SeparationOfDutyPolicyMO

Overview

Package

Class

Use

Tree

Serialized

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.ibm.itim.apps.policy
Class SeparationOfDutyPolicyMO

java.lang.Object
  com.ibm.itim.apps.policy.SeparationOfDutyPolicyMO

public class SeparationOfDutyPolicyMO
extends java.lang.Object
extends java.lang.Object

Separation of duty object representing a separation of duty policy.

Constructor Summary
`SeparationOfDutyPolicyMO(PlatformContext platform, javax.security.auth.Subject subject, DistinguishedName name)` Constructs the the managed object with a platform context, a subject, and the distinguished name of the object to manage.

Method Summary
`OrganizationalContainerMO`	`getContainer()` Returns the current parent container of this policy.
`SeparationOfDutyPolicy`	`getData()` Returns a current snapshot of the data defining the managed object.
`DistinguishedName`	`getDistinguishedName()` Returns the distinguished name of the managed object
`java.util.Collection<IPolicyRuleStatistics>`	`getItemizedStatisticsByRule()` For this policy, categorize violation and exemption counts into their respective rules.
`OrganizationalContainerMO`	`getOrganization()` Returns the organization this policy is contained within.
`IPolicyStatistics`	`getPolicyStatistics()` For this policy, determine how many violations and exemptions exist.
`java.util.Collection<IRuleExemption>`	`getRuleExemptions(java.lang.String ruleName)` Retrieve the exemptions for the given rule in this separation of duty policy.
`java.util.Collection<IRuleViolation>`	`getRuleViolations(java.lang.String ruleName)` Retrieve the violations for the given rule in this separation of duty policy.
`boolean`	`isDeletable()` Returns true if this object can be deleted/removed.
`boolean`	`isExemptionAdminable()` Returns true if the logged in user has permission to update exemption status for this policy (exemptionAdmin permission).
`boolean`	`isReconcileable()` Returns true if the logged in user has permission to reconcile exemption data for this policy (reconcile permission).
`boolean`	`isUpdatable()` Returns true if this object can be modified/updated.
`Request`	`reconcile(java.util.Date scheduledTime)` Starts a separation of duty policy reconciliation which will record violation results into the database.
`Request`	`remove(java.util.Date scheduledTime)` Removes the policy object and associated managed objects from the provisioning platform.
`Request`	`update(SeparationOfDutyPolicy p, java.util.Date scheduledTime)` Updates the managed object.

Methods inherited from class java.lang.Object
`equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

SeparationOfDutyPolicyMO

public SeparationOfDutyPolicyMO(PlatformContext platform,
                                javax.security.auth.Subject subject,
                                DistinguishedName name)

Constructs the the managed object with a platform context, a subject, and the distinguished name of the object to manage.

Parameters:: platform - PlatformContext holding platform connection information.; subject - Subject representing the authenticated caller.; name - DistinguishedName identifying the policy.

Method Detail

getDistinguishedName

public DistinguishedName getDistinguishedName()

Returns the distinguished name of the managed object

Returns:: DistinguishedName of the managed object.

getData

public SeparationOfDutyPolicy getData()
                               throws java.rmi.RemoteException,
                                      ApplicationException

Returns a current snapshot of the data defining the managed object. This snapshot contains only the data the user is authorized to view. Attributes the user has no permission to search on are filtered out.

Returns:: SeparationOfDutyPolicy object holding attribute information.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with the platform.; ApplicationException - Thrown if unable to retrieve data.

update

public Request update(SeparationOfDutyPolicy p,
                      java.util.Date scheduledTime)
               throws java.rmi.RemoteException,
                      AuthorizationException,
                      SchemaViolationException,
                      ApplicationException

Updates the managed object. A policy value object is provided with the changes to make.

Parameters:: p - Policy value object with changes to make.; scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. If this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not match the date/time of the ITIM server machine.
Returns:: Request object representing the operation's status.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with the platform.; AuthorizationException - Thrown if the client is unauthorized to change the policy.; SchemaViolationException - Thrown if any of the attributes in the value object violate the schema of the managed object.; ApplicationException - Thrown if unable to submit the request. This might occur if another client removes the policy prior to the call. This exception is also thrown when SeparationOfDutyPolicyMO contains a null DistinguishedName.

remove

public Request remove(java.util.Date scheduledTime)
               throws java.rmi.RemoteException,
                      ApplicationException,
                      AuthorizationException

Removes the policy object and associated managed objects from the provisioning platform.

Parameters:: scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. If this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine might not match the date/time of the ITIM server machine.
Returns:: Request object representing the status of the operation.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with the platform.; AuthorizationException - Thrown if the client is unauthorized to remove the policy.; ApplicationException - Thrown if unable to submit the request. This might occur if another client removes the policy prior to the call. This exception is also thrown when SeparationOfDutyPolicyMO contains a null DistinguishedName.

getContainer

public OrganizationalContainerMO getContainer()
                                       throws java.rmi.RemoteException,
                                              ApplicationException,
                                              AuthorizationException

Returns the current parent container of this policy.

Returns:: OrganizationalContainerMO representing the parent container.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with the platform.; AuthorizationException - Thrown if the client is unauthorized to view the container of the policy.; ApplicationException - Thrown if unable to retrieve the container of the policy.

getOrganization

public OrganizationalContainerMO getOrganization()
                                          throws java.rmi.RemoteException,
                                                 ApplicationException,
                                                 AuthorizationException

Returns the organization this policy is contained within.

