Interface RoleClosureIterator
-
- All Known Implementing Classes:
RoleClosureIteratorImpl
public interface RoleClosureIterator
Allows iterator over the role grant closure defined by the relation GRANT role-a TO role-b, or its inverse.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description java.lang.String
next()
Returns the next (as yet unreturned) role in the transitive closure of the grant or grant-1 relation.
-
-
-
Method Detail
-
next
java.lang.String next() throws StandardException
Returns the next (as yet unreturned) role in the transitive closure of the grant or grant-1 relation. The grant relation forms a DAG (directed acyclic graph).Example: Assume a set of created roles forming nodes: {a1, a2, a3, b, c, d, e, f, h, j} Assume a set of GRANT statements forming arcs: GRANT a1 TO b; GRANT b TO e; GRANT e TO h; GRANT a1 TO c; GRANT e TO f; GRANT a2 TO c; GRANT c TO f; GRANT f TO h; GRANT a3 TO d; GRANT d TO f; GRANT a1 to j; a1 a2 a3 / | \ | | / b +--------> c d j | \ / e---+ \ / \ \ \ / \ \---------+ \ / \ \_ f \ / \ / \ / \ / \ / \ / h
An iterator on the inverse relation starting at h for the above grant graph will return:closure(h, grant-inv) = {h, e, b, a1, f, c, a2, d, a3}
An iterator on normal (not inverse) relation starting at a1 for the above grant graph will return:
closure(a1, grant) = {a1, b, j, e, h, f, c}
- Returns:
- a role name identifying a yet unseen node, or null if the closure is exhausted. The order in which the nodes are returned is not defined, except that the root is always returned first (h and a1 in the above examples).
- Throws:
StandardException
-
-