directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [09/11] directory-fortress-enmasse git commit: change package structure and names, pom improvements, license
Date Tue, 11 Nov 2014 20:38:48 GMT
http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/99852b55/src/main/java/org/apache/directory/fortress/rest/FortressService.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/rest/FortressService.java b/src/main/java/org/apache/directory/fortress/rest/FortressService.java
new file mode 100644
index 0000000..b858f2e
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/rest/FortressService.java
@@ -0,0 +1,3421 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.rest;
+
+import org.apache.directory.fortress.core.rest.FortRequest;
+import org.apache.directory.fortress.core.rest.FortResponse;
+
+/**
+ * Interface for EnMasse Service methods.
+ *
+ * @author Shawn McKinney
+ */
+public interface FortressService
+{
+    // AdminMgr
+
+    /**
+     * This command creates a new RBAC user. The command is valid only if the new user is
+     * not already a member of the USERS data set. The USER data set is updated. The new user
+     * does not own any session at the time of its creation.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+     * <h5>User required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#password} - used to authenticate the User</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#ou} - contains the name of an already existing User OU node</li>
+     * </ul>
+     * <h5>User optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#cn} - maps to INetOrgPerson common name attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#sn} - maps to INetOrgPerson surname attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#description} - maps to INetOrgPerson description attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber  attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#beginTime} - HHMM - determines begin hour user may activate session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#endTime} - HHMM - determines end hour user may activate session.</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#timeout} - number in seconds of session inactivity time allowed</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'.  e.g. mykey1:myvalue1</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#roles} * - multi-occurring attribute contains the name of already existing role to assign to user</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#adminRoles} * - multi-occurring attribute contains the name of already existing adminRole to assign to user</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse addUser(FortRequest request);
+
+    /**
+     * This command deletes an existing user from the RBAC database. The command is valid
+     * if and only if the user to be deleted is a member of the USERS data set. The USERS and
+     * UA data sets and the assigned_users function are updated.
+     * This method performs a "hard" delete.  It completely removes all data associated with this user from the directory.
+     * User entity must exist in directory prior to making this call else exception will be thrown.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+     * <h5>User required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse deleteUser(FortRequest request);
+
+    /**
+     * This command deletes an existing user from the RBAC database. The command is valid
+     * if and only if the user to be deleted is a member of the USERS data set. The USERS and
+     * UA data sets and the assigned_users function are updated.
+     * Method performs a "soft" delete.  It performs the following:
+     * - sets the user status to "deleted"
+     * - deassigns all roles from the user
+     * - locks the user's password in LDAP
+     * - revokes all perms that have been granted to user entity.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+     * <h5>User required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse disableUser(FortRequest request);
+
+    /**
+     * This method performs an update on User entity in directory.  Prior to making this call the entity must exist in
+     * directory.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+     * <h5>User required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+     * </ul>
+     * <h5>User optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#password} - used to authenticate the User</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#ou} - contains the name of an already existing User OU node</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#cn} - maps to INetOrgPerson common name attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#sn} - maps to INetOrgPerson surname attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#description} - maps to INetOrgPerson description attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber  attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#beginTime} - HHMM - determines begin hour user may activate session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#endTime} - HHMM - determines end hour user may activate session.</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#timeout} - number in seconds of session inactivity time allowed</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'.  e.g. mykey1:myvalue1</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#roles} * - multi-occurring attribute contains the name of already existing role to assign to user</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#adminRoles} * - multi-occurring attribute contains the name of already existing adminRole to assign to user</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse updateUser(FortRequest request);
+
+    /**
+     * Method will change user's password.  This method will evaluate user's password policies.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+     * <h5>User required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#password} - contains the User's old password</li>
+     * <li>newPassword - contains the User's new password</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse changePassword(FortRequest request);
+
+    /**
+     * Method will lock user's password which will prevent the user from authenticating with directory.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+     * <h5>User required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse lockUserAccount(FortRequest request);
+
+    /**
+     * Method will unlock user's password which will enable user to authenticate with directory.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+     * <h5>User required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse unlockUserAccount(FortRequest request);
+
+    /**
+     * Method will reset user's password which will require user to change password before successful authentication with directory.
+     * This method will not evaluate password policies on the new user password as it must be changed before use.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} object</li>
+     * <h5>User required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
+     * <li>newPassword - contains the User's new password</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse resetPassword(FortRequest request);
+
+    /**
+     * This command creates a new role. The command is valid if and only if the new role is not
+     * already a member of the ROLES data set. The ROLES data set is updated.
