Index

A B C D E F G H I J L M N O P R S T U V

A

actions

adding, 2.2.5

policy, 1.2

adding fine grained components, 1.3

administration

delegating, 5.1

administration roles, 5.1

ApplicationPolicyAdmin, 5.6

assigning principals, 5.4.3

creating, 5.4, 5.4.1

default, 5.6

definition, 5.1

manage, 5.3

managing, 5.5

PolicyDomainAdmin, 5.6

system, 5.2

SystemAdmin, 5.6

view, 5.3

administrator

application policy, 5.2

policy domain, 5.2

AdminManager, 5.4.1

AdminResourceActionEntry, 5.4.2

adminRole, 5.4.1

AdminRoleEntry

managing, 5.5

advanced policy, 1.3

advanced policy elements, 2.3

application

see ApplicationPolicy, 2.2.2

Application object, 1.2

application policy

administrator, 5.2

creating, 2.2.2

application role object, 2.3.1

application roles

creating, 1.3.1

hierarchy, 2.3.1

managing, 3.3.3

ApplicationPolicy, 1.2

bind to Security Module, 4.3

creating, 2.2.2

managing, 3.2

scope level, 3.1

ApplicationPolicyAdmin administration role, 5.6

AppRoleEntry, 1.3.1, 2.3.1

managing, 3.3.3

AppRoleManager, 1.3.1

attribute retrievers, 7.1

and jps-config.xml, 7.1.1

custom, 7.1.2

attribute tag, 8.2.2

AttributeEntry, 1.3.3, 2.3.3.1

managing, 3.3.5.1

AttributeRetrieverV2 interface, 7.1.2

implementing, 7.1.3

attributes

as extensions, 2.3.3

authorization calls, 6.1

authorization policy

and role mapping policy, 2.3.2, 3.3.3

B

BasicPolicyRuleEntry, 2.2.6

binding

Security Module, 4.3

SMEntry, 4.3.2

boolean expressions

constraint, 2.3.5.1

BooleanExpressionEntry, 2.3.5

C

centralized policy distribution, 4.1.1

checkPermission(), 6.1

calls, 6.4

complex search, 2.1

constraint, 2.3.5

adding, 1.3.3

boolean expressions, 2.3.5.1

function expressions, 2.3.5.2

controlled distribution, 4.2.1

create method

overview, 2.1

custom attribute retrievers, 7.1.2

custom functions, 7.2

D

default administration roles, 5.6

delegated administration

overview, 5.1

scope, 5.2

delete method

overview, 2.1

deleteRolePolicy(), 3.3.4

distribution modes, 4.2

controlled, 4.2.1

non-controlled, 4.2.2

dynamic attribute, 2.3.3.1

E

entitlement, 1.3.4

Extension, 1.3.3

ExtensionManager, 1.3.3

extensions

attributes, 2.3.3

functions, 2.3.3

managing, 3.3.5.1, 3.3.5.2

F

fine grained elements, 2.3

fine grained policy, 1.3

function expressions

constraint, 2.3.5.2

FunctionEntry, 1.3.3, 2.3.3.2

managing, 3.3.5.2

functions

as extensions, 2.3.3

G

getGrantedAdminResources, 5.4.4

getRolePolicy(), 3.3.4

getSecurityContext tag, 8.2.1

getUserRoles tag, 8.1.3

grantAdminRole, 5.4.3

granularity

delegated administration, 5.2

H

hierarchical resources, 2.2.3, 2.2.4

hierarchy

application roles, 2.3.1

I

isAccessAllowed tag, 8.1.1

isAccessAllowed(), 6.1

isAccessNotAllowed tag, 8.1.2

isUserInRole tag, 8.1.4

J

Java API

create method, 2.1

delete method, 2.1

manager interfaces, 2.1

modify method, 2.1

policy objects, 2.1

search query, 2.1

jps-config.xml, 2.2.1

and attribute retrievers, 7.1.1

JSP tags

see tags, 8

L

local policy distribution, 4.1.2

M

manage privileges, 5.3

management

scoping, 3.1

manager interfaces, 2.1

managing

SMEntry, 4.3.1

modify method

overview, 2.1

modifyRolePolicy(), 3.3.4

N

non-controlled distribution, 4.2.2

O

object

PermissionSetEntry, 1.3.4

objects

AdminResourceActionEntry, 5.4.2

adminRole

creating, 5.4.1

AdminRoleEntry, 5.5

