Class ReviewMgrImpl
- java.lang.Object
-
- org.apache.directory.fortress.core.impl.Manageable
-
- org.apache.directory.fortress.core.impl.ReviewMgrImpl
-
- All Implemented Interfaces:
Serializable
,Manageable
,ReviewMgr
public class ReviewMgrImpl extends Manageable implements ReviewMgr, Serializable
This class performs administrative review functions on already provisioned Fortress RBAC entities that reside in LDAP directory. These APIs map directly to similar named APIs specified by ANSI and NIST RBAC models. Many of the java doc function descriptions found below were taken directly from ANSI INCITS 359-2004. The RBAC Functional specification describes administrative operations for the creation and maintenance of RBAC element sets and relations; administrative review functions for performing administrative queries; and system functions for creating and managing RBAC attributes on user sessions and making access control decisions.
RBAC0 - Core
Many-to-many relationship between Users, Roles and Permissions. Selective role activation into sessions. API to add, update, delete identity data and perform identity and access control decisions during runtime operations.
RBAC1 - General Hierarchical Roles
Simplifies role engineering tasks using inheritance of one or more parent roles.
RBAC2 - Static Separation of Duty (SSD) Relations
Enforce mutual membership exclusions across role assignments. Facilitate dual control policies by restricting which roles may be assigned to users in combination. SSD provide added granularity for authorization limits which help enterprises meet strict compliance regulations.
RBAC3 - Dynamic Separation of Duty (DSD) Relations
Control allowed role combinations to be activated within an RBAC session. DSD policies fine tune role policies that facilitate authorization dual control and two man policy restrictions during runtime security checks.
`This class is NOT thread safe if parent instance variables (
Manageable.contextId
orManageable.adminSess
) are set.- Author:
- Apache Directory Project
- See Also:
- Serialized Form
-
-
Field Summary
-
Fields inherited from class org.apache.directory.fortress.core.impl.Manageable
adminSess, contextId
-
-
Constructor Summary
Constructors Constructor Description ReviewMgrImpl()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description List<String>
assignedRoles(String userId)
This function returns the set of roles assigned to a given user.List<UserRole>
assignedRoles(User user)
This function returns the set of roles assigned to a given user.List<User>
assignedUsers(Role role)
This method returns the data set of all users who are assigned the given role.List<String>
assignedUsers(Role role, int limit)
This function returns the set of users assigned to a given role.List<User>
assignedUsers(Role role, RoleConstraint roleConstraint)
This method returns the data set of all users who are assigned the given role.List<UserRole>
assignedUsers(Role role, RoleConstraint.RCType rcType, String keyName)
This method returns the user roles for all users who have the given role, with a specified constraint type and permission attribute set name.Set<String>
authorizedPermissionRoles(Permission perm)
Return all role names that have been authorized for a given permission.Set<String>
authorizedPermissionUsers(Permission perm)
Return all userIds that have been authorized for a given permission.Set<String>
authorizedRoles(User user)
This function returns the set of roles authorized for a given user.List<User>
authorizedUsers(Role role)
This function returns the set of users authorized to a given role, i.e., the users that are assigned to a role that inherits the given role.SDSet
dsdRoleSet(SDSet set)
This function returns the DSD data set that matches a particular set name.int
dsdRoleSetCardinality(SDSet dsd)
This function returns the cardinality associated with a DSD role set.Set<String>
dsdRoleSetRoles(SDSet dsd)
This function returns the set of roles of a DSD role set.List<SDSet>
dsdRoleSets(Role role)
This function returns the list of all dSD role sets that have a particular Role as member or Role's parent as a member.List<SDSet>
dsdSets(SDSet ssd)
This function returns the list of DSDs that match a given dsd name value.List<Permission>
findAnyPermissions(Permission permission)
Method returns a list of Permissions that match any part of the permission object or operation.List<Permission>
findPermissions(Permission permission)
Method returns a list of type Permission that match the perm object search string.List<PermObj>
findPermObjs(OrgUnit ou)
Method returns a list of type Permission that match the perm object search string.List<PermObj>
findPermObjs(PermObj permObj)
Method returns a list of type PermObj that match the perm object search string.List<Permission>
findPermsByObj(PermObj permObj)
Method returns Permission operations for the provided permission objectList<RoleConstraint>