+     * Initially, no user or permission is assigned to the new role.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} object</li>
+     * <h4>Role required parameters</h4>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to be created.</li>
+     * </ul>
+     * </ul>
+     * <h4>Role optional parameters</h4>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#description} - maps to description attribute on organizationalRole object class</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse addRole(FortRequest request);
+
+    /**
+     * This command deletes an existing role from the RBAC database. The command is valid
+     * if and only if the role to be deleted is a member of the ROLES data set.  This command will
+     * also deassign role from all users.
+     * <p/>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} object</li>
+     * <h4>Role required parameters</h4>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to be removed.</li>
+     * </ul>
+     * <ul>
+     * <h4>Role optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse deleteRole(FortRequest request);
+
+    /**
+     * Method will update a Role entity in the directory.  The role must exist in role container prior to this call.     *
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} object</li>
+     * <h4>Role required parameters</h4>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to be updated.</li>
+     * </ul>
+     * <h4>Role optional parameters</h4>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#description} - maps to description attribute on organizationalRole object class</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse updateRole(FortRequest request);
+
+    /**
+     * This command assigns a user to a role.
+     * <p>
+     * <ul>
+     * <li> The command is valid if and only if:
+     * <li> The user is a member of the USERS data set
+     * <li> The role is a member of the ROLES data set
+     * <li> The user is not already assigned to the role
+     * <li> The SSD constraints are satisfied after assignment.
+     * </ul>
+     * </p>
+     * <p>
+     * Successful completion of this op, the following occurs:
+     * </p>
+     * <ul>
+     * <li> User entity (resides in people container) has role assignment added to aux object class attached to actual user record.
+     * <li> Role entity (resides in role container) has userId added as role occupant.
+     * <li> (optional) Temporal constraints may be associated with <code>ftUserAttrs</code> aux object class based on:
+     * <ul>
+     * <li> timeout - number in seconds of session inactivity time allowed.
+     * <li> beginDate - YYYYMMDD - determines date when role may be activated.
+     * <li> endDate - YYMMDD - indicates latest date role may be activated.
+     * <li> beginLockDate - YYYYMMDD - determines beginning of enforced inactive status
+     * <li> endLockDate - YYMMDD - determines end of enforced inactive status.
+     * <li> beginTime - HHMM - determines begin hour role may be activated in user's session.
+     * <li> endTime - HHMM - determines end hour role may be activated in user's session.*
+     * <li> dayMask - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of week role may be activated.
+     * </ul>
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.UserRole} object</li>
+     * <h5>UserRole required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#name} - contains the name for already existing Role to be assigned</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#userId} - contains the userId for existing User</li>
+     * </ul>
+     * <h5>UserRole optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse assignUser(FortRequest request);
+
+    /**
+     * This command deletes the assignment of the User from the Role entities. The command is
+     * valid if and only if the user is a member of the USERS data set, the role is a member of
+     * the ROLES data set, and the user is assigned to the role.
+     * Any sessions that currently have this role activated will not be effected.
+     * Successful completion includes:
+     * User entity in USER data set has role assignment removed.
+     * Role entity in ROLE data set has userId removed as role occupant.
+     * (optional) Temporal constraints will be removed from user aux object if set prior to call.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.UserRole} object</li>
+     * <h5>UserRole required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#name} - contains the name for already existing Role to be deassigned</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.UserRole#userId} - contains the userId for existing User</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse deassignUser(FortRequest request);
+
+    /**
+     * This method will add permission operation to an existing permission object which resides under {@code ou=Permissions,ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
+     * The perm operation entity may have {@link org.apache.directory.fortress.core.rbac.Role} or {@link org.apache.directory.fortress.core.rbac.User} associations.  The target {@link org.apache.directory.fortress.core.rbac.Permission} must not exist prior to calling.
+     * A Fortress Permission instance exists in a hierarchical, one-many relationship between its parent and itself as stored in ldap tree: ({@link org.apache.directory.fortress.core.rbac.PermObj}*->{@link org.apache.directory.fortress.core.rbac.Permission}).
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} object</li>
+     * <h5>Permission required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objectName} - contains the name of existing object being targeted for the permission add</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of new permission operation being added</li>
+     * </ul>
+     * <h5>Permission optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#props} * - multi-occurring property key and values are separated with a ':'.  e.g. mykey1:myvalue1</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#type} - any safe text</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse addPermission(FortRequest request);
+
+    /**
+     * This method will update permission operation pre-existing in target directory under {@code ou=Permissions,ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
+     * The perm operation entity may also contain {@link org.apache.directory.fortress.core.rbac.Role} or {@link org.apache.directory.fortress.core.rbac.User} associations to add or remove using this function.
