com.ibm.itim.apps.identity
Class RoleMO

java.lang.Object
  |
  +--com.ibm.itim.apps.identity.RoleMO

public class RoleMO
extends java.lang.Object

Managed object representing an organizational role, either static or dynamic. In general it should be noted that the value object for a static role is represented by the Role class, and the value object for a dynamic role is represented by the DynamicRole class.

See Also:
Role, DynamicRole

Constructor Summary
RoleMO(PlatformContext platform, javax.security.auth.Subject subject, DistinguishedName name)
          Constructs the the managed object with a platform context, a subject, and the distinguished name of the object to manage.
 
Method Summary
 Request addMember(PersonMO member, java.util.Date scheduledTime)
          Adds a new member to the specified role.
 OrganizationalContainerMO getContainer()
          Returns the current parent container in the tree.
 Role getData()
          Returns a current snapshot of the data defining the provisioning object.
 DistinguishedName getDistinguishedName()
          Returns the distinguished name of the managed object
 java.util.Collection getMembers()
          Retrieves the members of the role.
 void getMembers(SearchResultsMO results)
          Retrieves the members of the role.
 Request remove(java.util.Date scheduledTime)
          Removes the managed object from the provisioning platform.
 Request removeMember(PersonMO member, java.util.Date scheduledTime)
          Removes a member from the role.
 Request update(Role r, java.util.Date scheduledTime)
          Updates the managed object.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RoleMO

public RoleMO(PlatformContext platform,
              javax.security.auth.Subject subject,
              DistinguishedName name)
Constructs the the managed object with a platform context, a subject, and the distinguished name of the object to manage.

Parameters:
platform - PlatformContext holding platform connection information.
subject - Subject representing the authenticated caller.
name - DistinguishedName identifying the container.
Method Detail

getDistinguishedName

public DistinguishedName getDistinguishedName()
Returns the distinguished name of the managed object

Returns:
DistinguishedName of the managed object.

getData

public Role getData()
             throws java.rmi.RemoteException,
                    ApplicationException
Returns a current snapshot of the data defining the provisioning object.

Returns:
Role object holding attribute information.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if unable to retrieve data.

getContainer

public OrganizationalContainerMO getContainer()
                                       throws java.rmi.RemoteException,
                                              ApplicationException
Returns the current parent container in the tree.

Returns:
OrganizationalContainerMO representing the parent container.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if unable to retrieve parent.

remove

public Request remove(java.util.Date scheduledTime)
               throws AuthorizationException,
                      ApplicationException,
                      java.rmi.RemoteException
Removes the managed object from the provisioning platform. The removal of the role will not be allowed if a provisioning policy references it. For static roles only, the removal will not be allowed if there are existing members in the role.

Parameters:
scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current data/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.Only applicable to dynamic role. If the RoleMO represents a static role, this parameter is ignored and may be null.
Returns:
Request object representing the operation's status. NULL when it's an organizational role removal.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to remove the role.
ApplicationException - Thrown if unable to remove the role. This may possibly be caused by a provisioning policy still referencing the role, or by the presence of members if the role is static.

update

public Request update(Role r,
                      java.util.Date scheduledTime)
               throws java.rmi.RemoteException,
                      AuthorizationException,
                      SchemaViolationException,
                      ApplicationException
Updates the managed object. A Role value object is provided with the changes to make.

Parameters:
r - Role value object with changes to make.
scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current data/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.Only applicable to dynamic role. If the RoleMO represents a static role, this parameter is ignored and may be null.
Returns:
Request object representing the operation's status. NULL when it's an static role modification.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to change the role. Note, even if only one of the attributes being changed is not writeable for the client, the entire request will fail and this exception will be thrown.
SchemaViolationException - Thrown if any of the attributes in the given Role are invalid or not part of the schema.
ApplicationException - Thrown if unable to update the role. This may possibly be caused by the role being removed by another client previous to this call.

getMembers

public java.util.Collection getMembers()
                                throws java.rmi.RemoteException,
                                       ApplicationException
Retrieves the members of the role. The collection returned will only contain PersonMO the client is authorized to view (search for) and PersonMO that the client has permission for reading the Role attribute. No AuthorizationException will be thrown, only a reduced list will be returned.

Returns:
Collection of PersonMO's representing the role's members.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if unable to retrieve members of the role. This may possibly be caused by the role being removed by another client previous to this call.

getMembers

public void getMembers(SearchResultsMO results)
                throws java.rmi.RemoteException,
                       ApplicationException
Retrieves the members of the role. Note, only members the client is authorized to search and members the client is authorized role assignment knowledge of will be returned. No AuthorizationException will be thrown, only a reduced list will be returned.

Parameters:
results - SearchResultsMO to hold the results of the search. Note, if the SearchResultsMO object was constructed using a different user context, that context will be changed to match the context of this object.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if unable to retrieve members of the role. This may possibly be caused by the role being removed by another client previous to this call.

addMember

public Request addMember(PersonMO member,
                         java.util.Date scheduledTime)
                  throws java.rmi.RemoteException,
                         AuthorizationException,
                         ApplicationException
Adds a new member to the specified role. This method only applies to static roles and should not be invoked on a dynamic role.

Parameters:
member - PersonMO representing the new member.
scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current data/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.Only applicable to dynamic role. If the RoleMO represents a static role, this parameter is ignored and may be null.
Returns:
Request object representing the operation's status.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to change the role or change the role assignment of the user.
ApplicationException - Thrown if unable to update the role membership. This may possibly be caused by the role or member being removed by another client previous to this call.

removeMember

public Request removeMember(PersonMO member,
                            java.util.Date scheduledTime)
                     throws java.rmi.RemoteException,
                            AuthorizationException,
                            ApplicationException
Removes a member from the role. This method only applies to static roles and should not be invoked on a dynamic role.

Parameters:
member - PersonMO representing the member to remove.
scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current data/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
Returns:
Request object representing the operation's status.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to change the role or change the role assignment of the user.
ApplicationException - Thrown if unable to update the role membership. This may possibly be caused by the role or member being removed by another client previous to this call.


IBM Tivoli Identity Manager 4.6
© Copyright International Business Machines Corporation 2005. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.