@Override
  public void addGroup(final Group group) throws XMLDBException {
    final SecurityManager manager = pool.getSecurityManager();

    if (!manager.hasAdminPrivileges(user)) {
      throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, " you are not allowed to add role");
    }

    if (manager.hasGroup(group.getName())) {
      throw new XMLDBException(ErrorCodes.VENDOR_ERROR, "group '" + group.getName() + "' exists");
    }

    try {
      executeWithBroker(
          new BrokerOperation<Void>() {
            @Override
            public Void withBroker(DBBroker broker)
                throws XMLDBException, LockException, PermissionDeniedException, IOException,
                    EXistException, TriggerException {
              manager.addGroup(group);
              return null;
            }
          });
    } catch (final Exception e) {
      throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, e.getMessage(), e);
    }
  }
  @Override
  public void setUserPrimaryGroup(final String username, final String groupName)
      throws XMLDBException {
    final SecurityManager manager = pool.getSecurityManager();

    if (!manager.hasGroup(groupName)) {
      throw new XMLDBException(
          ErrorCodes.PERMISSION_DENIED, "Group '" + groupName + "' does not exist!");
    }

    if (!manager.hasAdminPrivileges(user)) {
      throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, "Not allowed to modify user");
    }

    try {
      executeWithBroker(
          new BrokerOperation<Void>() {
            @Override
            public Void withBroker(final DBBroker broker)
                throws XMLDBException, LockException, PermissionDeniedException, IOException,
                    EXistException, TriggerException {
              final Account account = manager.getAccount(username);
              final Group group = manager.getGroup(groupName);
              account.setPrimaryGroup(group);
              manager.updateAccount(account);
              return null;
            }
          });
    } catch (final Exception e) {
      throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, e.getMessage(), e);
    }
  }
  private <R> R modifyResource(
      DBBroker broker, Resource resource, DatabaseItemModifier<DocumentImpl, R> modifier)
      throws XMLDBException, LockException, PermissionDeniedException, EXistException,
          SyntaxException {
    final TransactionManager transact = broker.getBrokerPool().getTransactionManager();
    final Txn transaction = transact.beginTransaction();

    DocumentImpl document = null;
    try {
      document = ((AbstractEXistResource) resource).openDocument(broker, Lock.WRITE_LOCK);
      final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
      if (!document.getPermissions().validate(user, Permission.WRITE)
          && !sm.hasAdminPrivileges(user)) {
        throw new XMLDBException(
            ErrorCodes.PERMISSION_DENIED,
            "you are not the owner of this resource; owner = "
                + document.getPermissions().getOwner());
      }

      final R result = modifier.modify(document);

      broker.storeXMLResource(transaction, document);
      transact.commit(transaction);

      return result;

    } catch (final EXistException ee) {
      transact.abort(transaction);
      throw ee;
    } catch (final XMLDBException xmldbe) {
      transact.abort(transaction);
      throw xmldbe;
    } catch (final LockException le) {
      transact.abort(transaction);
      throw le;
    } catch (final PermissionDeniedException pde) {
      transact.abort(transaction);
      throw pde;
    } catch (final SyntaxException se) {
      transact.abort(transaction);
      throw se;
    } finally {
      transact.close(transaction);
      if (document != null) {
        ((AbstractEXistResource) resource).closeDocument(document, Lock.WRITE_LOCK);
      }
    }
  }