com.hyperion.css
Interface CSSUserProvisioningAPIIF

public interface CSSUserProvisioningAPIIF

This API is utilized for purposes of Provisioning - both users and groups as well as authorization through the use of roles. This API is thread safe - threads can access it concurrently without introducing any deadlock or any other abnormal behavior. CSS defines "Provisioning" as the process of granting users and groups access to resources be they other users and groups or entities such as dimensions, reports etc. All methods that retrieve users and groups would return both active and inactive instances. Please note that methods that specfiy relationships on CAS Domain Objects such as Project and Applications are to be invoked only after CAS/Hub has been invoked for the same. These methods are invoked internally by the Hub and the product teams do not need to invoke these. For instance addApplicationToProject(Map, CSSPrincipalIF, CSSApplicationInstance) requires that the addition of this application to the project has already been defined. The methods affected are:

1. addApplicationToProject(Map, CSSPrincipalIF, CSSApplicationInstance),
2. disassociateFromProject(Map, CSSPrincipalIF, String),
3. removeApplicationFromProject(Map, CSSPrincipalIF, String, String)
4. updateApplication(Map, CSSPrincipalIF, CSSApplicationInstance)

If during the course of the invocation of a method, the user identified by the CSSPrincipalIF parameter is deleted then a (@link com.hyperion.css.CSSInvalidPrincipalException} is nested in a CSSExceptionand thrown.

Please note that any role that is associated with the Hub is considered global. For instance: CSSAPIIF.ROLE_DIRECTORY_MANAGER_IDENTITYis a global role. If a user is assigned global roles then they are across applications. If a user or a group is assigned a global role and even if it is not assigned any roles on any application even then it is considered to be provisioned.

Please note that to assign a user or group to a role in a application, the principal needs to have CSSPermissionIF.MODIFYon the role and the user and group and application should be viewable.

In some of methods in the API, prodoductTypes are passed in as arguments. The productType can be constructed utilizing:

In methods where a filter can be specified on names, wildcards such as '*' can be used. For exapple a 'a*' used in the userName parameter would return the usernames that begin with a 'a' in the order of directories that is specified by the search order.
Note that the NTLM provider does not support * as a prefix to the userName when specifying the filter.

Since:

CSS v3.0

Author:

gkhanna

See Also:

