public class AccessManager
extends java.lang.Object
| Constructor and Description |
|---|
AccessManager(PlatformContext platform,
javax.security.auth.Subject subject)
Constructs the manager with a platform context and a subject.
|
| Modifier and Type | Method and Description |
|---|---|
java.util.List<Request> |
createAccess(java.util.List<NewUserAccess> lstNewUserAccesses,
AccessEntitlement userAccess,
java.util.Date scheduledTime)
Creates an access in the provisioning platform with the specified
attributes for the mentioned users.
|
java.util.List<Request> |
createAccess(java.util.List<NewUserAccess> lstNewUserAccesses,
AccessEntitlement userAccess,
java.util.Date scheduledTime,
java.lang.String justification)
Creates an access in the provisioning platform with the specified
attributes for the mentioned users.
|
void |
getAccesses(PersonMO owner,
Access accessInfo,
SearchResultsMO searchResults,
java.util.Locale locale)
The method returns all the accesses assigned to a person.
|
void |
getAuthorizedAccesses(OrganizationalContainerMO container,
PersonMO person,
com.ibm.itim.dataservices.model.domain.access.AccessType accessType,
java.lang.String accessInfo,
SearchResultsMO results,
java.util.Locale locale,
boolean checkAddAccess)
Returns authorized access for a user based on the access information provided.
|
Request |
removeAccess(IUserAccess accessToBeRemoved,
java.util.Date scheduledTime)
Submits a user access removal request to the provisioning platform.
|
Request |
removeAccess(IUserAccess accessToBeRemoved,
java.util.Date scheduledTime,
java.lang.String justification)
Submits a user access removal request to the provisioning platform.
|
public AccessManager(PlatformContext platform, javax.security.auth.Subject subject)
platform - PlatformContext holding platform connection information.subject - Subject representing the authenticated caller.public java.util.List<Request> createAccess(java.util.List<NewUserAccess> lstNewUserAccesses, AccessEntitlement userAccess, java.util.Date scheduledTime) throws java.rmi.RemoteException, ApplicationException, AuthorizationException, SchemaViolationException
IUserAccess does not have a serviceDN then access type is considered
as a role access. The user can request for only one type of access at a given time. For example if
the IUserAccess has a null serviceDN then all the AccessEntitlement objects in the
array should have a resource object of type Role. If there is a resource type of any other type then
the API throws an ApplicationException with INVALID_ARGUMENT error code.lstNewUserAccesses - An array of com.ibm.itim.apps.provisioning.AccessEntitlement object capturing owner and the access resource information.
For role based access the resource object is of type Role while
for group based access the resource object type is AccountuserAccess - com.ibm.itim.apps.provisioning.AccessEntitlement capturing the details of the access which is being requested.scheduledTime - The scheduled starting time of the process. If NULL, the process will start immediately. In case this method is invoked
remotely, passing this parameter as the current date and time of the client machine is not a safe technique to use, since the
date and time of the client machine may not be the same as the date and time of the server machine.java.util.List of com.ibm.itim.apps.Request objects for each of the userjava.rmi.RemoteException - Thrown if unable to communicate with platform.ApplicationException - Thrown with an invalid argument error code if an invalid resource is specified in the AccessEntitlement object.
The valid types are Account and Role.
The exception is also thrown when there is an error in submitting the request. *AuthorizationException - Thrown if the user is not authorized to perform the operation.SchemaViolationException - Thrown if there is a violation in the LDAP schema.public java.util.List<Request> createAccess(java.util.List<NewUserAccess> lstNewUserAccesses, AccessEntitlement userAccess, java.util.Date scheduledTime, java.lang.String justification) throws java.rmi.RemoteException, ApplicationException, AuthorizationException, SchemaViolationException
IUserAccess does not have a serviceDN then access type is considered
as a role access. The user can request for only one type of access at a given time. For example if
the IUserAccess has a null serviceDN then all the AccessEntitlement objects in the
array should have a resource object of type Role. If there is a resource type of any other type then
the API throws an ApplicationException with INVALID_ARGUMENT error code.lstNewUserAccesses - An array of com.ibm.itim.apps.provisioning.AccessEntitlement object capturing owner and the access resource information.
For role based access the resource object is of type Role while
for group based access the resource object type is AccountuserAccess - com.ibm.itim.apps.provisioning.AccessEntitlement capturing the details of the access which is being requested.scheduledTime - The scheduled starting time of the process. If NULL, the process will start immediately. In case this method is invoked
remotely, passing this parameter as the current date and time of the client machine is not a safe technique to use, since the
date and time of the client machine may not be the same as the date and time of the server machine.justification - Justification holds the justification for create accessjava.util.List of com.ibm.itim.apps.Request objects for each of the userjava.rmi.RemoteException - Thrown if unable to communicate with platform.ApplicationException - Thrown with an invalid argument error code if an invalid resource is specified in the AccessEntitlement object.
