public final class AdminMgrImpl extends Manageable implements AdminMgr, Serializable
This class is NOT thread safe if parent instance variables (Manageable.contextId
or Manageable.adminSess
) are set.
adminSess, contextId
Constructor and Description |
---|
AdminMgrImpl() |
Modifier and Type | Method and Description |
---|---|
void |
addAscendant(Role childRole,
Role parentRole)
This command creates a new role parentRole, and inserts it in the role hierarchy as an immediate ascendant of
the existing role childRole.
|
void |
addDescendant(Role parentRole,
Role childRole)
This command creates a new role childRole, and inserts it in the role hierarchy as an immediate descendant of
the existing role parentRole.
|
SDSet |
addDsdRoleMember(SDSet dsdSet,
Role role)
This command adds a role to a named DSD set of roles.
|
void |
addInheritance(Role parentRole,
Role childRole)
This command establishes a new immediate inheritance relationship parentRole <<-- childRole between existing
roles parentRole, childRole.
|
Permission |
addPermission(Permission perm)
This method will add permission operation to an existing permission object which resides under
ou=Permissions,ou=RBAC,dc=yourHostName,dc=com container in directory information tree. |
PermObj |
addPermObj(PermObj pObj)
This method will add permission object to perms container in directory.
|
Role |
addRole(Role role)
This command creates a new role.
|
SDSet |
addSsdRoleMember(SDSet ssdSet,
Role role)
This command adds a role to a named SSD set of roles.
|
User |
addUser(User user)
This command creates a new RBAC user.
|
void |
assignUser(UserRole uRole)
This command assigns a user to a role.
|
void |
changePassword(User user,
char[] newPassword)
Method will change user's password.
|
SDSet |
createDsdSet(SDSet dsdSet)
This command creates a named DSD set of roles and sets an associated cardinality n.
|
SDSet |
createSsdSet(SDSet ssdSet)
This command creates a named SSD set of roles and sets the cardinality n of its subsets
that cannot have common users.
|
void |
deassignUser(UserRole uRole)
This command deletes the assignment of the User from the Role entities.
|
SDSet |
deleteDsdRoleMember(SDSet dsdSet,
Role role)
This command removes a role from a named DSD set of roles.
|
SDSet |
deleteDsdSet(SDSet dsdSet)
This command deletes a DSD role set completely.
|
void |
deleteInheritance(Role parentRole,
Role childRole)
This command deletes an existing immediate inheritance relationship parentRole <<-- childRole.
|
void |
deletePasswordPolicy(User user)
Method will delete user's password policy designation.
|
void |
deletePermission(Permission perm)
This method will remove permission operation entity from permission object.
|
void |
deletePermObj(PermObj pObj)
This method will remove permission object to perms container in directory.
|
void |
deleteRole(Role role)
This command deletes an existing role from the RBAC database.
|
SDSet |
deleteSsdRoleMember(SDSet ssdSet,
Role role)
This command removes a role from a named SSD set of roles.
|
SDSet |
deleteSsdSet(SDSet ssdSet)
This command deletes a SSD role set completely.
|
void |
deleteUser(User user)
This command deletes an existing user from the RBAC database.
|
void |
disableUser(User user)
This command deletes an existing user from the RBAC database.
|
void |
grantPermission(Permission perm,
Role role)
This command grants a role the permission to perform an operation on an object to a role.
|
void |
grantPermission(Permission perm,
User user)
This command grants a user the permission to perform an operation on an object to a role.
|
void |
lockUserAccount(User user)
Method will lock user's password which will prevent the user from authenticating with directory.
|
void |
resetPassword(User user,
char[] newPassword)
Method will reset user's password which will require user to change password before successful authentication with
directory.
|
void |
revokePermission(Permission perm,
Role role)
This command revokes the permission to perform an operation on an object from the set
of permissions assigned to a role.
|
void |
revokePermission(Permission perm,
User user)
This command revokes the permission to perform an operation on an object from the set
of permissions assigned to a user.
|
SDSet |
setDsdSetCardinality(SDSet dsdSet,
int cardinality)
This command sets the cardinality associated with a given DSD role set.
