public class PersonManager
extends java.lang.Object
PersonMO| Constructor and Description |
|---|
PersonManager(PlatformContext platform,
javax.security.auth.Subject subject)
Constructs the manager with a platform context and a subject.
|
| Modifier and Type | Method and Description |
|---|---|
Request |
createPerson(OrganizationalContainerMO container,
Person subject,
java.util.Date scheduledTime)
Creates a person in the provisioning platform with the specified
attributes within the given container.
|
Request |
createPerson(OrganizationalContainerMO container,
Person subject,
java.util.Date scheduledTime,
java.lang.String justification)
Creates a person in the provisioning platform with the specified
attributes within the given container.
|
Request |
createPerson(OrganizationalContainerMO container,
Person subject,
java.util.Set<RoleAssignmentObject> assignmentData,
java.util.Date scheduledTime)
Creates a person in the provisioning platform with the specified
attributes within the given container.
|
Request |
createPerson(OrganizationalContainerMO container,
Person subject,
java.util.Set<RoleAssignmentObject> assignmentData,
java.util.Date scheduledTime,
java.lang.String justification)
Creates a person in the provisioning platform with the specified
attributes within the given container.
|
void |
getPeople(OrganizationalContainerMO parent,
java.lang.String attributeName,
java.lang.Object attributeValue,
boolean subTree,
SearchResultsMO results)
Returns the person(s) matching the given attribute within the given
container.
|
void |
getPeople(OrganizationalContainerMO parent,
java.lang.String attributeName,
java.lang.Object attributeValue,
SearchResultsMO results)
Returns the person(s) matching the given attribute within the given
container.
|
java.util.Collection |
getPeople(OrganizationalContainerMO container,
java.lang.String profileName,
java.lang.String name)
Returns the person(s) with the the name within the given parent
container.
|
java.util.Collection |
getPeople(OrganizationalContainerMO container,
java.lang.String profileName,
java.lang.String name,
boolean subTree)
Returns the person(s) with the the name within the given parent
container.
|
java.util.Collection |
getPeople(java.lang.String attributeName,
java.lang.Object attributeValue,
OrganizationalContainerMO parent)
Returns the person(s) matching the given attribute within the given
parent container.
|
java.util.Collection |
getPeople(java.lang.String attributeName,
java.lang.Object attributeValue,
OrganizationalContainerMO parent,
boolean subTree)
Returns the person(s) matching the given attribute within the given
parent container.
|
PersonMO |
getPersonByURI(OrganizationalContainerMO container,
java.lang.String uri)
Returns the person for the given Uniform Resource Identifier (URI)
within the specified parent container.
|
Request |
remove(java.util.Collection collection,
java.util.Date scheduledTime)
This API removes the person objects and associated individual accounts from
the provisioning platform.
|
Request |
remove(java.util.Collection collection,
java.util.Date scheduledTime,
java.lang.String justification)
Removes the person objects and associated managed objects from the
provisioning platform.
|
Request |
restore(java.util.Collection collection,
java.util.Date scheduledTime)
This API restores users and based on the property
com.ibm.itim.personManagement.suspendRestorePersonWithAccounts in
enRole.properties also restores individual accounts of the users.
|
Request |
restore(java.util.Collection collection,
java.util.Date scheduledTime,
java.lang.String justification)
Restores the persons only.
|
Request |
suspend(java.util.Collection collection,
java.util.Date scheduledTime)
This API suspends users and based on the property
com.ibm.itim.personManagement.suspendRestorePersonWithAccounts in
enRole.properties also suspends individual accounts of the users.
|
Request |
suspend(java.util.Collection collection,
java.util.Date scheduledTime,
java.lang.String justification)
Suspends the persons and associated managed objects from the provisioning
platform
|
Request |
unManage(java.util.Collection collection,
java.util.Date scheduledTime)
Removes person objects only from the provisioning platform.
|
Request |
unManage(java.util.Collection collection,
java.util.Date scheduledTime,
java.lang.String justification)
Removes person objects only from the provisioning platform.
|
public PersonManager(PlatformContext platform, javax.security.auth.Subject subject)
platform - PlatformContext holding platform connection information.subject - Subject representing the authenticated caller.public Request createPerson(OrganizationalContainerMO container, Person subject, java.util.Date scheduledTime) throws java.rmi.RemoteException, AuthorizationException, SchemaViolationException, ApplicationException
container - OrganizationalContainerMO within which the
person will be placed. The container should represent
one of the valid container that a person can be added.