The valid types are Account and Role.
The exception is also thrown when there is an error in submitting the request. *AuthorizationException - Thrown if the user is not authorized to perform the operation.SchemaViolationException - Thrown if there is a violation in the LDAP schema.public void getAccesses(PersonMO owner, Access accessInfo, SearchResultsMO searchResults, java.util.Locale locale) throws java.rmi.RemoteException, ApplicationException
accessId in the Access can filter the access list.owner - com.ibm.itim.apps.identity.PersonMO object representing the person whose assigned accesses are to be retrieved.accessInfo - Optional com.ibm.itim.dataservices.model.domain.access.Access object that contains the unique accessId
to filter the owner accesses list. It returns all the owner accesses if the value is NULL.searchResults - Contains the IUserAccess objects that are returned.locale - java.util.Locale object represents the client locale to sort the results. You can sort the results on the access name attribute.java.rmi.RemoteException - Thrown if unable to communicate with platform.ApplicationException - Thrown if unable to find the owner or the owner does not have sufficient privileges for performing the operation.public Request removeAccess(IUserAccess accessToBeRemoved, java.util.Date scheduledTime) throws java.rmi.RemoteException, ApplicationException, AuthorizationException, SchemaViolationException
accessesToBeRemoved - com.ibm.itim.apps.provisioning.IUserAccess object that contains the access information you want to remove.scheduledTime - The scheduled starting time of the process. If NULL, the process will start immediately. In case this method is invoked
remotely, passing this parameter as the current date and time of the client machine is not a safe technique to use, since the
date and time of the client machine may not be the same as the date and time of the server machine.com.ibm.itim.apps.Request Represents a request submitted to the provisioning platform.java.rmi.RemoteException - Thrown if unable to communicate with platform.ApplicationException - Thrown if unable to locate the role or group.AuthorizationException - Thrown if the user does not have sufficient privileges for performing the operation.SchemaViolationException - Thrown if there is a violation in the LDAP schema.public Request removeAccess(IUserAccess accessToBeRemoved, java.util.Date scheduledTime, java.lang.String justification) throws java.rmi.RemoteException, ApplicationException, AuthorizationException, SchemaViolationException
accessesToBeRemoved - com.ibm.itim.apps.provisioning.IUserAccess object that contains the access information you want to remove.scheduledTime - The scheduled starting time of the process. If NULL, the process will start immediately. In case this method is invoked
remotely, passing this parameter as the current date and time of the client machine is not a safe technique to use, since the
date and time of the client machine may not be the same as the date and time of the server machine.justification - Justification holds the justification for removing accesscom.ibm.itim.apps.Request Represents a request submitted to the provisioning platform.java.rmi.RemoteException - Thrown if unable to communicate with platform.ApplicationException - Thrown if unable to locate the role or group.AuthorizationException - Thrown if the user does not have sufficient privileges for performing the operation.SchemaViolationException - Thrown if there is a violation in the LDAP schema.public void getAuthorizedAccesses(OrganizationalContainerMO container, PersonMO person, com.ibm.itim.dataservices.model.domain.access.AccessType accessType, java.lang.String accessInfo, SearchResultsMO results, java.util.Locale locale, boolean checkAddAccess) throws java.rmi.RemoteException, ApplicationException, AuthorizationException, SchemaViolationException
container - the organizational container represents the parent container to scope
the search. If the value is NULL, the search is performed from the root.person - The target person for whom the access is authorized.
If input is NULL an ApplicationException with error code not-support is thrown.accessType - An Access type to filter the access search. If the input value is NULL, it matches all access types.accessInfo - The access information used for the access name and access description substring match.
If the input value is NULL, then it matches all accesses.results - SearchResultsMO holds the results of the search. Contains a collection
of com.ibm.itim.apps.provisioning.AccessEntitlement object.
SearchResultsMO supports the paging and sorting.locale - Clients locale to sort the results. If the input value is NULL, then use the Locale.getDefault() server JVM.checkAddAccess - Indicates whether to determine the ACI for an access request.java.rmi.RemoteException - Thrown if unable to communicate with platform.ApplicationException - Thrown if unable to obtain the accesses. This may possibly be caused by
the container being removed by another client previous to this call.AuthorizationException - Thrown if the user does not have the privileges for performing the operation.SchemaViolationException - Thrown if there is a violation in the LDAP schema.