|
SDSet |
setSsdSetCardinality(SDSet ssdSet,
int cardinality)
This command sets the cardinality associated with a given SSD role set.
|
void |
unlockUserAccount(User user)
Method will unlock user's password which will enable user to authenticate with directory.
|
SDSet |
updateDsdSet(SDSet dsdSet)
This command updates existing DSD set of roles and sets the cardinality n of its subsets
that cannot have common users.
|
Permission |
updatePermission(Permission perm)
This method will update permission operation pre-existing in target directory under
ou=Permissions,ou=RBAC,dc=yourHostName,dc=com container in directory information tree. |
PermObj |
updatePermObj(PermObj pObj)
This method will update permission object in perms container in directory.
|
Role |
updateRole(Role role)
Method will update a Role entity in the directory.
|
SDSet |
updateSsdSet(SDSet ssdSet)
This command updates existing SSD set of roles and sets the cardinality n of its subsets
that cannot have common users.
|
User |
updateUser(User user)
This method performs an update on User entity in directory.
|
assertContext, assertContext, checkAccess, getFullMethodName, setAdmin, setAdminData, setContextId, setEntitySession
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
setAdmin, setContextId
public User addUser(User user) throws SecurityException
User.userId
- maps to INetOrgPerson uidUser.password
- used to authenticate the UserUser.ou
- contains the name of an already existing User OU nodeUser.pwPolicy
- contains the name of an already existing OpenLDAP password policy nodeUser.cn
- maps to INetOrgPerson common name attributeUser.sn
- maps to INetOrgPerson surname attributeUser.description
- maps to INetOrgPerson description attributeUser.title
- maps to INetOrgPerson title attributeUser.employeeType
- maps to INetOrgPerson employeeType attributeUser.phones
* - multi-occurring attribute maps to organizationalPerson telephoneNumber attributeUser.mobiles
* - multi-occurring attribute maps to INetOrgPerson mobile attributeUser.emails
* - multi-occurring attribute maps to INetOrgPerson mail attributeUser.address
* - multi-occurring attribute maps to organizationalPerson postalAddress, st,
l, postalCode, postOfficeBox attributes
User.beginTime
- HHMM - determines begin hour user may activate sessionUser.endTime
- HHMM - determines end hour user may activate session.User.beginDate
- YYYYMMDD - determines date when user may sign onUser.endDate
- YYYYMMDD - indicates latest date user may sign onUser.beginLockDate
- YYYYMMDD - determines beginning of enforced inactive statusUser.endLockDate
- YYYYMMDD - determines end of enforced inactive statusUser.dayMask
- 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign onUser.timeout
- number in seconds of session inactivity time allowedUser.props
* - multi-occurring attribute contains property key and values are separated with a ':'.
e.g. mykey1:myvalue1
User.roles
* - multi-occurring attribute contains the name of already existing role to assign to user
User.adminRoles
* - multi-occurring attribute contains the name of already existing adminRole to assign
to user
addUser
in interface AdminMgr
user
- User entity must contain User.userId
and User.ou
(required) and optional
User.description
,User.roles
and many others.SecurityException
- thrown in the event of data validation or system error.public void disableUser(User user) throws SecurityException
User.userId
- maps to INetOrgPerson uiddisableUser
in interface AdminMgr
user
- Contains the User.userId
of the User targeted for deletion.SecurityException
- thrown in the event of data validation or system error.public void deleteUser(User user) throws SecurityException
User.userId
- maps to INetOrgPerson uiddeleteUser
in interface AdminMgr
user
- Contains the User.userId
of the User targeted for deletion.SecurityException
- thrown in the event of data validation or system error.public User updateUser(User user) throws SecurityException
User.userId
- maps to INetOrgPerson uidUser.password
- used to authenticate the UserUser.ou
- contains the name of an already existing User OU nodeUser.pwPolicy
- contains the name of an already existing OpenLDAP password policy nodeUser.cn
- maps to INetOrgPerson common name attributeUser.sn
- maps to INetOrgPerson surname attributeUser.description
- maps to INetOrgPerson description attributeUser.title
- maps to INetOrgPerson title attributeUser.employeeType
- maps to INetOrgPerson employeeType attributeUser.phones
* - multi-occurring attribute maps to organizationalPerson telephoneNumber attributeUser.mobiles
* - multi-occurring attribute maps to INetOrgPerson mobile attributeUser.emails
* - multi-occurring attribute maps to INetOrgPerson mail attributeUser.address
* - multi-occurring attribute maps to organizationalPerson postalAddress, st, l,
postalCode, postOfficeBox attributes
User.beginTime
- HHMM - determines begin hour user may activate sessionUser.endTime
- HHMM - determines end hour user may activate session.User.beginDate
- YYYYMMDD - determines date when user may sign onUser.endDate
- YYYYMMDD - indicates latest date user may sign onUser.beginLockDate
- YYYYMMDD - determines beginning of enforced inactive statusUser.endLockDate
- YYYYMMDD - determines end of enforced inactive statusUser.dayMask
- 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign onUser.timeout
- number in seconds of session inactivity time allowedUser.props
* - multi-occurring attribute contains property key and values are separated with a ':'.