It should be organization, organization unit,
business partner organization unit,
location, or admin domain.subject - Person value object defining the attributes the person
will have.scheduledTime - The scheduled starting time of the process.
If null, the process will start immediately.
In case this method is invoked remotely, passing this parameter as the current
date/time of the client machine is not a safe technique to use, since the
date/time of the client machine may not be the same as the date/time of the
ITIM server machine.java.rmi.RemoteException - Thrown if unable to communicate with platform.AuthorizationException - Thrown if client is unauthorized to
create the person in the given
container.SchemaViolationException - Thrown if any of the attributes
in the value object violate the
managed object's schema. This
may be caused by an invalid attribute
or if a required attribute is missing
entirely.ApplicationException - Thrown if unable to submit the request.
This may possibly be caused by
the container being removed by another
client previous to this call. Another possible
cause is the input OrganizationalContainerMO being null.public Request createPerson(OrganizationalContainerMO container, Person subject, java.util.Date scheduledTime, java.lang.String justification) throws java.rmi.RemoteException, AuthorizationException, SchemaViolationException, ApplicationException
container - OrganizationalContainerMO within which the
person will be placed. The container should represent
one of the valid container that a person can be added.
It should be organization, organization unit,
business partner organization unit,
location, or admin domain.subject - Person value object defining the attributes the person
will have.scheduledTime - The scheduled starting time of the process.
If null, the process will start immediately.
In case this method is invoked remotely, passing this parameter as the current
date/time of the client machine is not a safe technique to use, since the
date/time of the client machine may not be the same as the date/time of the
ITIM server machine.java.rmi.RemoteException - Thrown if unable to communicate with platform.AuthorizationException - Thrown if client is unauthorized to
create the person in the given
container.SchemaViolationException - Thrown if any of the attributes
in the value object violate the
managed object's schema. This
may be caused by an invalid attribute
or if a required attribute is missing
entirely.ApplicationException - Thrown if unable to submit the request.
This may possibly be caused by
the container being removed by another
client previous to this call. Another possible
cause is the input OrganizationalContainerMO being null.public Request createPerson(OrganizationalContainerMO container, Person subject, java.util.Set<RoleAssignmentObject> assignmentData, java.util.Date scheduledTime) throws java.rmi.RemoteException, AuthorizationException, SchemaViolationException, ApplicationException
container - OrganizationalContainerMO within which the
person will be placed. The container should represent
one of the valid container that a person can be added.
It should be organization, organization unit,
business partner organization unit,
location, or admin domain.subject - Person value object defining the attributes the person
will have.assignmentData - set of RoleAssignmentObjects that will set for the person. *scheduledTime - The scheduled starting time of the process.
If null, the process will start immediately.
In case this method is invoked remotely, passing this parameter as the current
date/time of the client machine is not a safe technique to use, since the
date/time of the client machine may not be the same as the date/time of the
ITIM server machine.java.rmi.RemoteException - Thrown if unable to communicate with platform.AuthorizationException - Thrown if client is unauthorized to
create the person in the given
container.SchemaViolationException - Thrown if any of the attributes
in the value object violate the
managed object's schema. This
may be caused by an invalid attribute
or if a required attribute is missing
entirely.ApplicationException - Thrown if unable to submit the request.
This may possibly be caused by
the container being removed by another
client previous to this call. Another possible
cause is the input OrganizationalContainerMO being null.public Request createPerson(OrganizationalContainerMO container, Person subject, java.util.Set<RoleAssignmentObject> assignmentData, java.util.Date scheduledTime, java.lang.String justification) throws java.rmi.RemoteException, AuthorizationException, SchemaViolationException, ApplicationException
container - OrganizationalContainerMO within which the
person will be placed. The container should represent
one of the valid container that a person can be added.
