top of page
  • Shawn McKinney

What Are Temporal Constraints?


Ability to control when an entity activation occurs based on time and date criteria. Temporal constraints are typically applied during User and Role activation as part of an authentication or authorization check.


Can be used to limit when a User may log onto or activate a particular Role within a security domain. Follows the principle of least privilege as it ensures access rights are only granted when appropriate.


There may be policies to control what dates, times, and days of week a User may access a particular area of the system and in what Role. Can also be used to enforce a lockout period when the User is inactive or otherwise away for an extended period of time.


Fortress allows constraints to be applied onto both User and Role entities. There are rules that fire during an activation event (any policy enforcement API call):

  1. Can the entity be active on this Date?

  2. Is the entity within a lockout period?

  3. Has the entity exceeded a particular inactive period?

  4. Can the entity be used at this time?

  5. Can the entity be used on this day?

  6. Are there mutual exclusion constraints that prevent activating this entity? (Roles Only)

These temporal constraint rules are pluggable and may be added, overridden or removed.

127 views0 comments

Recent Posts

See All

OpenLDAP & LMDB Sizing Guide

Jan 17, 2022 Introduction Symas OpenLDAP configured with LMDB has been extensively tested and its performance characteristics are well understood. Both OpenLDAP and LMDB’s scaling characteristics are

Implementing LDAPS in Symas OpenLDAP 2.5+

Please note that the certificates must be in a pem format (.pem or .crt). You will need three certificates: Root CA certificate, server certificate (with the fqdn of server in subject line or in the s


bottom of page