CSSAPIIF

Method Summary

void	addApplicationToProject(java.util.Map context, CSSPrincipalIF principal, CSSApplicationInstance applicationInstance) For Internal Use only - Adds an Application to a Project.
void	copyProvisioning(java.util.Map context, CSSPrincipalIF principal, java.lang.String fromAppId, java.lang.String toAppId) Copy's the provisioning information from a source application to the destination application.
void	createProduct(java.util.Map context, java.lang.String productCode) Creates product "organizational unit" in the Roles hierarchy if one doesn't exist.
void	deleteProduct(java.util.Map context, CSSPrincipalIF principal, java.lang.String productType) For internal use only.
void	disassociateFromProject(java.util.Map context, CSSPrincipalIF principal, java.lang.String projectId) Disassociate a Project.
CSSGroupIF[]	getAllProvisionedGroupsInApp(java.util.Map context, CSSPrincipalIF principal, GroupSearchFilter groupSrchFilter, java.lang.String typeOfAccess, java.lang.String applicationId) Returns the groups that the specified principal can view from across the providers that are associated with the specified application and search filter passed in.
CSSGroupIF[]	getAllProvisionedGroupsInApp(java.util.Map context, CSSPrincipalIF principal, java.lang.String groupName, java.lang.String typeOfAccess, java.lang.String applicationId) Returns the groups that the specified principal can view from across the providers that are associated with the application specified.
CSSGroupIF[]	getAllProvisionedGroupsInApps(java.util.Map context, CSSPrincipalIF principal, GroupSearchFilter groupSrchFilter, com.hyperion.css.common.CSSRoleInfo[] rolesInfo, java.lang.String typeOfAccess) Returns all the provisioned groups in specified applications across providers.
CSSUserIF[]	getAllProvisionedUsersInApp(java.util.Map context, CSSPrincipalIF principal, java.lang.String userName, java.lang.String typeOfAccess, java.lang.String applicationId) Returns the users that the specified principal can view from across the providers that are associated with the application specified.
CSSUserIF[]	getAllProvisionedUsersInApp(java.util.Map context, CSSPrincipalIF principal, UserSearchFilter userSrchFilter, java.lang.String typeOfAccess, java.lang.String applicationId) Returns the users that the specified principal can view from across the providers that are associated with the specified application and search filter passed in.
CSSUserIF[]	getAllProvisionedUsersInApps(java.util.Map context, CSSPrincipalIF principal, UserSearchFilter userSrchFilter, com.hyperion.css.common.CSSRoleInfo[] rolesInfo, java.lang.String typeOfAccess) Returns all the provisioned users in specified applications across providers.
CSSApplicationInstance[]	getApplicationsForPrincipal(java.util.Map context, CSSPrincipalIF principal, java.lang.String roleIdentity) Gets the Applications that this principal is associated with.
java.lang.String[]	getDelegatedEntries(java.util.Map context, CSSPrincipalIF principal, java.lang.String[] identities) Returns the css identities that the principal has access to from the specified list of CSS identities.
CSSNodeIF[]	getGraphForGroupEntries(java.util.Map context, CSSPrincipalIF principal, java.lang.String[] groupEntries, int level) Returns the graph of the "memberOf " relationships between groups and users with groups.
CSSGroupIF	getGroupByIdentity(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity, java.lang.String applicationId) Returns the group with the specified identity provisioned to the specified application id.
CSSGroupIF	getGroupByIdentity(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity, java.lang.String applicationId, java.lang.String typeOfAccess) Deprecated.
CSSGroupIF[]	getGroups(java.util.Map context, CSSPrincipalIF principal, java.lang.String groupName, java.lang.String typeOfAccess, java.lang.String applicationId) Returns the groups that the specified principal can view from across providers and if an application is specified then the groups returned are associated with the application.
CSSGroupIF[]	getGroupsWithRoleInApplication(java.util.Map context, CSSPrincipalIF principal, java.lang.String groupNameFilter, java.lang.String roleIdentity, java.lang.String applicationId, java.lang.String typeOfAccess) Returns the groups that the principal can view with the role specified in this application.
java.lang.String	getProjectForApplication(java.util.Map context, CSSPrincipalIF principal, java.lang.String applicationId) Gets the Project for the Application specified.
CSSApplicationInfoIF[]	getProvisionedApplications(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity, java.lang.String[] productCodes) Returns an array containing CSSApplicationInfoIF objects for all applications in given products for which this user/group has been provisioned.
java.lang.String[]	getProvisionedApps(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity) Deprecated.
java.lang.String[]	getProvisionedApps(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity, java.lang.String productCode) Deprecated.
CSSRoleIF	getRoleByIdentity(java.util.Map context, CSSPrincipalIF principal, java.lang.String roleIdentity) Return the role with the specified identity.
CSSRoleIF	getRoleByIdentity(java.util.Map context, CSSPrincipalIF principal, java.lang.String roleIdentity, java.lang.String typeOfAccess) Deprecated.
CSSRoleIF[]	getRoles(java.util.Map context, CSSPrincipalIF principal, com.hyperion.css.common.RoleSearchFilter roleSrchFilter) Gets the roles associated with the query attributes like, ROLENAME,PRODUCTNAME, DESCRIPTION.
CSSRoleIF[]	getRoles(java.util.Map context, CSSPrincipalIF principal, java.lang.String roleName, java.lang.String typeOfAccess, java.lang.String applicationId) Gets the roles associated with this application.
CSSRoleIF[]	getRolesByApplication(java.util.Map context, CSSPrincipalIF principal, java.lang.String applicationId, java.lang.String roleName, java.lang.String typeOfAccess) Gets the roles registered by the Application that this principal has the Provisioning Manager role to.
CSSRoleIF[]	getRolesByProductType(java.util.Map context, CSSPrincipalIF principal, java.lang.String productTypeIdentity, java.lang.String roleNameFilter, java.lang.String typeOfAccess) Gets the roles for this productType (both preconfigured as well as aggregated) that this principal has Provisioning Manager Role to.
java.lang.String[]	getRolesForGroupInApplication(java.util.Map context, CSSPrincipalIF principal, java.lang.String groupIdentity, java.lang.String applicationId, boolean indirect) All the roles that are assigned to this group for this application are returned.
java.lang.String[]	getRolesForUserInApplication(java.util.Map context, CSSPrincipalIF principal, java.lang.String userIdentity, java.lang.String applicationId, boolean indirect) Gets the roles assigned to a user for a application.
CSSAppEntryIF[]	getRolesListForEntries(java.util.Map context, CSSPrincipalIF principal, java.lang.String[] entryIdentities, java.lang.String[] appIds, boolean indirect) Returns the roles that these array of entries are assigned to within the context of the specified applications.
CSSAppEntryIF[]	getRolesListForEntry(java.util.Map context, CSSPrincipalIF principal, java.lang.String entryIdentity, java.lang.String[] appIds, boolean indirect) Returns the roles that this entry is assigned to within the context of the specified applications.
CSSUserIF	getUserByIdentity(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity, java.lang.String applicationId) Returns the user with the specified identity provisioned to the specified application id.
CSSUserIF	getUserByIdentity(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity, java.lang.String applicationId, java.lang.String typeOfAccess) Deprecated.
CSSUserIF[]	getUsers(java.util.Map context, CSSPrincipalIF principal, java.lang.String userName, java.lang.String typeOfAccess, java.lang.String applicationId) Returns the users that the principal can view from across the providers and if an application ID is specified then the users returned are associated with the application.
java.util.List	getUsersByIdentity(java.util.Map context, CSSPrincipalIF principal, java.util.List identities, java.lang.String applicationId) Returns users with specified identities provisioned to the specified application id.
java.util.List	getUsersByIdentity(java.util.Map context, CSSPrincipalIF principal, java.util.List identities, java.lang.String applicationId, java.lang.String typeOfAccess) Deprecated.
CSSUserIF[]	getUsersWithRoleInApplication(java.util.Map context, CSSPrincipalIF principal, java.lang.String userNameFilter, java.lang.String roleIdentity, java.lang.String applicationId, java.lang.String typeOfAccess) Returns the users that the principal can view with the role specified in this application.
boolean	isProvisioned(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity, java.lang.String applicationId) Checks to see if a user/group has been provisioned.
void	moveApplication(java.util.Map context, CSSPrincipalIF principal, java.lang.String appId, java.lang.String projectId) Moves the application from one project to another.
void	removeApplicationFromProject(java.util.Map context, CSSPrincipalIF principal, java.lang.String applicationId, java.lang.String projectId) Removes an Application from a Project.
void	reRegisterApplication(java.util.Map context, CSSPrincipalIF principal, CSSApplicationInstance applicationInstance) For Internal Use only - Re-registers an Application that is associated with a Project.
void	setRolesList(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity, java.lang.String[] roles, java.lang.String applicationId, boolean add) Sets the roles for this user or group.
void	updateApplication(java.util.Map context, CSSPrincipalIF principal, CSSApplicationInstance applicationInstance) For Internal Use only - This method will be used to synchronize CMS and CSS, whenever a application display name is updated.