It should be organization, organization unit,
business partner organization unit,
location, or admin domain.subject - Person value object defining the attributes the person
will have.assignmentData - set of RoleAssignmentObjects that will set for the person. *scheduledTime - The scheduled starting time of the process.
If null, the process will start immediately.
In case this method is invoked remotely, passing this parameter as the current
date/time of the client machine is not a safe technique to use, since the
date/time of the client machine may not be the same as the date/time of the
ITIM server machine.justification - The justification provided by the requester while creating a person.java.rmi.RemoteException - Thrown if unable to communicate with platform.AuthorizationException - Thrown if client is unauthorized to
create the person in the given
container.SchemaViolationException - Thrown if any of the attributes
in the value object violate the
managed object's schema. This
may be caused by an invalid attribute
or if a required attribute is missing
entirely.ApplicationException - Thrown if unable to submit the request.
This may possibly be caused by
the container being removed by another
client previous to this call. Another possible
cause is the input OrganizationalContainerMO being null.public java.util.Collection getPeople(OrganizationalContainerMO container, java.lang.String profileName, java.lang.String name) throws java.rmi.RemoteException, ApplicationException
container - OrganizationalContainerMO representing the parent container
to scope the search. In a single-tenant deployment, null
can be specified to indicate the entire tree should be
searched. In a multi-tenant deployment, an
OrganizationalContainerMO object must be provided that
represents the root of the tenant.profileName - Person profile name to search to return.name - Name of the person(s) to return.java.rmi.RemoteException - Thrown if unable to communicate with platform.ApplicationException - Thrown if unable to obtain the
people. This may possibly
be caused by the container being removed
by another client previous to this call.public java.util.Collection getPeople(OrganizationalContainerMO container, java.lang.String profileName, java.lang.String name, boolean subTree) throws java.rmi.RemoteException, ApplicationException
container - OrganizationalContainerMO representing the parent container
to scope the search. If the container is NULL, a not-support
error message is thrown in ApplicationException.profileName - Person profile name to search to return.name - Name of the person(s) to return.subTree - boolean of search scope. A TRUE value specifies subtree
search scope starting from container. A FALSE value
specifies single-level search in the container only.java.rmi.RemoteException - Thrown if unable to communicate with platform.ApplicationException - Thrown if unable to obtain the
people. This may possibly
be caused by the container being removed
by another client previous to this call.public java.util.Collection getPeople(java.lang.String attributeName,
java.lang.Object attributeValue,
OrganizationalContainerMO parent)
throws java.rmi.RemoteException,
ApplicationException
attributeName - Name of attribute to match with.attributeValue - Value of the attribute to match with. A * can be
used as the first and/or last character of a
String value if a "contains" expression is wished.parent - OrganizationalContainerMO representing the parent container
to scope the search. In a single-tenant deployment, null
can be specified to indicate the entire tree should be
searched. In a multi-tenant deployment, an
OrganizationalContainerMO object must be provided that
represents the root of the tenant.java.rmi.RemoteException - Thrown if unable to communicate with platform.ApplicationException - Thrown if unable to obtain the
people. This may possibly
be caused by the parent container being
removed by another client previous to
this call.public java.util.Collection getPeople(java.lang.String attributeName,
java.lang.Object attributeValue,
OrganizationalContainerMO parent,
boolean subTree)
throws java.rmi.RemoteException,
ApplicationException
attributeName - Name of attribute to match with.attributeValue - Value of the attribute to match with. A * can be
used as the first and/or last character of a
String value if a "contains" expression is wished.parent - OrganizationalContainerMO representing the parent container
to scope the search. If the container is NULL, a not-
support error message is thrown in ApplicationException.subTree - boolean of search scope. A TRUE value specifies subtree
search scope starting from container. A FALSE value
specifies single-level search in the container only.java.rmi.RemoteException - Thrown if unable to communicate with platform.ApplicationException - Thrown if unable to obtain the
people. This may possibly
be caused by the parent container being
removed by another client previous to
this call.public void getPeople(OrganizationalContainerMO parent, java.lang.String attributeName, java.lang.Object attributeValue, SearchResultsMO results) throws java.rmi.RemoteException, ApplicationException