findRoleConstraints(User user, Permission permission, RoleConstraint.RCType rcType)
Find all of the role constraints for the given user and permission attribute set.List<Role>
findRoles(String searchVal)
Method will return a list of type Role matching all or part of Role name, Role#name}.List<String>
findRoles(String searchVal, int limit)
Method returns a list of roles of type String.List<User>
findUsers(OrgUnit ou)
Return a list of type User of all users in the people container that match the name field passed in OrgUnit entity.List<User>
findUsers(User user)
Return a list of type User of all users in the people container that match all or part of the User#userId field passed in User entity.List<String>
findUsers(User user, int limit)
Return a list of type String of all users in the people container that match the userId field passed in User entity.List<String>
permissionRoles(Permission perm)
Return a list of type String of all roles that have granted a particular permission.List<String>
permissionUsers(Permission perm)
Return all userIds that have been granted (directly) a particular permission.PermissionAttributeSet
readPermAttributeSet(PermissionAttributeSet permAttributeSet)
Method read permission attribute set in directoryPermission
readPermission(Permission permission)
This method returns a matching permission entity to caller.PermObj
readPermObj(PermObj permObj)
Method reads permission object from perm container in directory.Role
readRole(Role role)
Method reads Role entity from the role container in directory.User
readUser(User user)
Method returns matching User entity that is contained within the people container in the directory.List<PermissionAttributeSet>
rolePermissionAttributeSets(Role role, boolean noInhertiance)
This function returns all the permission attribute set (which contain 0 to many permission attributes) for a given role.List<Permission>
rolePermissions(Role role)
This function returns the set of all permissions (op, obj), granted to or inherited by a given role.List<Permission>
rolePermissions(Role role, boolean noInheritance)
This function returns the set of all permissions (op, obj), granted to or inherited by a given role.SDSet
ssdRoleSet(SDSet set)
This function returns the SSD data set that matches a particular set name.int
ssdRoleSetCardinality(SDSet ssd)
This function returns the cardinality associated with a SSD role set.Set<String>
ssdRoleSetRoles(SDSet ssd)
This function returns the set of roles of a SSD role set.List<SDSet>
ssdRoleSets(Role role)
This function returns the list of all SSD role sets that have a particular Role as member or Role's parent as a member.List<SDSet>
ssdSets(SDSet ssd)
This function returns the list of SSDs that match a given ssd name value.List<Permission>
userPermissions(User user)
This function returns the set of permissions a given user gets through his/her authorized roles.-
Methods inherited from class org.apache.directory.fortress.core.impl.Manageable
assertContext, assertContext, checkAccess, getFullMethodName, setAdmin, setAdminData, setContextId, setEntitySession
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.directory.fortress.core.Manageable
setAdmin, setContextId
-
-
-
-
Method Detail
-
readPermission
public Permission readPermission(Permission permission) throws SecurityException
This method returns a matching permission entity to caller.required parameters
- Permission#objName - contains the name of existing object being targeted
- Permission#opName - contains the name of existing permission operation
- Specified by:
readPermission
in interfaceReviewMgr
- Parameters:
permission
- must contain the object, Permission#objName}, and operation, Permission#opName}, and optionally object id of targeted permission entity.- Returns:
- Permission entity that is loaded with data.
- Throws:
SecurityException
- if permission not found or system error occurs.
-
readPermObj
public PermObj readPermObj(PermObj permObj) throws SecurityException
Method reads permission object from perm container in directory.required parameters
- PermObj#objName - contains the name of existing object being targeted
- Specified by:
readPermObj
in interfaceReviewMgr
- Parameters:
permObj
- entity contains the PermObj#objName of target record.- Returns:
- PermObj loaded with perm object data.
- Throws:
SecurityException
- is thrown if object not found or system error.
-
readPermAttributeSet
public PermissionAttributeSet readPermAttributeSet(PermissionAttributeSet permAttributeSet) throws SecurityException
Method read permission attribute set in directoryrequired parameters
- PermissionAttributeSet#name - contains the name of existing object being targeted
- Specified by:
readPermAttributeSet
in interfaceReviewMgr
- Parameters:
permAttributeSet
- entity contains the PermissionAttributeSet#name of target record.- Returns:
- PermissionAttributeSet loaded with perm attribute set data.
- Throws:
SecurityException
- is thrown if object not found or system error.