e.g. mykey1:myvalue1
User.roles
* - multi-occurring attribute contains the name of already existing role to assign to user
User.adminRoles
* - multi-occurring attribute contains the name of already existing adminRole to assign
to user
updateUser
in interface AdminMgr
user
- must contain User.userId
and optional entity data to update i.e. desc, ou, properties, all
attributes that are not set will be ignored.SecurityException
- thrown in the event of validation or system error.public void changePassword(User user, char[] newPassword) throws SecurityException
User.userId
- maps to INetOrgPerson uidUser.password
- contains the User's old passwordchangePassword
in interface AdminMgr
user
- contains User.userId
and old user password User.password
.newPassword
- contains new user password.SecurityException
- will be thrown in the event of password policy violation or system error.public void lockUserAccount(User user) throws SecurityException
User.userId
- maps to INetOrgPerson uidlockUserAccount
in interface AdminMgr
user
- entity contains User.userId
of User to be locked.SecurityException
- will be thrown in the event of pw policy violation or system error.public void unlockUserAccount(User user) throws SecurityException
User.userId
- maps to INetOrgPerson uidunlockUserAccount
in interface AdminMgr
user
- entity contains User.userId
of User to be unlocked.SecurityException
- will be thrown in the event of pw policy violation or system error.public void resetPassword(User user, char[] newPassword) throws SecurityException
User.userId
- maps to INetOrgPerson uidresetPassword
in interface AdminMgr
user
- entity contains User.userId
of User to be reset.newPassword
- The new password to setSecurityException
- will be thrown in the event of pw policy violation or system error.public void deletePasswordPolicy(User user) throws SecurityException
User.userId
- maps to INetOrgPerson uiddeletePasswordPolicy
in interface AdminMgr
user
- contains User.userId
.SecurityException
- will be thrown in the event of password policy violation or system error.public Role addRole(Role role) throws SecurityException
Role.name
- contains the name to use for the Role to be created.Role.description
- maps to description attribute on organizationalRole object classRole.beginTime
- HHMM - determines begin hour role may be activated into user's RBAC sessionRole.endTime
- HHMM - determines end hour role may be activated into user's RBAC session.Role.beginDate
- YYYYMMDD - determines date when role may be activated into user's RBAC sessionRole.endDate
- YYYYMMDD - indicates latest date role may be activated into user's RBAC sessionRole.beginLockDate
- YYYYMMDD - determines beginning of enforced inactive statusRole.endLockDate
- YYYYMMDD - determines end of enforced inactive statusRole.dayMask
- 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into
user's RBAC session
addRole
in interface AdminMgr
role
- must contains Role.name
(required) and optional Role.description
.SecurityException
- thrown in the event of data validation or system error.public void deleteRole(Role role) throws SecurityException
Role.name
- contains the name to use for the Role to be deleted.deleteRole
in interface AdminMgr
role
- Must contain Role.name
for Role to delete.SecurityException
- thrown in the event of data validation or system error.public Role updateRole(Role role) throws SecurityException
Role.name
- contains the name to use for the Role to be updated.Role.description
- maps to description attribute on organizationalRole object classRole.beginTime
- HHMM - determines begin hour role may be activated into user's RBAC sessionRole.endTime
- HHMM - determines end hour role may be activated into user's RBAC session.Role.beginDate