parent - OrganizationalContainerMO representing the parent container
to scope the search. In a single-tenant deployment, null
can be specified to indicate the entire tree should be
searched. In a multi-tenant deployment, an
OrganizationalContainerMO object must be provided that
represents the root of the tenant.attributeName - Name of attribute to match with.attributeValue - Value of the attribute to match with. A * can be
used as the first and/or last character of a
String value if a "contains" expression is wished.results - SearchResultsMO to hold the results of the search. The
objet will be filled with Person value objects that
match the given criteria. Note, if the SearchResultsMO
object was constructed using a different user context,
that context will be changed to match the context of this
object.java.rmi.RemoteException - Thrown if unable to communicate with platform.ApplicationException - Thrown if unable to obtain the
people. This may possibly
be caused by the parent container being
removed by another client previous to
this call.public void getPeople(OrganizationalContainerMO parent, java.lang.String attributeName, java.lang.Object attributeValue, boolean subTree, SearchResultsMO results) throws java.rmi.RemoteException, ApplicationException
parent - OrganizationalContainerMO representing the parent container
to scope the search. If the container is NULL, a not-
support error message is thrown in ApplicationException.attributeName - Name of attribute to match with.attributeValue - Value of the attribute to match with. A * can be
used as the first and/or last character of a
String value if a "contains" expression is wished.subTree - boolean of search scope. A TRUE value specifies subtree
search scope starting from container. A FALSE value
specifies single-level search in the container only.results - SearchResultsMO to hold the results of the search. The
objet will be filled with Person value objects that
match the given criteria. Note, if the SearchResultsMO
object was constructed using a different user context,
that context will be changed to match the context of this
object.java.rmi.RemoteException - Thrown if unable to communicate with platform.ApplicationException - Thrown if unable to obtain the
people. This may possibly
be caused by the parent container being
removed by another client previous to
this call.public Request unManage(java.util.Collection collection, java.util.Date scheduledTime) throws java.rmi.RemoteException, ApplicationException, BulkException, AuthorizationException
collection - Collection holding the PersonMO objects to be unmanaged. If
colletion contains null objects or objects that are not of
type PersonMO, the method will silently skip such objects and
process remaining valid PersonMO objects. No exception will be
raised by this method to indicate which particular objects in
the collection were invalid.scheduledTime - The scheduled starting time of the process. If null, the
process will start immediately. In case this method is invoked
remotely, passing this parameter as the current date/time of
the client machine is not a safe technique to use, since the
date/time of the client machine may not be the same as the
date/time of the ITIM server machine.java.rmi.RemoteException - Thrown if unable to communicate with platform.AuthorizationException - Thrown if client is unauthorized to remove the person.ApplicationException - Thrown if unable to submit the request. This exception is
also thrown when the input collection is nullBulkException - Thrown if partial request list is submitted. This
exception is thrown only for those PersonMO items for
which the user represented by Subject does not have
authority to perform the required operation. This
exception is not raised for invalid items in input
collection.public Request unManage(java.util.Collection collection, java.util.Date scheduledTime, java.lang.String justification) throws java.rmi.RemoteException, ApplicationException, BulkException, AuthorizationException
collection - Collection holding the PersonMO objects to be unmanaged. If
colletion contains null objects or objects that are not of
type PersonMO, the method will silently skip such objects and
process remaining valid PersonMO objects. No exception will be
raised by this method to indicate which particular objects in
the collection were invalid.scheduledTime - The scheduled starting time of the process. If null, the
process will start immediately. In case this method is invoked
remotely, passing this parameter as the current date/time of
the client machine is not a safe technique to use, since the
date/time of the client machine may not be the same as the
date/time of the ITIM server machine.justification - The justification provided by the requester while removing the person.java.rmi.RemoteException - Thrown if unable to communicate with platform.AuthorizationException - Thrown if client is unauthorized to remove the person.ApplicationException - Thrown if unable to submit the request. This exception is
also thrown when the input collection is nullBulkException - Thrown if partial request list is submitted. This
exception is thrown only for those PersonMO items for