-
findPermissions
public List<Permission> findPermissions(Permission permission) throws SecurityException
Method returns a list of type Permission that match the perm object search string.optional parameters
- Permission#objName - contains one or more characters of existing object being targeted
- Permission#opName - contains one or more characters of existing permission operation
- Specified by:
findPermissions
in interfaceReviewMgr
- Parameters:
permission
- contains object and operation name search strings. Each contains 1 or more leading chars that correspond to object or op name.- Returns:
- List of type Permission. Fortress permissions are object->operation mappings. The permissions may contain assigned user, role or group entities as well.
- Throws:
SecurityException
- thrown in the event of system error.
-
findPermsByObj
public List<Permission> findPermsByObj(PermObj permObj) throws SecurityException
Method returns Permission operations for the provided permission object- Specified by:
findPermsByObj
in interfaceReviewMgr
- Parameters:
permObj
- entity contains the PermObj#objName of target record.- Returns:
- List of type Permission for provided permission object
- Throws:
SecurityException
- thrown in the event of system error.
-
findAnyPermissions
public List<Permission> findAnyPermissions(Permission permission) throws SecurityException
Method returns a list of Permissions that match any part of the permission object or operation.- Specified by:
findAnyPermissions
in interfaceReviewMgr
- Parameters:
permission
- contains object and operation name search strings.- Returns:
- List of type Permission. Fortress permissions are object->operation mappings. The permissions may contain assigned user, role or group entities as well.
- Throws:
SecurityException
- thrown in the event of system error.
-
findPermObjs
public List<PermObj> findPermObjs(PermObj permObj) throws SecurityException
Method returns a list of type PermObj that match the perm object search string.optional parameters
- PermObj#objName - contains one or more characters of existing object being targeted
- Specified by:
findPermObjs
in interfaceReviewMgr
- Parameters:
permObj
- contains object name search string. The search val contains 1 or more leading chars that correspond to object name.- Returns:
- List of type PermObj. Fortress permissions are object->operation mappings.
- Throws:
SecurityException
- thrown in the event of system error.
-
findPermObjs
public List<PermObj> findPermObjs(OrgUnit ou) throws SecurityException
Method returns a list of type Permission that match the perm object search string.required parameters
- OrgUnit#name - contains one or more characters of org unit associated with existing object being targeted
- Specified by:
findPermObjs
in interfaceReviewMgr
- Parameters:
ou
- contains org unit name org.apache.directory.fortress.core.model.OrgUnit#name}. The search val contains the full name of matching ou in OS-P data set.- Returns:
- List of type PermObj. Fortress permissions are object->operation mappings.
- Throws:
SecurityException
- thrown in the event of system error.
-
readRole
public Role readRole(Role role) throws SecurityException
Method reads Role entity from the role container in directory.required parameters
- Role#name - contains the name to use for the Role to read.
- Specified by:
readRole
in interfaceReviewMgr
- Parameters:
role
- contains role name, Role#name}, to be read.- Returns:
- Role entity that corresponds with role name.
- Throws:
SecurityException
- will be thrown if role not found or system error occurs.
-
findRoles
public List<Role> findRoles(String searchVal) throws SecurityException
Method will return a list of type Role matching all or part of Role name, Role#name}.- Specified by:
findRoles
in interfaceReviewMgr
- Parameters:
searchVal
- contains all or some of the chars corresponding to role entities stored in directory.- Returns:
- List of type Role containing role entities that match the search criteria.
- Throws:
SecurityException
- in the event of system error.
-
findRoles
public List<String> findRoles(String searchVal, int limit) throws SecurityException
Method returns a list of roles of type String. This method can be limited by integer value that indicates max number of records that may be contained in the result set. This number can further limit global default but can not increase the max. This method is called by the Websphere Realm impl.- Specified by:
findRoles
in interfaceReviewMgr
- Parameters:
searchVal
- contains all or some leading chars that correspond to roles stored in the role container in the directory.limit
- integer value specifies the max records that may be returned in the result set.- Returns:
- List of type String containing matching Role names.
- Throws:
SecurityException
- in the event of system error.
-
readUser
public final User readUser(User user) throws SecurityException
Method returns matching User entity that is contained within the people container in the directory.required parameters
- User#userId - contains the userId associated with the User object targeted for read.