- YYYYMMDD - determines date when role may be activated into user's RBAC sessionRole.endDate
- YYYYMMDD - indicates latest date role may be activated into user's RBAC sessionRole.beginLockDate
- YYYYMMDD - determines beginning of enforced inactive statusRole.endLockDate
- YYYYMMDD - determines end of enforced inactive statusRole.dayMask
- 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into
user's RBAC session
updateRole
in interface AdminMgr
role
- Must contains Role.name
and may contain new description or
Constraint
SecurityException
- in the event of validation or system error.public void assignUser(UserRole uRole) throws SecurityException
Successful completion of this op, the following occurs:
ftUserAttrs
aux object class based on:UserRole.name
- contains the name for already existing Role to be assignedUserRole.userId
- contains the userId for existing UserUserRole.beginTime
- HHMM - determines begin hour role may be activated into user's RBAC sessionUserRole.endTime
- HHMM - determines end hour role may be activated into user's RBAC session.UserRole.beginDate
- YYYYMMDD - determines date when role may be activated into user's RBAC sessionUserRole.endDate
- YYYYMMDD - indicates latest date role may be activated into user's RBAC sessionUserRole.beginLockDate
- YYYYMMDD - determines beginning of enforced inactive statusUserRole.endLockDate
- YYYYMMDD - determines end of enforced inactive statusUserRole.dayMask
- 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into
user's RBAC session
assignUser
in interface AdminMgr
uRole
- must contain UserRole.userId
and UserRole.name
and optional Constraints
.SecurityException
- in the event of validation or system error.public void deassignUser(UserRole uRole) throws SecurityException
UserRole.name
- contains the name for already existing Role to be deassignedUserRole.userId
- contains the userId for existing UserdeassignUser
in interface AdminMgr
uRole
- must contain UserRole.userId
and UserRole.name
.SecurityException
- - in the event data error in user or role objects or system error.public Permission addPermission(Permission perm) throws SecurityException
ou=Permissions,ou=RBAC,dc=yourHostName,dc=com
container in directory information tree.
The perm operation entity may have Role
or
User
associations. The target Permission
must not exist
prior to calling.
A Fortress Permission instance exists in a hierarchical, one-many relationship between its parent and itself as
stored in ldap tree: (PermObj
*->Permission
).
Permission.objName
- contains the name of existing object being targeted for the permission addPermission.opName
- contains the name of new permission operation being addedPermission.roles
* - multi occurring attribute contains RBAC Roles that permission operation is being
granted to
Permission.users
* - multi occurring attribute contains Users that permission operation is being granted
to
Permission.props
* - multi-occurring property key and values are separated with a ':'. e.g.
mykey1:myvalue1
Permission.type
- any safe textaddPermission
in interface AdminMgr
perm
- must contain the object, Permission.objName
, and operation, Permission.opName
, that identifies target along with optional other attributes..SecurityException
- - thrown in the event of perm object data or system error.public Permission updatePermission(Permission perm) throws SecurityException
ou=Permissions,ou=RBAC,dc=yourHostName,dc=com
container in directory information tree.
The perm operation entity may also contain Role
or
User
associations to add or remove using this function.
The perm operation must exist before making this call. Only non-null attributes will be updated.