which the user represented by Subject does not have
authority to perform the required operation. This
exception is not raised for invalid items in input
collection.public Request remove(java.util.Collection collection, java.util.Date scheduledTime) throws java.rmi.RemoteException, ApplicationException, BulkException, AuthorizationException
collection - Collection holding the PersonMO objects to be removed. If
colletion contains null objects or objects that are not of
type PersonMO, the method will silently skip such objects and
process remaining valid PersonMO objects. No exception will be
raised by this method to indicate which particular objects in
the collection were invalid.scheduledTime - The scheduled starting time of the process. If null, the
process will start immediately. In case this method is invoked
remotely, passing this parameter as the current date/time of
the client machine is not a safe technique to use, since the
date/time of the client machine may not be the same as the
date/time of the ITIM server machine.java.rmi.RemoteException - Thrown if unable to communicate with platform.AuthorizationException - Thrown if client is unauthorized to remove any person.ApplicationException - Thrown if unable to submit the request. This exception is
also thrown when the input collection is nullBulkException - Thrown if partial request list is submitted. This
exception is thrown only for those PersonMO items for
which the user represented by Subject does not have
authority to perform remove operation. This exception is
not raised for invalid items in input collection.public Request remove(java.util.Collection collection, java.util.Date scheduledTime, java.lang.String justification) throws java.rmi.RemoteException, ApplicationException, BulkException, AuthorizationException
collection - Collection holding the PersonMO objects to be removed. If
colletion contains null objects or objects that are not of
type PersonMO, the method will silently skip such objects and
process remaining valid PersonMO objects. No exception will be
raised by this method to indicate which particular objects in
the collection were invalid.scheduledTime - The scheduled starting time of the process. If null, the
process will start immediately. In case this method is invoked
remotely, passing this parameter as the current date/time of
the client machine is not a safe technique to use, since the
date/time of the client machine may not be the same as the
date/time of the ITIM server machine.justification - The justification provided by the requester while removing
the person objects.java.rmi.RemoteException - Thrown if unable to communicate with platform.AuthorizationException - Thrown if client is unauthorized to remove any person.ApplicationException - Thrown if unable to submit the request. This exception is
also thrown when the input collection is nullBulkException - Thrown if partial request list is submitted. This
exception is thrown only for those PersonMO items for
which the user represented by Subject does not have
authority to perform remove operation. This exception is
not raised for invalid items in input collection.public Request suspend(java.util.Collection collection, java.util.Date scheduledTime) throws java.rmi.RemoteException, ApplicationException, BulkException, AuthorizationException
collection - Collection holding the PersonMO objects to be suspended. If
colletion contains null objects or objects that are not of
type PersonMO, the method will silently skip such objects and
process remaining valid PersonMO objects. No exception will be
raised by this method to indicate which particular objects in
the collection were invalid.scheduledTime - The scheduled starting time of the process. If null, the
process will start immediately. In case this method is invoked
remotely, passing this parameter as the current date/time of
the client machine is not a safe technique to use, since the
date/time of the client machine may not be the same as the
date/time of the ITIM server machine.java.rmi.RemoteException - Thrown if unable to communicate with platform.AuthorizationException - Thrown if client is unauthorized to suspend the person or
their accounts (if requested).ApplicationException - Thrown if unable to submit the request. This may possibly
be caused by the person being removed by another client
previous to this call. This exception is also thrown when
the input collection is nullBulkException - Thrown if partial request list is submitted. This
exception is thrown only for those PersonMO items for
which the user represented by Subject does not have
authority to perform suspend operation. This exception is
not raised for invalid items in input collection.public Request suspend(java.util.Collection collection, java.util.Date scheduledTime, java.lang.String justification) throws java.rmi.RemoteException, ApplicationException, BulkException, AuthorizationException
collection - Collection holding the PersonMO objects to be suspended. If
colletion contains null objects or objects that are not of
type PersonMO, the method will silently skip such objects and
process remaining valid PersonMO objects. No exception will be