+     * The perm operation must exist before making this call.  Only non-null attributes will be updated.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} object</li>
+     * <h5>Permission required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objectName} - contains the name of existing object being targeted for the permission update</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of new permission operation being updated</li>
+     * </ul>
+     * <h5>Permission optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#props} * - multi-occurring property key and values are separated with a ':'.  e.g. mykey1:myvalue1</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#type} - any safe text</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse updatePermission(FortRequest request);
+
+    /**
+     * This method will remove permission operation entity from permission object. A Fortress permission is (object->operation).
+     * The perm operation must exist before making this call.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} object</li>
+     * <h5>Permission required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objectName} - contains the name of existing object being targeted for the permission removal</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of new permission operation being deleted</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse deletePermission(FortRequest request);
+
+    /**
+     * This method will add permission object to perms container in directory. The perm object must not exist before making this call.
+     * A {@link org.apache.directory.fortress.core.rbac.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.apache.directory.fortress.core.rbac.PermObj}*->{@link org.apache.directory.fortress.core.rbac.Permission}).
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+     * <h5>PermObj required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objectName} - contains the name of new object being added</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
+     * </ul>
+     * <h5>PermObj optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#description} - any safe text</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#type} - contains any safe text</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#props} * - multi-occurring property key and values are separated with a ':'.  e.g. mykey1:myvalue1</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse addPermObj(FortRequest request);
+
+    /**
+     * This method will update permission object in perms container in directory.  The perm object must exist before making this call.
+     * A {@link org.apache.directory.fortress.core.rbac.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.apache.directory.fortress.core.rbac.PermObj}*->{@link org.apache.directory.fortress.core.rbac.Permission}).
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+     * <h5>PermObj required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objectName} - contains the name of new object being updated</li>
+     * </ul>
+     * <h5>PermObj optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#description} - any safe text</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#type} - contains any safe text</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#props} * - multi-occurring property key and values are separated with a ':'.  e.g. mykey1:myvalue1</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse updatePermObj(FortRequest request);
+
+    /**
+     * This method will remove permission object to perms container in directory.  This method will also remove
+     * in associated permission objects that are attached to this object.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+     * <h5>PermObj required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objectName} - contains the name of new object being removed</li>
+     * </ul>
+     * </ul>
+     * <h5>optional parameters</h5>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse deletePermObj(FortRequest request);
+
+    /**
+     * This command grants a role the permission to perform an operation on an object to a role.
+     * The command is implemented by granting permission by setting the access control list of
+     * the object involved.
+     * The command is valid if and only if the pair (operation, object) represents a permission,
+     * and the role is a member of the ROLES data set.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+     * <h5>PermGrant required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#roleNm} - contains the role name</li>
+     * </ul>
+     * <h5>PermGrant optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse grant(FortRequest request);
+
+    /**
+     * This command revokes the permission to perform an operation on an object from the set
+     * of permissions assigned to a role. The command is implemented by setting the access control
+     * list of the object involved.
+     * The command is valid if and only if the pair (operation, object) represents a permission,
+     * the role is a member of the ROLES data set, and the permission is assigned to that role.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+     * <h5>PermGrant required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#roleNm} - contains the role name</li>
+     * </ul>
+     * <h5>PermGrant optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse revoke(FortRequest request);
+
+    /**
+     * This command grants a user the permission to perform an operation on an object to a role.
+     * The command is implemented by granting permission by setting the access control list of
+     * the object involved.
+     * The command is valid if and only if the pair (operation, object) represents a permission,
+     * and the user is a member of the USERS data set.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+     * <h5>PermGrant required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#userId} - contains the userId for existing User</li>
+     * </ul>
+     * <h5>PermGrant optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse grantUser(FortRequest request);
+
+    /**
+     * This command revokes the permission to perform an operation on an object from the set
+     * of permissions assigned to a user. The command is implemented by setting the access control
+     * list of the object involved.
+     * The command is valid if and only if the pair (operation, object) represents a permission,
+     * the user is a member of the USERS data set, and the permission is assigned to that user.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermGrant} entity</li>
+     * <h5>PermGrant required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objName} - contains the object name</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#opName} - contains the operation name</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#userId} - contains the userId for existing User</li>
+     * </ul>
+     * <h5>PermGrant optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermGrant#objId} - contains the object id</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse revokeUser(FortRequest request);
+
+    /**
+     * This commands creates a new role childRole, and inserts it in the role hierarchy as an immediate descendant of
+     * the existing role parentRole.