Permission.objName
- contains the name of existing object being targeted for the permission updatePermission.opName
- contains the name of existing permission operation being updatedPermission.roles
* - multi occurring attribute contains RBAC Roles that permission operation is being
granted to
Permission.users
* - multi occurring attribute contains Users that permission operation is being granted
to
Permission.props
* - multi-occurring property key and values are separated with a ':'. e.g.
mykey1:myvalue1
Permission.type
- any safe textupdatePermission
in interface AdminMgr
perm
- must contain the object, Permission.objName
, and operation, Permission.opName
, that
identifies target and any optional data to update. Null or empty attributes will be ignored.SecurityException
- - thrown in the event of perm object data or system error.public void deletePermission(Permission perm) throws SecurityException
Permission.objName
- contains the name of existing object being targeted for the permission deletePermission.opName
- contains the name of existing permission operation being removeddeletePermission
in interface AdminMgr
perm
- must contain the object, Permission.objName
, and operation, Permission.opName
, that
identifies target.SecurityException
- - thrown in the event of perm object data or system error.public PermObj addPermObj(PermObj pObj) throws SecurityException
PermObj
instance exists in a hierarchical, one-many relationship between itself and children as stored in
ldap tree: (PermObj
*->Permission
).
PermObj.objName
- contains the name of new object being addedPermObj.ou
- contains the name of an existing PERMS OrgUnit this object is associated withPermObj.description
- any safe textPermObj.type
- contains any safe textPermObj.props
* - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1
addPermObj
in interface AdminMgr
pObj
- must contain the PermObj.objName
and PermObj.ou
. The other attributes are optional.SecurityException
- - thrown in the event of perm object data or system error.public PermObj updatePermObj(PermObj pObj) throws SecurityException
PermObj
instance exists in a hierarchical, one-many relationship between itself and children as stored in
ldap tree: (PermObj
*->Permission
).
PermObj.objName
- contains the name of existing object being updatedPermObj.ou
- contains the name of an existing PERMS OrgUnit this object is associated withPermObj.description
- any safe textPermObj.type
- contains any safe textPermObj.props
* - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1
updatePermObj
in interface AdminMgr
pObj
- must contain the PermObj.objName
. Only non-null attributes will be updated.SecurityException
- - thrown in the event of perm object data or system error.public void deletePermObj(PermObj pObj) throws SecurityException
PermObj.objName
- contains the name of existing object targeted for removaldeletePermObj
in interface AdminMgr
pObj
- must contain the PermObj.objName
of object targeted for removal.SecurityException
- - thrown in the event of perm object data or system error.public void grantPermission(Permission perm, Role role) throws SecurityException
Permission.objName
- contains the object namePermission.opName
- contains the operation nameRole.name
- contains the role namegrantPermission
in interface AdminMgr
perm
- must contain the object, Permission.objName
, and operation, Permission.opName
, that
identifies target.role
- must contains Role.name
.SecurityException
- Thrown in the event of data validation or system error.public void revokePermission(Permission perm, Role role) throws SecurityException
Permission.objName
- contains the object namePermission.opName
- contains the operation nameRole.name
- contains the role namerevokePermission
in interface AdminMgr
perm
- must contain the object, Permission.objName
, and operation, Permission.opName
, that
identifies target.role
- must contains Role.name
.SecurityException
- Thrown in the event of data validation or system error.public void grantPermission(Permission perm, User user) throws SecurityException
Permission.objName
- contains the object namePermission.opName
- contains the operation nameUser.userId
- contains the userIdgrantPermission
in interface AdminMgr
perm
- must contain the object, Permission.objName
, and operation, Permission.opName
,
that identifies target.user
- must contain User.userId
of target User entity.SecurityException
- Thrown in the event of data validation or system error.public void revokePermission(Permission perm, User user) throws SecurityException
Permission.objName
- contains the object namePermission.opName
- contains the operation nameUser.userId
- contains the userIdrevokePermission
in interface AdminMgr
perm
- must contain the object, Permission.objName
, and operation, Permission.opName
, that
identifies target.user
- must contain User.userId
of target User entity.SecurityException
