Interface RoleClosureIterator

All Known Implementing Classes:
RoleClosureIteratorImpl

public interface RoleClosureIterator
Allows iterator over the role grant closure defined by the relation GRANT role-a TO role-b, or its inverse.
See Also:
  • Method Summary

    Modifier and Type
    Method
    Description
    Returns the next (as yet unreturned) role in the transitive closure of the grant or grant-1 relation.
  • Method Details

    • next

      String next() throws StandardException
      Returns the next (as yet unreturned) role in the transitive closure of the grant or grant-1 relation. The grant relation forms a DAG (directed acyclic graph).
       Example:
            Assume a set of created roles forming nodes:
                  {a1, a2, a3, b, c, d, e, f, h, j}
      
            Assume a set of GRANT statements forming arcs:
      
            GRANT a1 TO b;   GRANT b TO e;  GRANT e TO h;
            GRANT a1 TO c;                  GRANT e TO f;
            GRANT a2 TO c;   GRANT c TO f;  GRANT f TO h;
            GRANT a3 TO d;   GRANT d TO f;  GRANT a1 to j;
      
      
                a1            a2         a3
               / | \           |          |
              /  b  +--------> c          d
             j   |              \        /
                 e---+           \      /
                  \   \           \    /
                   \   \---------+ \  /
                    \             \_ f
                     \             /
                      \           /
                       \         /
                        \       /
                         \     /
                          \   /
                            h
       
      An iterator on the inverse relation starting at h for the above grant graph will return:
             closure(h, grant-inv) = {h, e, b, a1, f, c, a2, d, a3}
       

      An iterator on normal (not inverse) relation starting at a1 for the above grant graph will return:

             closure(a1, grant)    = {a1, b, j, e, h, f, c}
       
      Returns:
      a role name identifying a yet unseen node, or null if the closure is exhausted. The order in which the nodes are returned is not defined, except that the root is always returned first (h and a1 in the above examples).
      Throws:
      StandardException