Returns:: OrganizationalContainerMO representing the organization.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with the platform.; com.ibm.itim.apps.exception.AppProcessingException - Thrown if unable to retrieve the organization.; ApplicationException; AuthorizationException

isDeletable

public boolean isDeletable()
                    throws java.rmi.RemoteException,
                           ApplicationException,
                           AuthorizationException

Returns true if this object can be deleted/removed.

Throws:: java.rmi.RemoteException - Thrown if unable to communicate with the platform.; ApplicationException - Thrown if unable to retrieve this object.; AuthorizationException - Thrown if the delete/remove operation is not allowed.

isUpdatable

public boolean isUpdatable()
                    throws java.rmi.RemoteException,
                           ApplicationException,
                           AuthorizationException

Returns true if this object can be modified/updated.

Throws:: java.rmi.RemoteException - Thrown if unable to communicate with the platform.; ApplicationException - Thrown if unable to update this object.; AuthorizationException - Thrown if the modify/update operation is not allowed.

isExemptionAdminable

public boolean isExemptionAdminable()
                             throws java.rmi.RemoteException,
                                    ApplicationException,
                                    AuthorizationException

Returns true if the logged in user has permission to update exemption status for this policy (exemptionAdmin permission).

Throws:: java.rmi.RemoteException - Thrown if unable to communicate with the platform.; ApplicationException - Thrown if unable to retrieve this object.; AuthorizationException - Thrown if the exemptionAdmin operation is not allowed.

isReconcileable

public boolean isReconcileable()
                        throws java.rmi.RemoteException,
                               ApplicationException,
                               AuthorizationException

Returns true if the logged in user has permission to reconcile exemption data for this policy (reconcile permission).

Throws:: java.rmi.RemoteException - Thrown if unable to communicate with the platform.; ApplicationException - Thrown if unable to retrieve this object.; AuthorizationException - Thrown if the exemptionAdmin operation is not allowed.

reconcile

public Request reconcile(java.util.Date scheduledTime)
                  throws java.rmi.RemoteException,
                         ApplicationException,
                         AuthorizationException

Starts a separation of duty policy reconciliation which will record violation results into the database.

Parameters:: scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. If this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine might not match the date/time of the ITIM server machine.
Returns:: Request object representing the status of the operation.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with the platform.; ApplicationException - Thrown if unable to retrieve this object.; AuthorizationException - Thrown if the exemptionAdmin operation is not allowed.

getPolicyStatistics

public IPolicyStatistics getPolicyStatistics()
                                      throws java.rmi.RemoteException,
                                             ApplicationException,
                                             AuthorizationException

For this policy, determine how many violations and exemptions exist.

Returns:: IPolicyStatistics object containing the violation and exemption counts for the passed-in policy.
Throws:: ApplicationException - Thrown when an application-level error occurs.; AuthorizationException - Thrown if the user is not authorized to perform the operation.; java.rmi.RemoteException

getItemizedStatisticsByRule

public java.util.Collection<IPolicyRuleStatistics> getItemizedStatisticsByRule()
                                                                        throws java.rmi.RemoteException,
                                                                               ApplicationException,
                                                                               AuthorizationException

For this policy, categorize violation and exemption counts into their respective rules.

Parameters:: policy - Determine the number of violations and exemptions for each rule in this passed-in policy.
Returns:: A Collection which details for each rule how many violations and exemptions exist.
Throws:: ApplicationException - Thrown when an application-level error occurs.; AuthorizationException - Thrown if the user is not authorized to perform the operation.; java.rmi.RemoteException

getRuleViolations

public java.util.Collection<IRuleViolation> getRuleViolations(java.lang.String ruleName)
                                                       throws java.rmi.RemoteException,
                                                              ApplicationException,
                                                              AuthorizationException

Retrieve the violations for the given rule in this separation of duty policy.

Parameters:: ruleName - The rule name (which is found in the policy) to lookup violations
Throws:: ApplicationException - Thrown when an application-level error occurs.; AuthorizationException - Thrown if the user is not authorized to perform the operation.; java.rmi.RemoteException

getRuleExemptions

public java.util.Collection<IRuleExemption> getRuleExemptions(java.lang.String ruleName)
                                                       throws java.rmi.RemoteException,
                                                              ApplicationException,
                                                              AuthorizationException

Retrieve the exemptions for the given rule in this separation of duty policy.

Parameters:: ruleName - The rule name (which is found in the policy) to lookup exemptions
Throws:: ApplicationException - Thrown when an application-level error occurs.; AuthorizationException - Thrown if the user is not authorized to perform the operation.; java.rmi.RemoteException

Overview

Package

Class

Use

Tree

Serialized

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

IBM Security Identity Manager 6.0.0
© Copyright International Business Machines Corporation 2007, 2012. All rights reserved. US Government Users Restricited Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

com.ibm.itim.apps.policy Class SeparationOfDutyPolicyMO

SeparationOfDutyPolicyMO

getDistinguishedName

getData

update

remove

getContainer

getOrganization

isDeletable

isUpdatable

isExemptionAdminable

isReconcileable

reconcile

getPolicyStatistics

getItemizedStatisticsByRule

getRuleViolations

getRuleExemptions

com.ibm.itim.apps.policy
Class SeparationOfDutyPolicyMO