- Specified by:
readUser
in interfaceReviewMgr
- Parameters:
user
- entity contains a value User#userId that matches record in the directory. userId is globally unique in people container.- Returns:
- entity containing matching user data.
- Throws:
SecurityException
- if record not found or system error occurs.
-
findUsers
public final List<User> findUsers(User user) throws SecurityException
Return a list of type User of all users in the people container that match all or part of the User#userId field passed in User entity.required parameters
- User#userId - contains all or some leading chars that match userId(s) stored in the directory.
- Specified by:
findUsers
in interfaceReviewMgr
- Parameters:
user
- contains all or some leading chars that match userIds stored in the directory.- Returns:
- List of type User.
- Throws:
SecurityException
- In the event of system error.
-
findUsers
public List<User> findUsers(OrgUnit ou) throws SecurityException
Return a list of type User of all users in the people container that match the name field passed in OrgUnit entity.required parameters
- OrgUnit#name - contains one or more characters of org unit associated with existing object(s) being targeted
- Specified by:
findUsers
in interfaceReviewMgr
- Parameters:
ou
- contains name of User OU, OrgUnit#name that match ou attribute associated with User entity in the directory.- Returns:
- List of type User.
- Throws:
SecurityException
- In the event of system error.
-
findUsers
public final List<String> findUsers(User user, int limit) throws SecurityException
Return a list of type String of all users in the people container that match the userId field passed in User entity. This method is used by the Websphere realm component. The max number of returned users may be set by the integer limit arg.required parameters
- User#userId - contains the userId associated with the User object targeted for read.
- limit - max number of objects to return.
- Specified by:
findUsers
in interfaceReviewMgr
- Parameters:
user
- contains all or some leading chars that correspond to users stored in the directory.limit
- integer value sets the max returned records.- Returns:
- List of type String containing matching userIds.
- Throws:
SecurityException
- in the event of system error.
-
assignedUsers
public List<String> assignedUsers(Role role, int limit) throws SecurityException
This function returns the set of users assigned to a given role. The function is valid if and only if the role is a member of the ROLES data set. The max number of users returned is constrained by limit argument. This method is used by the Websphere realm component. This method does NOT use hierarchical impl.required parameters
- Role#name - contains the name to use for the Role targeted for search.
- limit - max number of objects to return.
- Specified by:
assignedUsers
in interfaceReviewMgr
- Parameters:
role
- Contains Role#name of Role entity assigned to user.limit
- integer value sets the max returned records.- Returns:
- List of type String containing userIds assigned to a particular role.
- Throws:
SecurityException
- in the event of data validation or system error.
-
assignedUsers
public List<User> assignedUsers(Role role) throws SecurityException
This method returns the data set of all users who are assigned the given role. This searches the User data set for Role relationship. This method does NOT search for hierarchical RBAC Roles relationships.required parameters
- Role#name - contains the name to use for the Role targeted for search.
- Specified by:
assignedUsers
in interfaceReviewMgr
- Parameters:
role
- contains the role name, Role#name used to search the User data set.- Returns:
- List of type User containing the users assigned data.
- Throws:
SecurityException
- If system error occurs.
-
assignedUsers
public List<User> assignedUsers(Role role, RoleConstraint roleConstraint) throws SecurityException
This method returns the data set of all users who are assigned the given role. This searches the User data set for Role relationship. This method does NOT search for hierarchical RBAC Roles relationships.required parameters
- Role#name - contains the name to use for the Role targeted for search.
- Specified by:
assignedUsers
in interfaceReviewMgr
- Parameters:
role
- contains the role name, Role#name used to search the User data set.roleConstraint
- constraint to filter the roles return- Returns:
- List of type User containing the users assigned data.
- Throws:
SecurityException
- If system error occurs.
-
assignedUsers
public List<UserRole> assignedUsers(Role role, RoleConstraint.RCType rcType, String keyName) throws SecurityException
This method returns the user roles for all users who have the given role, with a specified constraint type and permission attribute set name.- Specified by:
assignedUsers
in interfaceReviewMgr
- Returns:
- Throws:
SecurityException
-
assignedRoles
public List<UserRole> assignedRoles(User user) throws SecurityException
This function returns the set of roles assigned to a given user. The function is valid if and only if the user is a member of the USERS data set.required parameters
- User#userId - contains the userId associated with the User object targeted for search.
