RoleManager

Overview

Package

Class

Use

Tree

Serialized

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.ibm.itim.apps.identity
Class RoleManager

java.lang.Object
  com.ibm.itim.apps.identity.RoleManager

public class RoleManager
extends java.lang.Object
extends java.lang.Object

Provides aggregate role management capabilities. These capabilities include the creation of roles and validation of (dynamic) roles. In general it should be noted that the value object for a static role is represented by the Role class, and the value object for a dynamic role is represented by the DynamicRole class.

See Also:: RoleMO, Role, DynamicRole

Field Summary
`static java.lang.String`	`CREATE_ERROR_FOR_NULL_CONTAINER`
`static java.lang.String`	`CREATE_ERROR_FOR_NULL_SCOPE`
`static java.lang.String`	`GET_ROLE_ERROR`

Constructor Summary
`RoleManager(PlatformContext platform, javax.security.auth.Subject subject)` Constructs the manager with a platform context and a subject.

Method Summary
`DistinguishedName`	`createRole(OrganizationalContainerMO container, Role subject)` Deprecated. This method creates only static role. This method will be removed in the next major release. Use `createRole(OrganizationalContainerMO, Role, Date)` instead.
`Request`	`createRole(OrganizationalContainerMO container, Role subject, java.util.Date scheduledTime)` Creates a role in the provisioning platform with the specified attributes within the given container.
`Request`	`createRole(OrganizationalContainerMO container, Role subject, java.util.Set<RoleAssignmentAttribute> assignmentAttributes, java.util.Date scheduledTime)` Creates a role in the provisioning platform with the specified attributes in the given container.
`java.util.Set<RoleAssignmentAttribute>`	`getAllAssignmentAttributes(java.util.Set<DistinguishedName> roles)` Returns all role assignment attributes for a set of roles.
`RoleMO`	`getRoleByURI(OrganizationalContainerMO container, java.lang.String uri)` Returns the role for the given Uniform Resource Identifier (URI) within the specified parent container.
`java.util.Collection`	`getRoles(OrganizationalContainerMO container, java.lang.String name)` Returns the role(s) with the name within the given parent container.
`java.util.Collection`	`getRoles(OrganizationalContainerMO parent, java.lang.String attributeName, java.lang.Object attributeValue)` Returns the roles that match the specified attribute within the parent container.
`void`	`getRoles(OrganizationalContainerMO parent, java.lang.String attributeName, java.lang.Object attributeValue, SearchResultsMO results)` * Returns the roles that match the specified attribute within the parent container.

Methods inherited from class java.lang.Object
`equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

CREATE_ERROR_FOR_NULL_CONTAINER

public static final java.lang.String CREATE_ERROR_FOR_NULL_CONTAINER

See Also:: Constant Field Values

GET_ROLE_ERROR

public static final java.lang.String GET_ROLE_ERROR

See Also:: Constant Field Values

CREATE_ERROR_FOR_NULL_SCOPE

public static final java.lang.String CREATE_ERROR_FOR_NULL_SCOPE

See Also:: Constant Field Values

Constructor Detail

RoleManager

public RoleManager(PlatformContext platform,
                   javax.security.auth.Subject subject)

Constructs the manager with a platform context and a subject.

Parameters:: platform - PlatformContext holding platform connection information.; subject - Subject representing the authenticated caller.

Method Detail

createRole

public Request createRole(OrganizationalContainerMO container,
                          Role subject,
                          java.util.Date scheduledTime)
                   throws java.rmi.RemoteException,
                          AuthorizationException,
                          SchemaViolationException,
                          ApplicationException

Creates a role in the provisioning platform with the specified attributes within the given container.