- Thrown in the event of data validation or system error.public void addDescendant(Role parentRole, Role childRole) throws SecurityException
The command is valid if and only if:
This method:
Role.name
- contains the name of existing Role to be parentRole.name
- contains the name of new Role to be childRole.description
- maps to description attribute on organizationalRole object class for new
child
Role.beginTime
- HHMM - determines begin hour role may be activated into user's RBAC session
for new child
Role.endTime
- HHMM - determines end hour role may be activated into user's RBAC session for
new child
Role.beginDate
- YYYYMMDD - determines date when role may be activated into user's RBAC
session for new child
Role.endDate
- YYYYMMDD - indicates latest date role may be activated into user's RBAC
session for new child
Role.beginLockDate
- YYYYMMDD - determines beginning of enforced inactive status for new
child
Role.endLockDate
- YYYYMMDD - determines end of enforced inactive status for new child
Role.dayMask
- 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be
activated into user's RBAC session for new child
addDescendant
in interface AdminMgr
parentRole
- This entity must be present in ROLE data set. Success will add role rel with childRole.childRole
- This entity must not be present in ROLE data set. Success will add the new role entity to ROLE
data set.SecurityException
- thrown in the event of data validation or system error.public void addAscendant(Role childRole, Role parentRole) throws SecurityException
The command is valid if and only if:
This method:
Role.name
- contains the name of existing child RoleRole.name
- contains the name of new Role to be parentRole.description
- maps to description attribute on organizationalRole object class for
new parent
Role.beginTime
- HHMM - determines begin hour role may be activated into user's RBAC
session for new parent
Role.endTime
- HHMM - determines end hour role may be activated into user's RBAC session
for new parent
Role.beginDate
- YYYYMMDD - determines date when role may be activated into user's RBAC
session for new parent
Role.endDate
- YYYYMMDD - indicates latest date role may be activated into user's RBAC
session for new parent
Role.beginLockDate
- YYYYMMDD - determines beginning of enforced inactive status for new
parent
Role.endLockDate
- YYYYMMDD - determines end of enforced inactive status for new parent
Role.dayMask
- 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be
activated into user's RBAC session for new parent
addAscendant
in interface AdminMgr
childRole
- completion of op assigns new parent relationship with parentRole.parentRole
- completion of op assigns new child relationship with childRole.SecurityException
- thrown in the event of data validation or system error.public void addInheritance(Role parentRole, Role childRole) throws SecurityException
The command is valid if and only if:
addInheritance
in interface AdminMgr
parentRole
- completion of op deassigns child relationship with childRole.childRole
- completion of op deassigns parent relationship with parentRole.SecurityException
- thrown in the event of data validation or system error.public void deleteInheritance(Role parentRole, Role childRole) throws SecurityException
The command is valid if and only if:
deleteInheritance
in interface AdminMgr
parentRole
- completion of op removes child relationship with childRole.childRole
- completion of op removes parent relationship with parentRole.SecurityException
- thrown in the event of data validation or system error.public SDSet createSsdSet(SDSet ssdSet) throws SecurityException
The command is valid if and only if:
SDSet.name
- contains the name of new SSD role set to be addedSDSet.members
* - multi-occurring attribute contains the RBAC Role names to be added to this setSDSet.cardinality
- default is 2 which is one more than maximum number of Roles that may be assigned to
User from a particular set
SDSet.description
- contains any safe textcreateSsdSet
in interface AdminMgr
ssdSet
- contains an instantiated reference to new SSD set containing, name, members, and cardinality (default 2)SecurityException
- in the event of data validation or system error.public SDSet updateSsdSet(SDSet ssdSet) throws SecurityException
The command is valid if and only if:
SDSet.name
- contains the name of existing SSD role set to be updatedSDSet.members
* - multi-occurring attribute contains the RBAC Role names to be added to this setSDSet.cardinality
- default is 2 which is one more than maximum number of Roles that may be assigned to
User from a particular set
SDSet.description
- contains any safe textupdateSsdSet
in interface AdminMgr
ssdSet
- contains an instantiated reference to existing SSD set containing, name, members, and cardinality
(default 2)SecurityException