raised by this method to indicate which particular objects in
the collection were invalid.scheduledTime - The scheduled starting time of the process. If null, the
process will start immediately. In case this method is invoked
remotely, passing this parameter as the current date/time of
the client machine is not a safe technique to use, since the
date/time of the client machine may not be the same as the
date/time of the ITIM server machine.justification - The justification provided by the requester while suspending
the person objects.java.rmi.RemoteException - Thrown if unable to communicate with platform.AuthorizationException - Thrown if client is unauthorized to suspend the person or
their accounts (if requested).ApplicationException - Thrown if unable to submit the request. This may possibly
be caused by the person being removed by another client
previous to this call. This exception is also thrown when
the input collection is nullBulkException - Thrown if partial request list is submitted. This
exception is thrown only for those PersonMO items for
which the user represented by Subject does not have
authority to perform suspend operation. This exception is
not raised for invalid items in input collection.public Request restore(java.util.Collection collection, java.util.Date scheduledTime) throws java.rmi.RemoteException, ApplicationException, BulkException, AuthorizationException
collection - Collection holding the PersonMO objects to be restored. If
colletion contains null objects or objects that are not of
type PersonMO, the method will silently skip such objects and
process remaining valid PersonMO objects. No exception will be
raised by this method to indicate which particular objects in
the collection were invalid.scheduledTime - The scheduled starting time of the process. If null, the
process will start immediately. In case this method is invoked
remotely, passing this parameter as the current date/time of
the client machine is not a safe technique to use, since the
date/time of the client machine may not be the same as the
date/time of the ITIM server machine.java.rmi.RemoteException - Thrown if unable to communicate with platform.AuthorizationException - Thrown if client is unauthorized to restore the person or
their accounts (if requested).ApplicationException - Thrown if unable to submit the request. This may possibly
be caused by the person being removed by another client
previous to this call. This exception is also thrown when
the input collection is nullBulkException - Thrown if partial request list is submitted. This
exception is thrown only for those PersonMO items for
which the user represented by Subject does not have
authority to perform suspend operation. This exception is
not raised for invalid items in input collection.public Request restore(java.util.Collection collection, java.util.Date scheduledTime, java.lang.String justification) throws java.rmi.RemoteException, ApplicationException, BulkException, AuthorizationException
collection - Collection holding the PersonMO objects to be restored. If
colletion contains null objects or objects that are not of
type PersonMO, the method will silently skip such objects and
process remaining valid PersonMO objects. No exception will be
raised by this method to indicate which particular objects in
the collection were invalid.scheduledTime - The scheduled starting time of the process. If null, the
process will start immediately. In case this method is invoked
remotely, passing this parameter as the current date/time of
the client machine is not a safe technique to use, since the
date/time of the client machine may not be the same as the
date/time of the ITIM server machine.justification - The justification provided by the requester while restoring person objects.java.rmi.RemoteException - Thrown if unable to communicate with platform.AuthorizationException - Thrown if client is unauthorized to restore the person or
their accounts (if requested).ApplicationException - Thrown if unable to submit the request. This may possibly
be caused by the person being removed by another client
previous to this call. This exception is also thrown when
the input collection is nullBulkException - Thrown if partial request list is submitted. This
exception is thrown only for those PersonMO items for
which the user represented by Subject does not have
authority to perform suspend operation. This exception is
not raised for invalid items in input collection.public PersonMO getPersonByURI(OrganizationalContainerMO container, java.lang.String uri) throws java.rmi.RemoteException, ApplicationException
container - OrganizationalContainerMO representing the parent container to
scope the search.uri - String representing the person's URI.java.rmi.RemoteException - Thrown if unable to communicate with platform.ApplicationException - Thrown if unable to obtain the person. This might
be caused by the container being removed by
another client previous to this call. This exception might also be thrown
if the container object is null or represents the tenant,
no person is found for the given URI within the container,
or more than one person is found for the given URI
within the container.