Parameters:: container - OrganizationalContainerMO within which the the role will be placed.; subject - Role value object defining the attributes the role will have. Note that this can be a Role for a static role, or a DynamicRole for a dynamic role. Set the eraccessdescription attribute to create a role accesss description in the Identity Service Center access catalog. If the eraccessdescription attribute is not provided, the role's description value will be copied to eraccessdescription attribute and synchronized to the access catalog.; scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine. This parameter is applicable only for dynamic roles. The parameter may be null if Role represents a static role.
Returns:: Request object representing the operation's status. NULL when it's an organizational role creation. Creation of an organization role is a synchronous operation.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with platform.; AuthorizationException - Thrown if client is unauthorized to create the role in the given container.; SchemaViolationException - Thrown if any of the attributes in the value object are violate the managed object's schema. This may be caused by an invalid attribute or if a required attribute is missing entirely.; ApplicationException - Thrown if unable to submit the request. This may possibly be caused by the container being removed by another client previous to this call.

createRole

public Request createRole(OrganizationalContainerMO container,
                          Role subject,
                          java.util.Set<RoleAssignmentAttribute> assignmentAttributes,
                          java.util.Date scheduledTime)
                   throws java.rmi.RemoteException,
                          AuthorizationException,
                          SchemaViolationException,
                          ApplicationException

Creates a role in the provisioning platform with the specified attributes in the given container.

Parameters:: container - OrganizationalContainerMO in which the the role will be placed.; subject - Role value object defining the attributes the role will have. Note that this can be a Role for a static role, or a DynamicRole for a dynamic role. Set the eraccessdescription attribute to create a role accesss description in the Identity Service Center access catalog. If the eraccessdescription attribute is not provided, the role's description value will be copied to eraccessdescription attribute and synchronized to the access catalog.; assignmentAttributes - The set of RoleAssignmentAttribute objects that represents the role assignment attribute. Only the name of RoleAssignmentAttribute is used. This parameter is applicable only for static roles. This parameter is ignored for the dynamic role. The parameter may be null to be ignored.; scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. If this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine. This parameter is applicable only for dynamic roles. The parameter may be null if Role represents a static role.
Returns:: Request object representing the operation's status. NULL when it's an organizational role creation. Creation of an organization role is a synchronous operation.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with platform.; AuthorizationException - Thrown if client is unauthorized to create the role in the given container.; SchemaViolationException - Thrown if any of the attributes in the value object are violate the managed object's schema. This may be caused by an invalid attribute or if a required attribute is missing.; ApplicationException - Thrown if unable to submit the request. This may be caused if the container was removed by another client previous to this call.
Since:: 6.0

createRole

public DistinguishedName createRole(OrganizationalContainerMO container,
                                    Role subject)
                             throws java.rmi.RemoteException,
                                    AuthorizationException,
                                    SchemaViolationException,
                                    ApplicationException

Deprecated. This method creates only static role. This method will be removed in the next major release. Use createRole(OrganizationalContainerMO, Role, Date) instead.

Throws:: java.rmi.RemoteException; AuthorizationException; SchemaViolationException; ApplicationException

getRoles

public java.util.Collection getRoles(OrganizationalContainerMO container,
                                     java.lang.String name)
                              throws java.rmi.RemoteException,
                                     ApplicationException

Returns the role(s) with the name within the given parent container. Note, if the client is unauthorized to view (search) a role that matches this criteria, it will be filtered out of the return list and no AuthorizationException will be thrown.

Parameters:: container - OrganizationalContainerMO representing the parent container to scope the search. In a single-tenant deployment, null can be specified to indicate the entire tree should be searched. In a multi-tenant deployment, an OrganizationalContainerMO object must be provided that represents the root of the tenant.; name - Name of the role(s) to return.
Returns:: Collection of RoleMO's representing the matching roles.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with platform.; ApplicationException - Thrown if unable to obtain the roles. This may possibly be caused by the container being removed by another client previous to this call.

getRoles

public java.util.Collection getRoles(OrganizationalContainerMO parent,
                                     java.lang.String attributeName,
                                     java.lang.Object attributeValue)
                              throws java.rmi.RemoteException,
                                     ApplicationException

Returns the roles that match the specified attribute within the parent container. However, if the client does not have the required permissions to view (search) a role that matches this criteria, the API filters the return list and no AuthorizationException is thrown.