Method Detail

moveApplication

public void moveApplication(java.util.Map context,
                            CSSPrincipalIF principal,
                            java.lang.String appId,
                            java.lang.String projectId)
                     throws CSSRollbackException

Moves the application from one project to another. This method is for internal use only and should be invoked by the HUB components so as to enable CSS to sync itself with the other HUB components. These are some of the checks and behavior: 1. Preserves the provisioning information that is associated with the application. 2. The principal needs to be either a HUB administrator or a provisioning manager of that app and a Project Manager having access to the projects for this operation to be successful.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller

appId - - the id of the application that needs to be moved

projectId - - the id of the project that the application needs to be moved to.

Throws:

CSSRollbackException - - if the operation could not be performed. This is a signal to the caller to make the necessary rollbacks to preserve the consistency. If the principal does not have the appropriate access on the project or the application to be moved to that project, then this application is thrown.

copyProvisioning

public void copyProvisioning(java.util.Map context,
                             CSSPrincipalIF principal,
                             java.lang.String fromAppId,
                             java.lang.String toAppId)
                      throws CSSCommunicationException,
                             CSSAuthorizationException,
                             CSSException

Copy's the provisioning information from a source application to the destination application. These are some of the checks and behavior: 1. The applications are of the same product code and version. 2. The principal is a provisioning manager for the destination application. 3. The copy leads to the elimination of existing provisoining information of the destination appplication 4. The principal is associated as a provisioning manager of the destination application. TODO: Can copy happen across projects?