+     * <p>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The childRole is not a member of the ROLES data set.
+     * <li> The parentRole is a member of the ROLES data set.
+     * </ul>
+     * </p>
+     * <p> This method:
+     * <ul>
+     * <li> Adds new role.
+     * <li> Assigns role relationship between new childRole and pre-existing parentRole.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+     * <h5>RoleRelationship required parameters</h5>
+     * <ul>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of existing parent role</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of new child role</li>
+     * </ul>
+     * <h5>optional parameters {@link org.apache.directory.fortress.core.rbac.RoleRelationship#child}</h5>
+     * <ul>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#description} - maps to description attribute on organizationalRole object class for new child</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session for new child</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#endTime} - HHMM - determines end hour role may be activated into user's RBAC session for new child</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session for new child</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session for new child</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new child</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new child</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session for new child</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse addDescendant(FortRequest request);
+
+    /**
+     * This commands creates a new role parentRole, and inserts it in the role hierarchy as an immediate ascendant of
+     * the existing role childRole.
+     * <p>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The parentRole is not a member of the ROLES data set.
+     * <li> The childRole is a member of the ROLES data set.
+     * </ul>
+     * </p>
+     * <p> This method:
+     * <ul>
+     * <li> Adds new role.
+     * <li> Assigns role relationship between new parentRole and pre-existing childRole.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+     * <h5>RoleRelationship required parameters</h5>
+     * <ul>
+     * <li>childRole - {@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of existing child Role</li>
+     * <li>parentRole - {@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of new Role to be parent</li>
+     * </ul>
+     * <h5>optional parameters {@link org.apache.directory.fortress.core.rbac.RoleRelationship#parent}</h5>
+     * <ul>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#description} - maps to description attribute on organizationalRole object class for new parent</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session for new parent</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#endTime} - HHMM - determines end hour role may be activated into user's RBAC session for new parent</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session for new parent</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session for new parent</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new parent</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new parent</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's RBAC session for new parent</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse addAscendant(FortRequest request);
+
+    /**
+     * This commands establishes a new immediate inheritance relationship parentRole <<-- childRole between existing
+     * roles parentRole, childRole.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The parentRole and childRole are members of the ROLES data set.
+     * <li> The parentRole is not an immediate ascendant of childRole.
+     * <li> The childRole does not properly inherit parentRole (in order to avoid cycle creation).
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+     * <h5>RoleRelationship required parameters</h5>
+     * <ul>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of existing role to be parent</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of existing role to be child</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse addInheritance(FortRequest request);
+
+    /**
+     * This command deletes an existing immediate inheritance relationship parentRole <<-- childRole.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The roles parentRole and childRole are members of the ROLES data set.
+     * <li> The parentRole is an immediate ascendant of childRole.
+     * <li> The new inheritance relation is computed as the reflexive-transitive closure of the immediate inheritance
+     * relation resulted after deleting the relationship parentRole <<-- childRole.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.RoleRelationship} entity</li>
+     * <h5>RoleRelationship required parameters</h5>
+     * <ul>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#parent#name} - contains the name of existing Role to remove parent relationship</li>
+     * <li>{@code org.apache.directory.fortress.core.rbac.RoleRelationship#child#name} - contains the name of existing Role to remove child relationship</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}
+     */
+    public FortResponse deleteInheritance(FortRequest request);
+
+    /**
+     * This command creates a named SSD set of roles and sets the cardinality n of its subsets
+     * that cannot have common users.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li>The name of the SSD set is not already in use.
+     * <li> All the roles in the SSD set are members of the ROLES data set.
+     * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
+     * <li> The SSD constraint for the new role set is satisfied.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of new SSD role set to be added</li>
+     * </ul>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    public FortResponse createSsdSet(FortRequest request);
+
+    /**
+     * This command updates existing SSD set of roles and sets the cardinality n of its subsets
+     * that cannot have common users.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li>The name of the SSD set exists in directory.
+     * <li> All the roles in the SSD set are members of the ROLES data set.
+     * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the SSD role set.
+     * <li> The SSD constraint for the new role set is satisfied.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set to be modified</li>
+     * </ul>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    public FortResponse updateSsdSet(FortRequest request);
+
+    /**
+     * This command adds a role to a named SSD set of roles. The cardinality associated with the role set remains unchanged.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The SSD role set exists.