Parameters:: parent - OrganizationalContainerMO representing the parent container to scope the search. In a single-tenant deployment, null can be specified to indicate the entire tree must be searched. In a multi-tenant deployment, an OrganizationalContainerMO object must be provided that represents the root of the tenant.; attributeName - Name of attribute to match with.; attributeValue - Value of the attribute to match with. Use * as the first or last, or both (first and last) character of a String value if a "contains" expression is required.
Returns:: Collection of RoleMO's representing the matching role(s).
Throws:: java.rmi.RemoteException - Thrown if the API is unable to communicate with the platform.; ApplicationException - 1. Thrown if the API is unable to obtain the role. This might occur if the parent container is removed by another client previous to this call. 2. Thrown when either the attributeName or the attributeValue parameter is null.

getRoles

public void getRoles(OrganizationalContainerMO parent,
                     java.lang.String attributeName,
                     java.lang.Object attributeValue,
                     SearchResultsMO results)
              throws java.rmi.RemoteException,
                     ApplicationException

* Returns the roles that match the specified attribute within the parent container. However, if the client does not have the required permissions to view (search) a role that matches this criteria, the API filters the return list and no AuthorizationException is thrown.

Parameters:: parent - OrganizationalContainerMO representing the parent container to scope the search. In a single-tenant deployment, null can be specified to indicate the entire tree must be searched. In a multi-tenant deployment, an OrganizationalContainerMO object must be provided that represents the root of the tenant.; attributeName - Name of attribute to match with.; attributeValue - Value of the attribute to match with. Use '*' as the first or last, or both (first and last) character of a String value to perform substring searches for Role.; results - SearchResultsMO to hold the results of the search. SearchResultsMO provides a page by page view of the results. The object will be filled with Role value objects that match the given criteria. However, if the SearchResultsMO object is constructed using a different user context, the context will be changed by the API to match the context of this object.
Throws:: java.rmi.RemoteException - Thrown if the API is unable to communicate with the platform.; ApplicationException - 1. Thrown if the API is unable to obtain the role. This might occur if the parent container is removed by another client previous to this call. 2. Thrown when either the attributeName or the attributeValue parameter is null.*
See Also:: SearchMO, SearchResultsMO

getRoleByURI

public RoleMO getRoleByURI(OrganizationalContainerMO container,
                           java.lang.String uri)
                    throws java.rmi.RemoteException,
                           ApplicationException

Returns the role for the given Uniform Resource Identifier (URI) within the specified parent container.

Parameters:: container - OrganizationalContainerMO representing the parent container to scope the search.; uri - String representing the role's URI.
Returns:: RoleMO representing the matching role
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with platform.; ApplicationException - Thrown if unable to obtain the role. This might be caused by the container being removed by another client previous to this call. This exception might also be thrown if the container object is null or represents the tenant, no role is found for the given URI within the container, or more than one role is found for the given URI within the container.

getAllAssignmentAttributes

public java.util.Set<RoleAssignmentAttribute> getAllAssignmentAttributes(java.util.Set<DistinguishedName> roles)
                                                                  throws ApplicationException,
                                                                         java.rmi.RemoteException

Returns all role assignment attributes for a set of roles. This method resolves the role hierarchy and returns all the assignment attributes from the specified roles and also from all their parent roles.

Returns:: set of RoleAssignmentAttribute objects that represents assignment attribute. The empty set is returned if there is no assignment attribute.
Throws:: ApplicationException - Thrown if unable to get the parent roles. This can occur if the role is removed by another client prior to this call.; java.rmi.RemoteException - Thrown if unable to communicate with platform.
Since:: 6.0

Overview

Package

Class

Use

Tree

Serialized

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

IBM Security Identity Manager 6.0.0
© Copyright International Business Machines Corporation 2007, 2012. All rights reserved. US Government Users Restricited Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

com.ibm.itim.apps.identity Class RoleManager

CREATE_ERROR_FOR_NULL_CONTAINER

GET_ROLE_ERROR

CREATE_ERROR_FOR_NULL_SCOPE

RoleManager

createRole

createRole

createRole

getRoles

getRoles

getRoles

getRoleByURI

getAllAssignmentAttributes

com.ibm.itim.apps.identity
Class RoleManager