ApplicationPolicy, 1.2, 2.2.2

managing, 3.2

AppRoleEntry, 1.3.1, 2.3.1

managing, 3.3.3

AttributeEntry, 1.3.3, 2.3.3.1

managing, 3.3.5.1

FunctionEntry, 1.3.3, 2.3.3.2

managing, 3.3.5.2

managing

PolicyStore, 3.2

ObligationEntry, 1.3.5, 2.3.6

PermissionSetEntry, 2.3.4

managing, 3.3.7

PolicyDomainEntry, 1.2

creating, 5.7

managing, 3.3.1, 3.4

PolicyEntry, 1.2, 2.2.8

managing, 3.3.8

PolicyRuleEntry, 2.2.6, 2.2.6

PolicyStore, 1.2, 2.2.1, 3.1

PrincipalEntry, 2.2.7

ResourceActionsEntry, 1.2, 2.2.5

ResourceEntry, 1.2, 2.2.4

managing, 3.3.6

ResourceTypeEntry, 1.2, 2.2.3

managing, 3.3.2

RolePolicyEntry, 3.3.4

RuleExpressionEntry, 2.3.5

SMEntry, 4.3

binding, 4.3.2

managing, 4.3.1

obligation

building, 1.3.5

obligation object, 2.3.6

ObligationEntry, 1.3.5, 2.3.6

obligations, 2.3.6

P

PEP API, 6.1

calls, 6.2

Permission Set

managing, 3.3.7

permission set

populating, 1.3.4

Permission Set object, 2.3.4

PermissionSetEntry, 1.3.4, 2.3.4

managing, 3.3.7

PIP

and attribute retrievers, 7.1

policy

actions, 1.2

adding advanced elements, 2.3

adding fine grained elements, 1.3

and roles, 1.4

building, 1.2

components, 1.1

composing simple, 1.2

consolidating, 2.2.8

constraint, 1.3.3

executing simple, 2.2

managing, 3.3.8, 3.4

obligation, 1.3.5

policy distribution

centralized, 4.1.1

initiating, 4.4

local, 4.1.2

overview, 4.1

policy domain

administrator, 5.2

creating, 5.7

default, 1.2

managing, 3.3.1

policy objects

and API, 2.1

policy rule, 2.2.6

policy simple components, 1.2

policy store, 1.2

accessing, 2.2.1

defining, 3.1

PolicyDomainAdmin administration role, 5.6

PolicyDomainEntry, 1.2

creating, 5.7

managing, 3.3.1, 3.4

scope levels, 3.1

PolicyEntry, 1.2

consolidating, 2.2.8

managing, 3.3.8

PolicyManager, 3.3.8

PolicyRuleEntry, 1.2, 2.2.6

PolicyStore, 1.2

accessing, 2.2.1

defining, 3.1

managing objects, 3.2

principal, 2.2.7

PrincipalEntry, 1.2, 2.2.7

principals

assigning, 5.4.3

retrieving resources, 5.4.4

privileges

assigning, 5.4.2

manage, 5.3

view, 5.3

R

RBAC

and delegating administration, 5.1

resource

instantiating, 2.2.4

managing, 3.3.6

resource attribute, 2.3.3.1

resource object, 1.2

resource type

creating, 2.2.3

managing, 3.3.2

resource type object, 1.2

ResourceActionsEntry, 1.2, 1.2

creating, 2.2.5

ResourceEntry, 1.2, 1.2

hierarchical, 2.2.3, 2.2.4

instantiating, 2.2.4

managing, 3.3.6

ResourceManager, 1.2

ResourceTypeEntry, 1.2

creating, 2.2.3

hierarchical, 2.2.3, 2.2.4

managing, 3.3.2

ResourceTypeManager, 1.2

role catalog, 2.3.1, 3.3.3

role category, 3.3.3

role mapping policy, 2.3.1, 3.3.3

and authorization policy, 2.3.2, 3.3.3

managing, 3.3.4

overview, 1.3.2

roles

implementing policy, 1.4

RuleExpressionEntry, 2.3.5

S

scope

delegated administration, 5.2

scope levels, 3.1

ApplicationPolicy, 3.1

PolicyDomainEntry, 3.1

search query

overview, 2.1

simple and complex, 2.1

Security Module

bind to ApplicationPolicy, 4.3

simple policy, 1.2, 2.2

simple search, 2.1

SMEntry

binding, 4.3.2

managing, 4.3.1

system administrator, 5.2

SystemAdmin administration role, 5.6

T

tags, 8

attribute, 8.2.2

getSecurityContext, 8.2.1

getUserRoles, 8.1.3

isAccessAllowed, 8.1.1

isAccessNotAllowed, 8.1.2

isUserInRole, 8.1.4

then/else, 8.2.3

then/else tag, 8.2.3

U

use cases

attribute retrievers, 7.1.1

V

view privileges, 5.3