+     * <li> The role to be added is a member of the ROLES data set but not of a member of the SSD role set.
+     * <li> The SSD constraint is satisfied after the addition of the role to the SSD role set.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#value} - contains the Role name to add as member to SSD set</li>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    public FortResponse addSsdRoleMember(FortRequest request);
+
+    /**
+     * This command removes a role from a named SSD set of roles. The cardinality associated with the role set remains unchanged.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The SSD role set exists.
+     * <li> The role to be removed is a member of the SSD role set.
+     * <li> The cardinality associated with the SSD role set is less than the number of elements of the SSD role set.
+     * </ul>
+     * Note that the SSD constraint should be satisfied after the removal of the role from the SSD role set.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#value} - contains the Role name to remove as member to SSD set</li>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    public FortResponse deleteSsdRoleMember(FortRequest request);
+
+    /**
+     * This command deletes a SSD role set completely. The command is valid if and only if the SSD role set exists.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for removal</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    public FortResponse deleteSsdSet(FortRequest request);
+
+    /**
+     * This command sets the cardinality associated with a given SSD role set.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The SSD role set exists.
+     * <li> The new cardinality is a natural number greater than or equal to 2 and less than or equal to the number of elements of the SSD role set.
+     * <li> The SSD constraint is satisfied after setting the new cardinality.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set targeted for update</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - contains new cardinality setting for SSD</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    public FortResponse setSsdSetCardinality(FortRequest request);
+
+    /**
+     * This command creates a named DSD set of roles and sets the cardinality n of its subsets
+     * that cannot have common users.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li>The name of the DSD set is not already in use.
+     * <li> All the roles in the DSD set are members of the ROLES data set.
+     * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the DSD role set.
+     * <li> The DSD constraint for the new role set is satisfied.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of new DSD role set to be added</li>
+     * </ul>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    public FortResponse createDsdSet(FortRequest request);
+
+    /**
+     * This command updates existing DSD set of roles and sets the cardinality n of its subsets
+     * that cannot have common users.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li>The name of the DSD set exists in directory.
+     * <li> All the roles in the DSD set are members of the ROLES data set.
+     * <li> n is a natural number greater than or equal to 2 and less than or equal to the cardinality of the DSD role set.
+     * <li> The DSD constraint for the new role set is satisfied.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing SSD role set to be modified</li>
+     * </ul>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be assigned to User from a particular set</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    public FortResponse updateDsdSet(FortRequest request);
+
+    /**
+     * This command adds a role to a named DSD set of roles. The cardinality associated with the role set remains unchanged.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The DSD role set exists.
+     * <li> The role to be added is a member of the ROLES data set but not of a member of the DSD role set.
+     * <li> The DSD constraint is satisfied after the addition of the role to the DSD role set.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#value} - contains the Role name to add as member to DSD set</li>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    public FortResponse addDsdRoleMember(FortRequest request);
+
+    /**
+     * This command removes a role from a named DSD set of roles. The cardinality associated with the role set remains unchanged.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The DSD role set exists.
+     * <li> The role to be removed is a member of the DSD role set.
+     * <li> The cardinality associated with the DSD role set is less than the number of elements of the DSD role set.
+     * </ul>
+     * Note that the DSD constraint should be satisfied after the removal of the role from the DSD role set.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#value} - contains the Role name to remove as member to DSD set</li>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    public FortResponse deleteDsdRoleMember(FortRequest request);
+
+    /**
+     * This command deletes a DSD role set completely. The command is valid if and only if the DSD role set exists.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for removal</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    public FortResponse deleteDsdSet(FortRequest request);
+
+    /**
+     * This command sets the cardinality associated with a given DSD role set.
+     * <p/>
+     * The command is valid if and only if:
+     * <ul>
+     * <li> The DSD role set exists.
+     * <li> The new cardinality is a natural number greater than or equal to 2 and less than or equal to the number of elements of the DSD role set.
+     * <li> The DSD constraint is satisfied after setting the new cardinality.