- in the event of data validation or system error.public SDSet addSsdRoleMember(SDSet ssdSet, Role role) throws SecurityException
The command is valid if and only if:
SDSet.name
- contains the name of SSD role set to be modifiedRole.name
- contains the name of new SDSet.members
to be addedaddSsdRoleMember
in interface AdminMgr
ssdSet
- contains an instantiated reference to new SSD set containing, namerole
- contains instantiated Role object with role name field set.SecurityException
- in the event of data validation or system error.public SDSet deleteSsdRoleMember(SDSet ssdSet, Role role) throws SecurityException
The command is valid if and only if:
SDSet.name
- contains the name of SSD role set to be modifiedRole.name
- contains the name of existing SDSet.members
to be removeddeleteSsdRoleMember
in interface AdminMgr
ssdSet
- contains an instantiated reference to new SSD set containing name.role
- contains instantiated Role object with role name field set.SecurityException
- in the event of data validation or system error.public SDSet deleteSsdSet(SDSet ssdSet) throws SecurityException
SDSet.name
- contains the name of SSD role set to be removeddeleteSsdSet
in interface AdminMgr
ssdSet
- contains an instantiated reference to SSD set targeted for removal.SecurityException
- in the event of data validation or system error.public SDSet setSsdSetCardinality(SDSet ssdSet, int cardinality) throws SecurityException
The command is valid if and only if:
SDSet.name
- contains the name of SSD role set to be modifiedsetSsdSetCardinality
in interface AdminMgr
ssdSet
- contains an instantiated reference to new SSD set containing, namecardinality
- integer value contains new cardinality value for data set.SecurityException
- in the event of data validation or system error.public SDSet createDsdSet(SDSet dsdSet) throws SecurityException
The command is valid if and only if:
SDSet.name
- contains the name of new DSD role set to be addedSDSet.members
* - multi-occurring attribute contains the RBAC Role names to be added to this setSDSet.cardinality
- default is 2 which is one more than maximum number of Roles that may be assigned to
User from a particular set
SDSet.description
- contains any safe textcreateDsdSet
in interface AdminMgr
dsdSet
- contains an instantiated reference to new DSD set containing, name, members, and cardinality
(default 2)SecurityException
- in the event of data validation or system error.public SDSet updateDsdSet(SDSet dsdSet) throws SecurityException
The command is valid if and only if:
SDSet.name
- contains the name of existing DSD role set to be updatedSDSet.members
* - multi-occurring attribute contains the RBAC Role names to be added to this setSDSet.cardinality
- default is 2 which is one more than maximum number of Roles that may be assigned
to User from a particular set
SDSet.description
- contains any safe textupdateDsdSet
in interface AdminMgr
dsdSet
- contains an instantiated reference to existing DSD set containing, name, members, and cardinality
(default 2)SecurityException
- in the event of data validation or system error.public SDSet addDsdRoleMember(SDSet dsdSet, Role role) throws SecurityException
The command is valid if and only if:
SDSet.name
- contains the name of DSD role set to be modifiedRole.name
- contains the name of new SDSet.members
to be addedaddDsdRoleMember
in interface AdminMgr
dsdSet
- contains an instantiated reference to new DSD set containing, namerole
- contains instantiated Role object with role name field set.SecurityException
- in the event of data validation or system error.public SDSet deleteDsdRoleMember(SDSet dsdSet, Role role) throws SecurityException
The command is valid if and only if:
SDSet.name
- contains the name of DSD role set to be modifiedRole.name
- contains the name of existing SDSet.members
to be removeddeleteDsdRoleMember
in interface AdminMgr
dsdSet
- contains an instantiated reference to new DSD set containing name.role
- contains instantiated Role object with role name field set.SecurityException
- in the event of data validation or system error.public SDSet deleteDsdSet(SDSet dsdSet) throws SecurityException
SDSet.name
- contains the name of DSD role set to be removeddeleteDsdSet
in interface AdminMgr
dsdSet
- contains an instantiated reference to DSD set targeted for removal.SecurityException
- in the event of data validation or system error.public SDSet setDsdSetCardinality(SDSet dsdSet, int cardinality) throws SecurityException
The command is valid if and only if:
SDSet.name
- contains the name of DSD role set to be modifiedsetDsdSetCardinality
in interface AdminMgr
dsdSet
- contains an instantiated reference to new DSD set containing, namecardinality
- integer value contains new cardinality value for data set.SecurityException
- in the event of data validation or system error.Copyright © 2003-2016, The Apache Software Foundation. All Rights Reserved. Generated 20160718-1621