- Specified by:
assignedRoles
in interfaceReviewMgr
- Parameters:
user
- contains User#userId matching User entity targeted in the directory.- Returns:
- List of type UserRole containing the Roles assigned to User.
- Throws:
SecurityException
- If user not found or system error occurs.
-
assignedRoles
public List<String> assignedRoles(String userId) throws SecurityException
This function returns the set of roles assigned to a given user. The function is valid if and only if the user is a member of the USERS data set.- Specified by:
assignedRoles
in interfaceReviewMgr
- Parameters:
userId
- matches userId stored in the directory.- Returns:
- List of type String containing the role names of all roles assigned to user.
- Throws:
SecurityException
- If user not found or system error occurs.
-
authorizedUsers
public List<User> authorizedUsers(Role role) throws SecurityException
This function returns the set of users authorized to a given role, i.e., the users that are assigned to a role that inherits the given role. The function is valid if and only if the given role is a member of the ROLES data set.required parameters
- Role#name - contains the name to use for the Role targeted for search.
- Specified by:
authorizedUsers
in interfaceReviewMgr
- Parameters:
role
- Contains role name, Role#name of Role entity assigned to User.- Returns:
- List of type User containing all user's that having matching role assignment.
- Throws:
SecurityException
- In the event the role is not present in directory or system error occurs.
-
authorizedRoles
public Set<String> authorizedRoles(User user) throws SecurityException
This function returns the set of roles authorized for a given user. The function is valid if and only if the user is a member of the USERS data set.required parameters
- User#userId - contains the userId associated with the User object targeted for search.
- Specified by:
authorizedRoles
in interfaceReviewMgr
- Parameters:
user
- contains the User#userId matching User entity stored in the directory.- Returns:
- Set of type String containing the roles assigned and roles inherited.
- Throws:
SecurityException
- If user not found or system error occurs.
-
rolePermissions
public List<Permission> rolePermissions(Role role) throws SecurityException
This function returns the set of all permissions (op, obj), granted to or inherited by a given role. The function is valid if and only if the role is a member of the ROLES data set.required parameters
- Role#name - contains the name to use for the Role targeted for search.
- Specified by:
rolePermissions
in interfaceReviewMgr
- Parameters:
role
- contains role name, Role#name of Role entity Permission is granted to.- Returns:
- List of type Permission that contains all perms granted to a role.
- Throws:
SecurityException
- In the event system error occurs.
-
rolePermissions
public List<Permission> rolePermissions(Role role, boolean noInheritance) throws SecurityException
This function returns the set of all permissions (op, obj), granted to or inherited by a given role. The function is valid if and only if the role is a member of the ROLES data set.required parameters
- Role#name - contains the name to use for the Role targeted for search.
- Specified by:
rolePermissions
in interfaceReviewMgr
- Parameters:
role
- contains role name, Role#name of Role entity Permission is granted to.noInheritance
- if true will NOT include inherited roles in the search.- Returns:
- List of type Permission that contains all perms granted to a role.
- Throws:
SecurityException
- In the event system error occurs.
-
rolePermissionAttributeSets
public List<PermissionAttributeSet> rolePermissionAttributeSets(Role role, boolean noInhertiance) throws SecurityException
This function returns all the permission attribute set (which contain 0 to many permission attributes) for a given role. The function is valid if and only if the role is a member of the ROLES data set. *required parameters
- Role#name - contains the name to use for the Role targeted for search.
- Specified by:
rolePermissionAttributeSets
in interfaceReviewMgr
- Parameters:
role
- contains role name, Role#name of Role entity Permission is granted to.noInhertiance
- if true will NOT include inherited roles in the search.- Returns:
- List of type PermissionAttributeSet that contains all Permission Attribute valid for the role.
- Throws:
SecurityException
- In the event system error occurs.
-
userPermissions
public List<Permission> userPermissions(User user) throws SecurityException
This function returns the set of permissions a given user gets through his/her authorized roles. The function is valid if and only if the user is a member of the USERS data set.required parameters
- User#userId - contains the userId associated with the User object targeted for search.
- Specified by:
userPermissions
in interfaceReviewMgr
- Parameters:
user
- contains the User#userId of User targeted for search.- Returns:
- List of type Permission containing matching permission entities.
- Throws:
SecurityException
- in the event of validation or system error.
-
permissionRoles
public List<String> permissionRoles(Permission perm) throws SecurityException
Return a list of type String of all roles that have granted a particular permission.required parameters
- Permission#objName - contains the name of existing object being targeted
- Permission#opName - contains the name of existing permission operation
- Specified by:
permissionRoles
in interfaceReviewMgr
- Parameters:
perm
- must contain the object, Permission#objName}, and operation, Permission#opName}, and optionally object id of targeted permission entity.- Returns:
- List of type string containing the Role names that have the matching perm granted.
- Throws:
SecurityException
- in the event permission not found or system error occurs.
-
authorizedPermissionRoles
public Set<String> authorizedPermissionRoles(Permission perm) throws SecurityException
Return all role names that have been authorized for a given permission. This will process role hierarchies to determine set of all Roles who have access to a given permission.required parameters
- Permission#objName - contains the name of existing object being targeted
- Permission#opName - contains the name of existing permission operation
- Specified by:
authorizedPermissionRoles
in interfaceReviewMgr
- Parameters:
perm
- must contain the object, Permission#objName}, and operation, Permission#opName}, and optionally object id of targeted permission entity.- Returns:
- Set of type String containing all roles names that have been granted a particular permission.
- Throws:
SecurityException
- in the event of validation or system error.
-
permissionUsers
public List<String> permissionUsers(Permission perm) throws SecurityException
Return all userIds that have been granted (directly) a particular permission. This will not consider assigned or authorized Roles.required parameters
- Permission#objName - contains the name of existing object being targeted
- Permission#opName - contains the name of existing permission operation
- Specified by:
permissionUsers
in interfaceReviewMgr
- Parameters:
perm
- must contain the object, Permission#objName}, and operation, Permission#opName}, and optionally object id of targeted permission entity.- Returns:
- List of type String containing all userIds that have been granted a particular permission.
- Throws:
SecurityException
- in the event of validation or system error.
-
authorizedPermissionUsers
public Set<String> authorizedPermissionUsers(Permission perm) throws SecurityException
Return all userIds that have been authorized for a given permission. This will process role hierarchies to determine set of all Users who have access to a given permission.required parameters
- Permission#objName - contains the name of existing object being targeted
- Permission#opName - contains the name of existing permission operation
- Specified by:
authorizedPermissionUsers
in interfaceReviewMgr
- Parameters:
perm
- must contain the object, Permission#objName}, and operation, Permission#opName}, and optionally object id of targeted permission entity.- Returns:
- Set of type String containing all userIds that have been granted a particular permission.
- Throws:
SecurityException
- in the event of validation or system error.
-
ssdRoleSets
public List<SDSet> ssdRoleSets(Role role) throws SecurityException
This function returns the list of all SSD role sets that have a particular Role as member or Role's parent as a member. If the Role parameter is left blank, function will return all SSD role sets.required parameters
- Role#name - contains the name to use for the Role targeted for search.
- Specified by:
ssdRoleSets
in interfaceReviewMgr
- Parameters:
role
- Will contain the role name, Role#name}, for targeted SSD set or null to return all- Returns:
- List containing all matching SSD's.
- Throws:
SecurityException
- in the event of data or system error.
-
ssdSets
public List<SDSet> ssdSets(SDSet ssd) throws SecurityException
This function returns the list of SSDs that match a given ssd name value.required parameters
- SDSet#name - contains the name of existing object being targeted
- Specified by:
ssdSets
in interfaceReviewMgr
- Parameters:
ssd
- contains the name for the SSD set targeted, SDSet#name}.- Returns:
- List containing all SSDSets that match a given SSDSet name.
- Throws:
SecurityException
- in the event of data or system error.
-
ssdRoleSet
public SDSet ssdRoleSet(SDSet set) throws SecurityException
This function returns the SSD data set that matches a particular set name.required parameters
- SDSet#name - contains the name of existing object being targeted
- Specified by:
ssdRoleSet
in interfaceReviewMgr
- Parameters:
set
- Will contain the name for existing SSD data set, SDSet#name}.- Returns:
- SDSet containing all attributes from matching SSD name.
- Throws:
SecurityException
- in the event of data or system error.
-
ssdRoleSetRoles
public Set<String> ssdRoleSetRoles(SDSet ssd) throws SecurityException
This function returns the set of roles of a SSD role set. The function is valid if and only if the role set exists.required parameters
- SDSet#name - contains the name of existing object being targeted
- Specified by:
ssdRoleSetRoles
in interfaceReviewMgr
- Parameters:
ssd
- contains the name for the SSD set targeted, SDSet#name}.- Returns:
- Set containing all Roles that are members of SSD data set.
- Throws:
SecurityException
- in the event of data or system error.
-
ssdRoleSetCardinality
public int ssdRoleSetCardinality(SDSet ssd) throws SecurityException
This function returns the cardinality associated with a SSD role set. The function is valid if and only if the role set exists.required parameters
- SDSet#name - contains the name of existing object being targeted
- Specified by:
ssdRoleSetCardinality
in interfaceReviewMgr
- Parameters:
ssd
- contains the name of the SSD set targeted, SDSet#name}.- Returns:
- int value containing cardinality of SSD set.
- Throws:
SecurityException
- in the event of data or system error.
-
dsdRoleSets
public List<SDSet> dsdRoleSets(Role role) throws SecurityException
This function returns the list of all dSD role sets that have a particular Role as member or Role's parent as a member. If the Role parameter is left blank, function will return all dSD role sets.required parameters
- Role#name - contains the name to use for the Role targeted for search.
- Specified by:
dsdRoleSets
in interfaceReviewMgr
- Parameters:
role
- Will contain the role name, Role#name}, for targeted dSD set or null to return all- Returns:
- List containing all matching dSD's.
- Throws:
SecurityException
- in the event of data or system error.
-
dsdRoleSet
public SDSet dsdRoleSet(SDSet set) throws SecurityException
This function returns the DSD data set that matches a particular set name.required parameters
- SDSet#name - contains the name of existing object being targeted
- Specified by:
dsdRoleSet
in interfaceReviewMgr
- Parameters:
set
- Will contain the name for existing DSD data set, SDSet#name}.- Returns:
- SDSet containing all attributes from matching DSD name.
- Throws:
SecurityException
- in the event of data or system error.
-
dsdSets
public List<SDSet> dsdSets(SDSet ssd) throws SecurityException
This function returns the list of DSDs that match a given dsd name value.required parameters
- SDSet#name - contains the name of existing object being targeted
- Specified by:
dsdSets
in interfaceReviewMgr
- Parameters:
ssd
- contains the name for the DSD set targeted, SDSet#name}.- Returns:
- List containing all DSDSets that match a given DSDSet name.
- Throws:
SecurityException
- in the event of data or system error.
-
dsdRoleSetRoles
public Set<String> dsdRoleSetRoles(SDSet dsd) throws SecurityException
This function returns the set of roles of a DSD role set. The function is valid if and only if the role set exists.required parameters
- SDSet#name - contains the name of existing object being targeted
- Specified by:
dsdRoleSetRoles
in interfaceReviewMgr
- Parameters:
dsd
- contains the name for the DSD set targeted, SDSet#name}.- Returns:
- Set containing all Roles that are members of DSD data set.
- Throws:
SecurityException
- in the event of data or system error.
-
dsdRoleSetCardinality
public int dsdRoleSetCardinality(SDSet dsd) throws SecurityException
This function returns the cardinality associated with a DSD role set. The function is valid if and only if the role set exists.required parameters
- SDSet#name - contains the name of existing object being targeted
- Specified by:
dsdRoleSetCardinality
in interfaceReviewMgr
- Parameters:
dsd
- contains the name of the DSD set targeted, SDSet#name}.- Returns:
- int value containing cardinality of DSD set.
- Throws:
SecurityException
- in the event of data or system error.
-
findRoleConstraints
public List<RoleConstraint> findRoleConstraints(User user, Permission permission, RoleConstraint.RCType rcType) throws SecurityException
Find all of the role constraints for the given user and permission attribute set.required parameters
- User#userId - contains the name of existing user being targeted
- PermissionAttributeSet#name - contains the name of permission attribute set
- Specified by:
findRoleConstraints
in interfaceReviewMgr
- Parameters:
user
- The user to filter role constraintspermission
- Contains the permission attribute set to filter role constraints- Returns:
- List of the Role Constraints for the given user and pa set.
- Throws:
SecurityException
- in the event of data or system error.
-
-