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller

fromAppId - - the id of the source application

toAppId - - the id of the destination application

Throws:

CSSAuthorizationException - - if the principal is not the provisioning manager of the destination application

CSSException - - any other abnormality

CSSCommunicationException

isProvisioned

public boolean isProvisioned(java.util.Map context,
                             CSSPrincipalIF principal,
                             java.lang.String identity,
                             java.lang.String applicationId)
                      throws CSSAuthorizationException,
                             CSSInvalidUserException,
                             CSSInvalidGroupException,
                             CSSInvalidIdentityException,
                             CSSCommunicationException,
                             CSSException

Checks to see if a user/group has been provisioned. A user/group if provisioned if it has been assigned to a Application through a role association. The principal needs to be atleast a CSSAPIIF.ROLE_PROVISIONING_MANAGER_IDENTITYand should also have view access on the user or group for invoking this method otherwise an CSSAuthorizationException is thrown. If the principal does not have CSSPermissionIF.VIEWon the applicationId then a CSSAuthorizationException is thrown. On the other hand if a applicationId is not specified and the principal does not have visibility on any applications then false is returned. The applicationId will specify one of the following:

1. applicationId
2. CSSAPIIF.SPECIFY_ALL: All applications that this principal has atleast CSSPermissionIF.VIEWon would be searched.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller

identity - - the identity of the user or group.

applicationId - - the id of the application.

Returns:

- true if the user or group is provisioned either directly or indirectly to a application or the list of applications that are viewable by the principal. Also returns trus if the user or group is assigned any global roles. False is returned if the user does not have any roles assigned on the applications viewable by the principal.

Throws:

CSSAuthorizationException - - if the principal is not authorized to perform this operation. The principal does not have view access on the user/group specified or the application if specified.

CSSInvalidUserException - - if the user with the identity does not exist anymore.

CSSInvalidGroupException - - if the group with the identity does not exist anymore.

CSSInvalidIdentityException - - If the user or group with the specified identity does not exist

CSSException - - any other abnormality.

CSSCommunicationException

disassociateFromProject

public void disassociateFromProject(java.util.Map context,
                                    CSSPrincipalIF principal,
                                    java.lang.String projectId)
                             throws CSSRollbackException,
                                    CSSCommunicationException,
                                    CSSException

Disassociate a Project. This method needs to be invoked when a Project is deleted. This disassociates the users and groups with that Project. Deletion of a Project is permissible iff there are no more constituent Applications. This event is audited. The implementation of a Project and its associations with users and groups might lead to this method being made defunct. Once we dwleve into the implementation, we will revisit this method.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller

projectId - - the id of the project.

Throws:

CSSRollbackException - - if the project reference cannot be deleted in CSS. This would signal the caller to rollback their transaction to maintain integrity between CSS and their repository. If the principal does not have the appropriate access on the project then this exception is thrown.

CSSException - - any other abnormality.

CSSCommunicationException

removeApplicationFromProject

public void removeApplicationFromProject(java.util.Map context,
                                         CSSPrincipalIF principal,
                                         java.lang.String applicationId,
                                         java.lang.String projectId)
                                  throws CSSException,
                                         CSSCommunicationException,
                                         CSSRollbackException

Removes an Application from a Project. The CSS behavior is the same for this event as that of the deletion and subsequent deregistration of an Application from the Project.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller

applicationId - - the id for the application

projectId - - the id for the Project

Throws:

CSSRollbackException - - if the application cannot be removed from a project in CSS. This would signal the caller to rollback their transaction to maintain integrity between CSS and their repository. If the principal does not have the appropriate access on the project then this exception is thrown as well.

CSSException - - any other abnormality.

CSSCommunicationException

addApplicationToProject

public void addApplicationToProject(java.util.Map context,
                                    CSSPrincipalIF principal,
                                    CSSApplicationInstance applicationInstance)
                             throws CSSException,
                                    CSSCommunicationException,
                                    CSSRollbackException

For Internal Use only - Adds an Application to a Project. This implies that if there is an existing Application of the type of the Application being added then the users and groups associated with that Application would need to be associated with this Application as well. Addition of an App to a Project does not effect CSS but since we duplicate the project and app contaiment, this event is captured in this method call.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller

applicationInstance - - the instance of CSSApplicationInstance

Throws:

CSSRollbackException - - if the application cannot be added to a project in CSS. This would signal the caller to rollback their transaction to maintain integrity between CSS and their repository. If the principal does not have the appropriate access on the project then this exception is thrown as well.

CSSException - - any other abnormality.

