-weight:bold">new</span> Permission<span style="color:#666">(</span>object<span style="color:#666">,</span> operation<span style="color:#666">)</span><span style="color:#666">;</span>
+ adminMgr<span style="color:#666">.</span><span style="color:#b44">revokePermission</span><span style="color:#666">(</span>inPerm<span style="color:#666">,</span> inRole<span style="color:#666">)</span><span style="color:#666">;</span>
<span style="color:#666">}</span>
<span style="color:#a2f;font-weight:bold">catch</span> <span style="color:#666">(</span>SecurityException ex<span style="color:#666">)</span>
<span style="color:#666">{</span>
@@ -219,7 +201,7 @@ The perm operation must exist before making this call.</p>
<div class="nav_prev">
- <a href="4.13-add-permission.html">4.13 - Add Permission</a>
+ <a href="4.17-grant-permission.html">4.17 - Grant Permission</a>
</div>
<div class="nav_up">
diff --git a/content/index.xml b/content/index.xml
index a7ae93cc..21929e00 100644
--- a/content/index.xml
+++ b/content/index.xml
@@ -1454,7 +1454,7 @@ Anyway, we use a subset of ASN/1, as what we have to deal with is the BER/DER en
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://directory.apache.org/fortress/user-guide/4-fortress-code-samples.html</guid>
- <description>4 - Apache Fortress Code Samples Table of content 4.1 - Create Session 4.2 - Check Access 4.3 - Session Permissions 4.4 - Add Active Role 4.5 - Drop Active Role 4.6 - Get Authorized Roles 4.7 - Add Role 4.8 - Delete Role 4.9 - Add User 4.10 - Delete User 4.11 - Add Permission Object 4.12 - Delete Permission Object 4.13 - Add Permission 4.14 - Delete Permission </description>
+ <description>4 - Apache Fortress Code Samples Table of content 4.1 - Create Session 4.2 - Check Access 4.3 - Session Permissions 4.4 - Add Active Role 4.5 - Drop Active Role 4.6 - Get Authorized Roles 4.7 - Add Role 4.8 - Delete Role 4.9 - Add User 4.10 - Delete User 4.11 - Add Permission Object 4.12 - Delete Permission Object 4.13 - Add Permission 4.14 - Delete Permission 4.</description>
</item>
<item>
@@ -1764,6 +1764,46 @@ required parameters:
perm - must contain the object, Permission#objName, and operation, Permission#opName, that identifies target.</description>
</item>
+ <item>
+ <title>4.15 - Assign User</title>
+ <link>https://directory.apache.org/fortress/user-guide/4.15-assign-user.html</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>https://directory.apache.org/fortress/user-guide/4.15-assign-user.html</guid>
+ <description>4.15 - Assign User void assignUser(UserRole uRole) throws SecurityException This command assigns a user to a role. The command is valid if and only if:
+ The user is a member of the USERS data set The role is a member of the ROLES data set The user is not already assigned to the role The SSD constraints are satisfied after assignment. required parameters:
+ UserRole#name - contains the name for already existing Role to be assigned UserRole#userId - contains the userId for existing User optional parameters</description>
+ </item>
+
+ <item>
+ <title>4.16 - Deassign User</title>
+ <link>https://directory.apache.org/fortress/user-guide/4.16-deassign-user.html</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>https://directory.apache.org/fortress/user-guide/4.16-deassign-user.html</guid>
+ <description>4.16 - Deassign User void deassignUser(UserRole uRole) throws SecurityException This command deletes the assignment of the User from the Role entity. The command is valid if and only if:
+ the user is a member of the USERS data set the role is a member of the ROLES data set the user is assigned to the role. required parameters:
+ UserRole#name - contains the name for already existing Role to be deassigned UserRole#userId - contains the userId for existing User Throws:</description>
+ </item>
+
+ <item>
+ <title>4.17 - Grant Permission</title>
+ <link>https://directory.apache.org/fortress/user-guide/4.17-grant-permission.html</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>https://directory.apache.org/fortress/user-guide/4.17-grant-permission.html</guid>
+ <description>4.17 - Grant Permission void grantPermission(Permission perm, Role role) throws SecurityException This command grants a role the permission to perform an operation on an object to a role. The command is implemented by granting permission by setting the access control list of the object involved. The command is valid if and only if the pair (object, operation) represents a permission, and the role is a member of the ROLES data set.</description>
+ </item>
+
+ <item>
+ <title>4.18 - Revoke Permission</title>
+ <link>https://directory.apache.org/fortress/user-guide/4.18-revoke-permission.html</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>https://directory.apache.org/fortress/user-guide/4.18-revoke-permission.html</guid>
+ <description>4.14 - Revoke Permission void revokePermission(Permission perm, Role role) throws SecurityException This command revokes the permission to perform an operation on an object from the set of permissions assigned to a role. The command is implemented by setting the access control list of the object involved. The command is valid if and only if the pair (object, operation) represents a permission, the role is a member of the ROLES data set, and the permission is assigned t [...]
+ </item>
+
<item>
<title>4.2 - Authenticate with Studio</title>
<link>https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html</link>
diff --git a/content/sitemap.xml b/content/sitemap.xml
index 060e9141..59df4930 100644
--- a/content/sitemap.xml
+++ b/content/sitemap.xml
@@ -714,7 +714,7 @@
<url>
<loc>https://directory.apache.org/fortress/user-guide/4-fortress-code-samples.html</loc>
- <lastmod>2022-07-27T17:15:20-05:00</lastmod>
+ <lastmod>2022-07-27T23:30:52-05:00</lastmod>
</url>
<url>
@@ -859,7 +859,27 @@
<url>
<loc>https://directory.apache.org/fortress/user-guide/4.14-delete-permission.html</loc>
- <lastmod>2022-07-27T17:22:34-05:00</lastmod>
+ <lastmod>2022-07-27T23:30:52-05:00</lastmod>
+ </url>
+
+ <url>
+ <loc>https://directory.apache.org/fortress/user-guide/4.15-assign-user.html</loc>
+ <lastmod>2022-07-27T23:30:52-05:00</lastmod>
+ </url>
+
+ <url>
+ <loc>https://directory.apache.org/fortress/user-guide/4.16-deassign-user.html</loc>
+ <lastmod>2022-07-27T23:30:52-05:00</lastmod>
+ </url>
+
+ <url>
+ <loc>https://directory.apache.org/fortress/user-guide/4.17-grant-permission.html</loc>
+ <lastmod>2022-07-27T23:30:52-05:00</lastmod>
+ </url>
+
+ <url>
+ <loc>https://directory.apache.org/fortress/user-guide/4.18-revoke-permission.html</loc>
+ <lastmod>2022-07-27T23:30:52-05:00</lastmod>
</url>
<url>
@@ -1874,7 +1894,7 @@
<url>
<loc>https://directory.apache.org/fortress.html</loc>
- <lastmod>2022-07-27T17:24:31-05:00</lastmod>
+ <lastmod>2022-07-27T23:30:52-05:00</lastmod>
</url>
<url>
@@ -2379,7 +2399,7 @@
<url>
<loc>https://directory.apache.org/fortress/user-guide.html</loc>
- <lastmod>2022-07-27T17:15:20-05:00</lastmod>
+ <lastmod>2022-07-27T23:30:52-05:00</lastmod>
</url>
<url>