+     * </ul>
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.SDSet} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of existing DSD role set targeted for update</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - contains new cardinality setting for DSD</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.SDSet}
+     */
+    public FortResponse setDsdSetCardinality(FortRequest request);
+
+    // ReviewMgr
+
+    /**
+     * This method returns a matching permission entity to caller.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.Permission} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objectName} - contains the name of existing object being targeted</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of existing permission operation</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission}
+     */
+    public FortResponse readPermission(FortRequest request);
+
+    /**
+     * Method reads permission object from perm container in directory.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.PermObj} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objectName} - contains the name of existing object being targeted</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj}
+     */
+    public FortResponse readPermObj(FortRequest request);
+
+    /**
+     * Method returns a list of type Permission that match the perm object search string.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.Permission} optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objectName} - contains one or more characters of existing object being targeted</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains one or more characters of existing permission operation</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.Permission}
+     */
+    public FortResponse findPermissions(FortRequest request);
+
+    /**
+     * Method returns a list of type Permission that match the perm object search string.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.PermObj} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.PermObj} optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objectName} - contains one or more characters of existing object being targeted</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.PermObj}
+     */
+    public FortResponse findPermObjs(FortRequest request);
+
+    /**
+     * Method reads Role entity from the role container in directory.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.Role} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to read.</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.Role}
+     */
+    public FortResponse readRole(FortRequest request);
+
+    /**
+     * Method will return a list of type Role matching all or part of {@link org.apache.directory.fortress.core.rbac.Role#name}.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#value} - contains all or some of the chars corresponding to role entities stored in directory.</li>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.Role}
+     */
+    public FortResponse findRoles(FortRequest request);
+
+    /**
+     * Method returns matching User entity that is contained within the people container in the directory.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.User} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - contains the userId associated with the User object targeted for read.</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entity} contains a reference to {@link org.apache.directory.fortress.core.rbac.User}
+     */
+    public FortResponse readUser(FortRequest request);
+
+    /**
+     * Return a list of type User of all users in the people container that match all or part of the {@link org.apache.directory.fortress.core.rbac.User#userId} or {@link org.apache.directory.fortress.core.rbac.User#ou} fields passed in User entity.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.User} optional parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - contains all or some leading chars that match userId(s) stored in the directory.</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#ou} - contains one or more characters of org unit associated with existing object(s) being targeted</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.User}
+     */
+    public FortResponse findUsers(FortRequest request);
+
+    /**
+     * This method returns the data set of all users who are assigned the given role.  This searches the User data set for
+     * Role relationship.  This method does NOT search for hierarchical RBAC Roles relationships.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.Role} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role targeted for search.</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.User}
+     */
+    public FortResponse assignedUsers(FortRequest request);
+
+    /**
+     * This function returns the set of roles assigned to a given user. The function is valid if and
+     * only if the user is a member of the USERS data set.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.User} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - contains the userId associated with the User object targeted for search.</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.UserRole}
+     */
+    public FortResponse assignedRoles(FortRequest request);
+
+    /**
+     * This function returns the set of users authorized to a given role, i.e., the users that are assigned to a role that
+     * inherits the given role. The function is valid if and only if the given role is a member of the ROLES data set.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.Role} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role targeted for search.</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#entities} contains a reference to a List of type {@link org.apache.directory.fortress.core.rbac.User}
+     */
+    public FortResponse authorizedUsers(FortRequest request);
+
+    /**
+     * This function returns the set of roles authorized for a given user. The function is valid if
+     * and only if the user is a member of the USERS data set.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.User} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.User} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - contains the userId associated with the User object targeted for search.</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#values} contains a reference to a List of type String containing the User's authorized role names.
+     */
+    public FortResponse authorizedRoles(FortRequest request);
+
+    /**
+     * Return a list of type String of all roles that have granted a particular permission.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Permission} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.Permission} required parameters</h5>
+     * <ul>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objectName} - contains the name of existing object being targeted</li>
+     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of existing permission operation</li>
+     * </ul>
+     * </ul>
+     * <h4>optional parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#session} - contains a reference to administrative session and if included service will enforce ARBAC constraints</li>
+     * </ul>
+     *
+     * @param request contains a reference to {@code FortRequest}
+     * @return reference to {@code FortResponse}, {@link FortResponse#values} contains a reference to a List of type String containing role names that permission has been granted to.
+     */
+    public FortResponse permissionRoles(FortRequest request);
+
+    /**
+     * This function returns the set of all permissions (op, obj), granted to or inherited by a
+     * given role. The function is valid if and only if the role is a member of the ROLES data
+     * set.
+     * <h4>required parameters</h4>
+     * <ul>
+     * <li>{@link FortRequest#entity} - contains a reference to {@link org.apache.directory.fortress.core.rbac.Role} entity</li>
+     * <h5>{@link org.apache.directory.fortress.core.rbac.Role} requ

<TRUNCATED>

Mime
View raw message