CSSCommunicationException

updateApplication

public void updateApplication(java.util.Map context,
                              CSSPrincipalIF principal,
                              CSSApplicationInstance applicationInstance)
                       throws CSSException,
                              CSSRollbackException

For Internal Use only - This method will be used to synchronize CMS and CSS, whenever a application display name is updated.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller

applicationInstance - - the instance of CSSApplicationInstance

Throws:

CSSRollbackException - - if the application cannot be added to a project in CSS. This would signal the caller to rollback their transaction to maintain integrity between CSS and their repository. If the principal does not have the appropriate access on the project then this exception is thrown as well.

CSSException - - any other abnormality.

deleteProduct

public void deleteProduct(java.util.Map context,
                          CSSPrincipalIF principal,
                          java.lang.String productType)
                   throws CSSRollbackException,
                          CSSCommunicationException,
                          CSSException

For internal use only. Invoked when a product is deleted. This call will ensure all roles for the product is clean in the Native Directory.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

productType - - the productType value. Ex: HFM-4.0.0.

Throws:

CSSRollbackException - - if the product cannot be deleted in CSS. This would signal the caller to rollback their transaction to maintain integrity between CSS and their repository. If the principal does not have the appropriate access on the product then this exception is thrown as well.

CSSCommunicationException - - Thrown on communication problems.

CSSException - - any other abnormality.

getApplicationsForPrincipal

public CSSApplicationInstance[] getApplicationsForPrincipal(java.util.Map context,
                                                            CSSPrincipalIF principal,
                                                            java.lang.String roleIdentity)
                                                     throws CSSInvalidIdentityException,
                                                            CSSCommunicationException,
                                                            CSSException

Gets the Applications that this principal is associated with. A principal is associated with a Application through a role. If the principal is not authorized for a Application with the specified role then it is not returned. The principal has to has the A A principal also needs to have atleast the CSSAPIIF.ROLE_PROVISIONING_MANAGER_IDENTITY to see the Application

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null

roleIdentity - - the identity for the role. For instance: CSSAPIIF.ROLE_PROVISIONING_MANAGER_IDENTITY

Returns:

- an array of Application Instances. Empty if the conditions are not met.

Throws:

CSSInvalidIdentityException - - if the identity argument is not valid or is malformed.

CSSException - - any other abnormality.

CSSCommunicationException

getRolesForUserInApplication

public java.lang.String[] getRolesForUserInApplication(java.util.Map context,
                                                       CSSPrincipalIF principal,
                                                       java.lang.String userIdentity,
                                                       java.lang.String applicationId,
                                                       boolean indirect)
                                                throws CSSAuthorizationException,
                                                       CSSInvalidIdentityException,
                                                       CSSInvalidUserException,
                                                       CSSCommunicationException,
                                                       CSSException

Gets the roles assigned to a user for a application. All the roles that are assigned to this user for this application are returned. A CSSAuthorizationException will be thrown if the specified principal does not have access to the user.

The aggregated roles are also returned along with their constituents.

If the user has any Hub Roles (like Administrator), then these are also returned.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

userIdentity - - the identity for the user

applicationId - - the id for the Application.

indirect - - if true then returns the roles assigned to this user through indirect associations such as through parent groups.

Returns:

String[] - the array of role identities. Empty if there are no roles to be returned.

Throws:

CSSAuthorizationException - - if the principal does not have VIEW access on the application or the user.

CSSInvalidUserException - - if the user with the identity does not exist anymore.

CSSInvalidIdentityException - - If the user with the specified identity does not exist

CSSException - - any other abnormality.

CSSCommunicationException

getRolesForGroupInApplication

public java.lang.String[] getRolesForGroupInApplication(java.util.Map context,
                                                        CSSPrincipalIF principal,
                                                        java.lang.String groupIdentity,
                                                        java.lang.String applicationId,
                                                        boolean indirect)
                                                 throws CSSAuthorizationException,
                                                        CSSInvalidIdentityException,
                                                        CSSInvalidGroupException,
                                                        CSSCommunicationException,
                                                        CSSException

All the roles that are assigned to this group for this application are returned. A CSSAuthorizationException will be thrown if the specified principal does not have access to this group. The aggregated roles are also returned along with their constituents. If the group has any Hub Roles (like Administrator ), then please pass in the hub application id to retrieve those..

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

groupIdentity - - the identity for the group

applicationId - - the id for the Application

indirect - - if true then returns the roles assigned to this group through indirect associations such as through parent groups.

Returns:

String[] - the array of role identities. Empty if there are no roles.

Throws:

CSSAuthorizationException - - if the principal does not have VIEW access on the application or the group.

