|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.ibm.itim.apps.provisioning.AccessManager
public class AccessManager
Provides aggregate access management capabilities. These capabilities include the creation or request, removal and search of access. An access can be either a role-based or a group-based access. Before creating or requesting a role based access, there must be (1) A person or access owner who will own the access, (2) A role which is enabled as an access, and And before you create or request a group access, there should be (1) A person ot access owner who will own the access, (2) A service that hosts the account and the group.
Constructor Summary | |
---|---|
AccessManager(PlatformContext platform,
javax.security.auth.Subject subject)
Constructs the manager with a platform context and a subject. |
Method Summary | |
---|---|
java.util.List<Request> |
createAccess(java.util.List<NewUserAccess> lstNewUserAccesses,
AccessEntitlement userAccess,
java.util.Date scheduledTime)
Creates an access in the provisioning platform with the specified attributes for the mentioned users. |
void |
getAccesses(PersonMO owner,
Access accessInfo,
SearchResultsMO searchResults,
java.util.Locale locale)
The method returns all the accesses assigned to a person. |
void |
getAuthorizedAccesses(OrganizationalContainerMO container,
PersonMO person,
com.ibm.itim.dataservices.model.domain.access.AccessType accessType,
java.lang.String accessInfo,
SearchResultsMO results,
java.util.Locale locale,
boolean checkAddAccess)
Returns authorized access for a user based on the access information provided. |
Request |
removeAccess(IUserAccess accessToBeRemoved,
java.util.Date scheduledTime)
Submits a user access removal request to the provisioning platform. |
Methods inherited from class java.lang.Object |
---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public AccessManager(PlatformContext platform, javax.security.auth.Subject subject)
platform
- PlatformContext holding platform connection information.subject
- Subject representing the authenticated caller.Method Detail |
---|
public java.util.List<Request> createAccess(java.util.List<NewUserAccess> lstNewUserAccesses, AccessEntitlement userAccess, java.util.Date scheduledTime) throws java.rmi.RemoteException, ApplicationException, AuthorizationException, SchemaViolationException
IUserAccess
does not have a serviceDN
then access type is considered
as a role access. The user can request for only one type of access at a given time. For example if
the IUserAccess
has a null serviceDN then all the AccessEntitlement
objects in the
array should have a resource object of type Role
. If there is a resource type of any other type then
the API throws an ApplicationException
with INVALID_ARGUMENT error code.
lstNewUserAccesses
- An array of com.ibm.itim.apps.provisioning.AccessEntitlement
object capturing owner and the access resource information.
For role based access the resource object is of type Role
while
for group based access the resource object type is Account
userAccess
- com.ibm.itim.apps.provisioning.AccessEntitlement
capturing the details of the access which is being requested.scheduledTime
- The scheduled starting time of the process. If NULL, the process will start immediately. In case this method is invoked
remotely, passing this parameter as the current date and time of the client machine is not a safe technique to use, since the
date and time of the client machine may not be the same as the date and time of the ISIM server machine.
java.util.List
of com.ibm.itim.apps.Request
objects for each of the user
java.rmi.RemoteException
- Thrown if unable to communicate with platform.
ApplicationException
- Thrown with an invalid argument error code if an invalid resource is specified in the AccessEntitlement object.
The valid types are Account
and Role
.
The exception is also thrown when there is an error in submitting the request. *
AuthorizationException
- Thrown if the user is not authorized to perform the operation.
SchemaViolationException
- Thrown if there is a violation in the LDAP schema.public void getAccesses(PersonMO owner, Access accessInfo, SearchResultsMO searchResults, java.util.Locale locale) throws java.rmi.RemoteException, ApplicationException
accessId
in the Access
can filter the access list.
owner
- com.ibm.itim.apps.identity.PersonMO
object representing the person whose assigned accesses are to be retrieved.accessInfo
- Optional com.ibm.itim.dataservices.model.domain.access.Access
object that contains the unique accessId
to filter the owner accesses list. It returns all the owner accesses if the value is NULL.searchResults
- Contains the IUserAccess
objects that are returned.locale
- java.util.Locale
object represents the client locale to sort the results. You can sort the results on the access name attribute.
java.rmi.RemoteException
- Thrown if unable to communicate with platform.
ApplicationException
- Thrown if unable to find the owner or the owner does not have sufficient privileges for performing the operation.public Request removeAccess(IUserAccess accessToBeRemoved, java.util.Date scheduledTime) throws java.rmi.RemoteException, ApplicationException, AuthorizationException, SchemaViolationException
accessesToBeRemoved
- com.ibm.itim.apps.provisioning.IUserAccess
object that contains the access information you want to remove.scheduledTime
- The scheduled starting time of the process. If NULL, the process will start immediately. In case this method is invoked
remotely, passing this parameter as the current date and time of the client machine is not a safe technique to use, since the
date and time of the client machine may not be the same as the date and time of the ISIM server machine.
com.ibm.itim.apps.Request
Represents a request submitted to the provisioning platform.
java.rmi.RemoteException
- Thrown if unable to communicate with platform.
ApplicationException
- Thrown if unable to locate the role or group.
AuthorizationException
- Thrown if the user does not have sufficient privileges for performing the operation.
SchemaViolationException
- Thrown if there is a violation in the LDAP schema.public void getAuthorizedAccesses(OrganizationalContainerMO container, PersonMO person, com.ibm.itim.dataservices.model.domain.access.AccessType accessType, java.lang.String accessInfo, SearchResultsMO results, java.util.Locale locale, boolean checkAddAccess) throws java.rmi.RemoteException, ApplicationException, AuthorizationException, SchemaViolationException
container
- the organizational container represents the parent container to scope
the search. If the value is NULL, the search is performed from the root.person
- The target person for whom the access is authorized.
If input is NULL an ApplicationException with error code not-support is thrown.accessType
- An Access type to filter the access search. If the input value is NULL, it matches all access types.accessInfo
- The access information used for the access name and access description substring match.
If the input value is NULL, then it matches all accesses.results
- SearchResultsMO
holds the results of the search. Contains a collection
of com.ibm.itim.apps.provisioning.AccessEntitlement
object.
SearchResultsMO
supports the paging and sorting.locale
- Clients locale to sort the results. If the input value is NULL, then use the Locale.getDefault() server JVM.checkAddAccess
- Indicates whether to determine the ACI for an access request.
java.rmi.RemoteException
- Thrown if unable to communicate with platform.
ApplicationException
- Thrown if unable to obtain the accesses. This may possibly be caused by
the container being removed by another client previous to this call.
AuthorizationException
- Thrown if the user does not have the privileges for performing the operation.
SchemaViolationException
- Thrown if there is a violation in the LDAP schema.
|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |