Skip navigation links

oracle.iam.rm.resolution
Interface ResolutionEngine

public interface ResolutionEngine

A manager-type interface that answers questions about roles.

Method Summary

oracle.iam.rm.resolution.impl.RoleMembership	getActiveRoleMembers(Role role, java.util.Set<java.lang.String> userAttributeNames) Returns the set of users who are granted or assigned the role.
java.util.Set<ObjectKey>	getAllRolesForUser(SnapshotSession session, User user) Returns a Set of ObjectKeys of all the Roles a User has.
java.util.List<java.lang.String>	getKeyAttributes(Role role) Returns a List of key attributes for a role.
Filter	getRelativeRoleFilter(Role role, SnapshotObject relativeObject, SnapshotSession session) Returns a Filter that represents all persons who are role holders of a relative dynamic role, (Relative roles are also known as Approver roles.
java.util.List<RoleGrant>	getRoleGrants(SnapshotSession session, Role role) Returns a List of grants of the given role.
Filter	getRoleMemberFilter(Role role) Returns a Filter that represents all identities included in the members list of the specified role.
UserRoleAssignment	getUserRoleAssignment(SnapshotSession session, ObjectKey assigneeKey, Role role) Returns the UserRoleAssignment for a given Role and User's ObjectKey, or null if none is found.
java.util.Set<UserRoleAssignment>	getUserRoleAssignments(SnapshotSession session, Role role) Returns a Set of all the user role assignments for a given Role, or an empty set if none are found.
java.util.Set<UserRoleAssignment>	getUserRoleAssignments(SnapshotSession session, User assignee) Returns a Set of all the user role assignments for a given User, or an empty set if none are found.
Filter	getUserRoleFilter(SnapshotSession session, User user) Returns a Filter that represents all roles held by a person.
java.util.Set<ObjectKey>	getUsersAssignedRoles(SnapshotSession session, User user) Returns a Set of the ObjectKeys of the Roles assigned to a given user via the UserRoleAssignment cache (all complex roles).
java.util.List<Role>	getUsersBusinessAndITRoles(SnapshotSession session, User user) Returns a list of the specified user's business and IT roles
java.util.List<BusinessRole>	getUsersBusinessRoles(SnapshotSession session, User user) Returns a list of the specified user's business roles
java.util.Set<ObjectKey>	getUsersGrantedRoles(SnapshotSession session, User user) Returns a Set of the ObjectKeys of the Roles assigned to a given user via RoleGrants.
boolean	hasBusinessRole(User user, BusinessRole role, SnapshotSession session) Indicates whether the specified person has the specified business role.
boolean	hasITRole(User user, ITRole role, boolean includeMappedITRoles, SnapshotSession session) Indicates whether the specifed user has the specified IT role.
boolean	hasITRole(User user, ITRole role, SnapshotSession session) Indicates whether the specififed user has the specified IT role, either through a direct role grant or through business role mapping.
boolean	hasRelativeRole(User user, SnapshotObject relativeObject, Role relativeRole, SnapshotSession session) Indicates whether the specified user has a relative role with respect to some relative object.
boolean	hasRole(SnapshotSession session, User user, java.util.Set<Role> roleSet) returns true if the user has at least one of the roles in the set.
boolean	hasRole(User user, Role role) Indicates whether the specififed user is in the member list of the specified role.
boolean	hasRole(User user, Role role, SnapshotSession session) Indicates whether the specified person has the specified role.
boolean	hasSystemRole(User user, SystemRole role, SnapshotSession session) Indicates whether the specified user has the specified system role.
boolean	isComplexDynamicRole(Role role) Indicates whether the specified role is a complex dynamic role.
boolean	isDynamicRole(Role role) Indicates whether the specified role is a dynamic role.
boolean	isEligible(User user, Role role) Indicates whether the specified user is eligible to be granted the specified system role.
boolean	isEligible(User user, Role role, SnapshotSession session) Indicates whether the specified person is eligible to be a grantee of a role.
java.util.List<SnapshotObject>	resolve(Role role) Returns a Set of ObjectKey instances that refer to the holders of a specified role.
oracle.iam.rm.common.PaginatedResultSet<SnapshotObject>	resolveRoleMembers(Role role, SnapshotSession session) Resolves a Role producing a PaginatedResultSet that contains the role members.
oracle.iam.rm.i18n.Formattable	validateEligibilityRule(java.lang.String rule) Validates a provided role eligibility rule.
oracle.iam.rm.i18n.Formattable	validateMembershipRule(java.lang.String rule) Validates a provided role membership rule.

Method Detail

isDynamicRole

boolean isDynamicRole(Role role)

Indicates whether the specified role is a dynamic role.

Parameters:

role - any Role type

Returns:

Boolean true if the role is a dynamic role, otherwise false.

isComplexDynamicRole

boolean isComplexDynamicRole(Role role)

Indicates whether the specified role is a complex dynamic role.

Parameters:

role - any Role type

Returns:

Boolean true if the role is a complex dynamic role, otherwise false.

getKeyAttributes

java.util.List<java.lang.String> getKeyAttributes(Role role)

Returns a List of key attributes for a role. Key attributes are attributes that are referenced in the attribute expressions of the role's membership rule.

Parameters:

role - a simple dynamic role

Returns:

List of attribute ID strings.

getUsersBusinessRoles

java.util.List<BusinessRole> getUsersBusinessRoles(SnapshotSession session,
                                                   User user)

Returns a list of the specified user's business roles

Parameters:

user - The user whose business roles are to be returned.

session - current SnapshotSession

Returns:

list of the specificed user's business roles

getUsersBusinessAndITRoles

java.util.List<Role> getUsersBusinessAndITRoles(SnapshotSession session,
                                                User user)

Returns a list of the specified user's business and IT roles

Parameters:

user - The user whose business and IT roles are to be returned.

session - current SnapshotSession

Returns:

list of the specificed user's business and IT roles

hasRole

boolean hasRole(User user,
                Role role)

Indicates whether the specififed user is in the member list of the specified role. Returns true if the person has the role. Uses the default SnapshotSession.

Parameters:

user - identity to check

role - Role type to check

Returns:

Boolean true if the role member list contains the specified user, otherwise false.

hasRole

boolean hasRole(User user,
                Role role,
                SnapshotSession session)

Indicates whether the specified person has the specified role.

Parameters:

user - identity to check

role - role to check

session - current SnapshotSession

Returns:

Boolean true if the role member list contains the specified user, otherwise false.

hasRole

boolean hasRole(SnapshotSession session,
                User user,
                java.util.Set<Role> roleSet)

returns true if the user has at least one of the roles in the set.

Parameters:

session - the current SnapshotSession

user - The user who potentially has one of the roles

roleSet - The set of roles to be tested for

Returns:

true if the user has at least on of the roles

hasBusinessRole

boolean hasBusinessRole(User user,
                        BusinessRole role,
                        SnapshotSession session)

Indicates whether the specified person has the specified business role.

Parameters:

user - identity to check

role - business role to check

session - current SnapshotSession

Returns:

Boolean truefalse.

hasITRole

boolean hasITRole(User user,
                  ITRole role,
                  SnapshotSession session)

Indicates whether the specififed user has the specified IT role, either through a direct role grant or through business role mapping.

Parameters:

user - any identity to check

role - IT role to check

session - current SnapshotSession

Returns:

Boolean true if the role member list contains the specified user, otherwise false.

hasITRole

boolean hasITRole(User user,
                  ITRole role,
                  boolean includeMappedITRoles,
                  SnapshotSession session)

Indicates whether the specifed user has the specified IT role. Returns true if the person has the IT role.

Parameters:

user - any identity to check

role - IT role to check

includeMappedITRoles - if true, search includes mapped IT roles.

session - current SnapshotSession

Returns:

Boolean true if the role member list contains the specified user, otherwise false.

hasRelativeRole

boolean hasRelativeRole(User user,
                        SnapshotObject relativeObject,
                        Role relativeRole,
                        SnapshotSession session)

Indicates whether the specified user has a relative role with respect to some relative object.

Parameters:

user - the subject

relativeObject - the relative object

relativeRole - a relative role

session - current SnapshotSession

Returns:

Boolean true if the user has the relative role, otherwise false.

hasSystemRole

boolean hasSystemRole(User user,
                      SystemRole role,
                      SnapshotSession session)

Indicates whether the specified user has the specified system role.

Parameters:

user - User (abstractIdentity) who might have the role

role - system role

session - current SnapshotSession

Returns:

Boolean true if the role member list contains the user, otherwise false.

isEligible

boolean isEligible(User user,
                   Role role)

Indicates whether the specified user is eligible to be granted the specified system role.

Parameters:

user - any identity to check

role - system role to check

Returns:

Boolean true if the user is eligible, otherwise false.

isEligible

boolean isEligible(User user,
                   Role role,
                   SnapshotSession session)

Indicates whether the specified person is eligible to be a grantee of a role.

Parameters:

user - User (abstractIdentity) who might be the role holder.

role - system role

session - current SnapshotSession

Returns:

Boolean true if the user is eligible, otherwise false.

getRoleMemberFilter

Filter getRoleMemberFilter(Role role)

Returns a Filter that represents all identities included in the members list of the specified role. The filter can be used alone or combined with other filters in a query.

Parameters:

role - any Role type

Returns:

Filter that represents the resolved role results.

getRelativeRoleFilter

Filter getRelativeRoleFilter(Role role,
                             SnapshotObject relativeObject,
                             SnapshotSession session)

Returns a Filter that represents all persons who are role holders of a relative dynamic role, (Relative roles are also known as Approver roles.

Parameters:

role - a relative dynamic role

relativeObject - the relative object

session - current SnapshotSession

Returns:

Filter that represents the resolved role results.

resolveRoleMembers

oracle.iam.rm.common.PaginatedResultSet<SnapshotObject> resolveRoleMembers(Role role,
                                                                           SnapshotSession session)

Resolves a Role producing a PaginatedResultSet that contains the role members.

Parameters:

role - any role type

session - current SnapshotSession

Returns:

a PaginatedResultSet

getUserRoleFilter

Filter getUserRoleFilter(SnapshotSession session,
                         User user)

Returns a Filter that represents all roles held by a person.

Parameters:

session - current SnapshotSession

user - an existing user

Returns:

Filter representing all held roles.

getActiveRoleMembers

oracle.iam.rm.resolution.impl.RoleMembership getActiveRoleMembers(Role role,
                                                                  java.util.Set<java.lang.String> userAttributeNames)

Returns the set of users who are granted or assigned the role. For a given membership to be returned, both the role and the user must be active.

Parameters:

role - Role for which to get memberships

userAttributeNames - names of user attributes to be returned with each member

Returns:

RoleMembership an object containing role and member data.

getAllRolesForUser

java.util.Set<ObjectKey> getAllRolesForUser(SnapshotSession session,
                                            User user)

Returns a Set of ObjectKeys of all the Roles a User has. These Roles include granted Roles, mapped IT Roles, and assigned (complex) Roles from the UserRoleAssignment cache.

Parameters:

session - SnapshotSession

user - User whose roles are to be returned

Returns:

The UserRoleAssignment for a given role and assignee, or null if none found

getRoleGrants

java.util.List<RoleGrant> getRoleGrants(SnapshotSession session,
                                        Role role)

Returns a List of grants of the given role.

Parameters:

session - SnapshotSession

role - the whose grants will be returned

Returns:

List of role grants.

getUserRoleAssignments

java.util.Set<UserRoleAssignment> getUserRoleAssignments(SnapshotSession session,
                                                         User assignee)

Returns a Set of all the user role assignments for a given User, or an empty set if none are found.

Parameters:

session - SnapshotSession

assignee - User whose user role assignments to return

Returns:

Set of all user role assignments for a given User.

getUserRoleAssignments

java.util.Set<UserRoleAssignment> getUserRoleAssignments(SnapshotSession session,
                                                         Role role)

Returns a Set of all the user role assignments for a given Role, or an empty set if none are found.

Parameters:

session - SnapshotSession

role - Role whose user role assignments to return.

Returns:

Set of all user role assignments for a given Role.

getUserRoleAssignment

UserRoleAssignment getUserRoleAssignment(SnapshotSession session,
                                         ObjectKey assigneeKey,
                                         Role role)

Returns the UserRoleAssignment for a given Role and User's ObjectKey, or null if none is found.

Parameters:

session - SnapshotSession

role - Role of the user role assignment to return

assigneeKey - ObjectKey of the User of the user role assignment to return

Returns:

the UserRoleAssignment for a given role and assignee, or null if none found

getUsersAssignedRoles

java.util.Set<ObjectKey> getUsersAssignedRoles(SnapshotSession session,
                                               User user)

Returns a Set of the ObjectKeys of the Roles assigned to a given user via the UserRoleAssignment cache (all complex roles).

Parameters:

session - SnapshotSession

user - User whose assigned roles to return

Returns:

Set of ObjectKeys of the Roles assigned to the User

getUsersGrantedRoles

java.util.Set<ObjectKey> getUsersGrantedRoles(SnapshotSession session,
                                              User user)

Returns a Set of the ObjectKeys of the Roles assigned to a given user via RoleGrants.

Parameters:

session - SnapshotSession

user - User whose granted roles to return

Returns:

Set of ObjectKeys of the Roles granted to the User

resolve

java.util.List<SnapshotObject> resolve(Role role)

Returns a Set of ObjectKey instances that refer to the holders of a specified role.

Parameters:

role - a Role

Returns:

a Set of SnapshotOjbect instances

validateEligibilityRule

oracle.iam.rm.i18n.Formattable validateEligibilityRule(java.lang.String rule)

Validates a provided role eligibility rule.

Parameters:

rule - the rule to validate.

Returns:

a Formattable object representing a problem in the rule or null if the rule is valid.

validateMembershipRule

oracle.iam.rm.i18n.Formattable validateMembershipRule(java.lang.String rule)

Validates a provided role membership rule.

Parameters:

rule - the rule to validate.

Returns:

a Formattable object representing a problem in the rule or null if the rule is valid.

Skip navigation links