com.ibm.itim.apps.policy

Class SeparationOfDutyPolicyMO

  • java.lang.Object
    • com.ibm.itim.apps.policy.SeparationOfDutyPolicyMO

  • public class SeparationOfDutyPolicyMO
extends java.lang.Object
    Separation of duty object representing a separation of duty policy.

    • Constructor Detail

      • SeparationOfDutyPolicyMO

        public SeparationOfDutyPolicyMO(PlatformContext platform,
                                javax.security.auth.Subject subject,
                                DistinguishedName name)
        Constructs the the managed object with a platform context, a subject, and the distinguished name of the object to manage.
        Parameters:
        platform - PlatformContext holding platform connection information.
        subject - Subject representing the authenticated caller.
        name - DistinguishedName identifying the policy.

    • Method Detail

      • getDistinguishedName

        public DistinguishedName getDistinguishedName()
        Returns the distinguished name of the managed object
        Returns:
        DistinguishedName of the managed object.

      • getData

        public SeparationOfDutyPolicy getData()
                               throws java.rmi.RemoteException,
                                      ApplicationException
        Returns a current snapshot of the data defining the managed object. This snapshot contains only the data the user is authorized to view. Attributes the user has no permission to search on are filtered out.
        Returns:
        SeparationOfDutyPolicy object holding attribute information.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with the platform.
        ApplicationException - Thrown if unable to retrieve data.

      • update

        public Request update(SeparationOfDutyPolicy p,
                      java.util.Date scheduledTime)
               throws java.rmi.RemoteException,
                      AuthorizationException,
                      SchemaViolationException,
                      ApplicationException
        Updates the managed object. A policy value object is provided with the changes to make.
        Parameters:
        p - Policy value object with changes to make.
        scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. If this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not match the date/time of the ITIM server machine.
        Returns:
        Request object representing the operation's status.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with the platform.
        AuthorizationException - Thrown if the client is unauthorized to change the policy.
        SchemaViolationException - Thrown if any of the attributes in the value object violate the schema of the managed object.
        ApplicationException - Thrown if unable to submit the request. This might occur if another client removes the policy prior to the call. This exception is also thrown when SeparationOfDutyPolicyMO contains a null DistinguishedName.

      • remove

        public Request remove(java.util.Date scheduledTime)
               throws java.rmi.RemoteException,
                      ApplicationException,
                      AuthorizationException
        Removes the policy object and associated managed objects from the provisioning platform.
        Parameters:
        scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. If this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine might not match the date/time of the ITIM server machine.
        Returns:
        Request object representing the status of the operation.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with the platform.
        AuthorizationException - Thrown if the client is unauthorized to remove the policy.
        ApplicationException - Thrown if unable to submit the request. This might occur if another client removes the policy prior to the call. This exception is also thrown when SeparationOfDutyPolicyMO contains a null DistinguishedName.

      • isExemptionAdminable

        public boolean isExemptionAdminable()
                             throws java.rmi.RemoteException,
                                    ApplicationException,
                                    AuthorizationException
        Returns true if the logged in user has permission to update exemption status for this policy (exemptionAdmin permission).
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with the platform.
        ApplicationException - Thrown if unable to retrieve this object.
        AuthorizationException - Thrown if the exemptionAdmin operation is not allowed.

      • isReconcileable

        public boolean isReconcileable()
                        throws java.rmi.RemoteException,
                               ApplicationException,
                               AuthorizationException
        Returns true if the logged in user has permission to reconcile exemption data for this policy (reconcile permission).
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with the platform.
        ApplicationException - Thrown if unable to retrieve this object.
        AuthorizationException - Thrown if the exemptionAdmin operation is not allowed.

      • reconcile

        public Request reconcile(java.util.Date scheduledTime)
                  throws java.rmi.RemoteException,
                         ApplicationException,
                         AuthorizationException
        Starts a separation of duty policy reconciliation which will record violation results into the database.
        Parameters:
        scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. If this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine might not match the date/time of the ITIM server machine.
        Returns:
        Request object representing the status of the operation.
        Throws:
        java.rmi.RemoteException - Thrown if unable to communicate with the platform.
        ApplicationException - Thrown if unable to retrieve this object.
        AuthorizationException - Thrown if the exemptionAdmin operation is not allowed.

      • getPolicyStatistics

        public IPolicyStatistics getPolicyStatistics()
                                      throws java.rmi.RemoteException,
                                             ApplicationException,
                                             AuthorizationException
        For this policy, determine how many violations and exemptions exist.
        Returns:
        IPolicyStatistics object containing the violation and exemption counts for the passed-in policy.
        Throws:
        ApplicationException - Thrown when an application-level error occurs.
        AuthorizationException - Thrown if the user is not authorized to perform the operation.
        java.rmi.RemoteException

      • getItemizedStatisticsByRule

        public java.util.Collection<IPolicyRuleStatistics> getItemizedStatisticsByRule()
                                                                        throws java.rmi.RemoteException,
                                                                               ApplicationException,
                                                                               AuthorizationException
        For this policy, categorize violation and exemption counts into their respective rules.
        Parameters:
        policy - Determine the number of violations and exemptions for each rule in this passed-in policy.
        Returns:
        A Collection which details for each rule how many violations and exemptions exist.
        Throws:
        ApplicationException - Thrown when an application-level error occurs.
        AuthorizationException - Thrown if the user is not authorized to perform the operation.
        java.rmi.RemoteException

      • getRuleViolations

        public java.util.Collection<IRuleViolation> getRuleViolations(java.lang.String ruleName)
                                                       throws java.rmi.RemoteException,
                                                              ApplicationException,
                                                              AuthorizationException
        Retrieve the violations for the given rule in this separation of duty policy.
        Parameters:
        ruleName - The rule name (which is found in the policy) to lookup violations
        Throws:
        ApplicationException - Thrown when an application-level error occurs.
        AuthorizationException - Thrown if the user is not authorized to perform the operation.
        java.rmi.RemoteException

      • getRuleExemptions

        public java.util.Collection<IRuleExemption> getRuleExemptions(java.lang.String ruleName)
                                                       throws java.rmi.RemoteException,
                                                              ApplicationException,
                                                              AuthorizationException
        Retrieve the exemptions for the given rule in this separation of duty policy.
        Parameters:
        ruleName - The rule name (which is found in the policy) to lookup exemptions
        Throws:
        ApplicationException - Thrown when an application-level error occurs.
        AuthorizationException - Thrown if the user is not authorized to perform the operation.
        java.rmi.RemoteException
Skip navigation links