CSSInvalidGroupException - - if the group with the identity does not exist anymore.

CSSInvalidIdentityException - - If the group with the specified identity does not exist

CSSException - - any other abnormality.

CSSCommunicationException

getRolesByProductType

public CSSRoleIF[] getRolesByProductType(java.util.Map context,
                                         CSSPrincipalIF principal,
                                         java.lang.String productTypeIdentity,
                                         java.lang.String roleNameFilter,
                                         java.lang.String typeOfAccess)
                                  throws CSSIllegalArgumentException,
                                         CSSCommunicationException,
                                         CSSException

Gets the roles for this productType (both preconfigured as well as aggregated) that this principal has Provisioning Manager Role to. The productType could be "HFM-3.0.0" etc.

The roleName could contain a wildcard such as "*". This implies that all the matching roles in the directory need to be returned.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

productTypeIdentity - - specifies the identity of the product type. For instance: HFM-3.0.0. The productType can be constructed utilizing:

roleNameFilter - - the filter for the role name.

typeOfAccess - - reserved for future use. Can be null.

Returns:

CSSRoleIF[] - the role instances. Empty if there are no roles.

Throws:

CSSIllegalArgumentException - - if the parameters are not valid. For instance: the productTypeIdentity is not valid.

CSSException - - any other abnormality.

CSSCommunicationException

getRolesByApplication

public CSSRoleIF[] getRolesByApplication(java.util.Map context,
                                         CSSPrincipalIF principal,
                                         java.lang.String applicationId,
                                         java.lang.String roleName,
                                         java.lang.String typeOfAccess)
                                  throws CSSAuthorizationException,
                                         CSSCommunicationException,
                                         CSSException

Gets the roles registered by the Application that this principal has the Provisioning Manager role to.

The roleName could contain a wildcard such as "*". This implies that all the matching roles in the directory need to be returned.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

applicationId - - specifies the id for the application.

roleName - - the filter for the role name. Empty if the principal does not have the specified access on any of the roles.

typeOfAccess - - reserved for future use. Can be null.

Returns:

CSSRoleIF[] - the role instances. Empty if there are no roles. to return.

Throws:

CSSAuthorizationException - - if the principal does not have atleas VIEW on the application.

CSSException - - any other abnormality.

CSSCommunicationException

getRoles

public CSSRoleIF[] getRoles(java.util.Map context,
                            CSSPrincipalIF principal,
                            java.lang.String roleName,
                            java.lang.String typeOfAccess,
                            java.lang.String applicationId)
                     throws CSSAuthorizationException,
                            CSSCommunicationException,
                            CSSException

Gets the roles associated with this application. This method would be primarily useful when working with ACLS in terms of their creation or modification. The applicationId will specify one of the following:

1. applicationId
2. CSSAPIIF.SPECIFY_NONE: Roles across applications would be returned.

We return role instances instead of identities as the search is on the name of the role.

The roleName could contain a wildcard such as "*". This implies that all the matching roles in the directory need to be returned.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

roleName - - the filter for the role name.

typeOfAccess - - reserved for future use. Can be null.

applicationId - - the id for the application. The roles are returned for the product that this application associated with.

Returns:

CSSRoleIF[] - the array of role instances.Empty if there are no entries to return.

Throws:

CSSAuthorizationException - - if the principal does not have atleas VIEW on the application

CSSException - - any other abnormality.

CSSCommunicationException

getRoles

public CSSRoleIF[] getRoles(java.util.Map context,
                            CSSPrincipalIF principal,
                            com.hyperion.css.common.RoleSearchFilter roleSrchFilter)
                     throws CSSAuthorizationException,
                            CSSCommunicationException,
                            CSSException

Gets the roles associated with the query attributes like, ROLENAME,PRODUCTNAME, DESCRIPTION. These are obtained from role search filter passed as arguement to this api. We return role instances instead of identities as the search is on the name of the role.

The attribute could contain a wildcard such as "*". This implies that all the matching roles in the directory need to be returned.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

roleSrchFilter - - which contains the filter attributes abd values.

Returns:

CSSRoleIF[] - the array of role instances.Empty if there are no entries to return.

Throws:

CSSAuthorizationException - - if the principal does not have atleas VIEW on the application

CSSException - - any other abnormality.

CSSCommunicationException

getRoleByIdentity

public CSSRoleIF getRoleByIdentity(java.util.Map context,
                                   CSSPrincipalIF principal,
                                   java.lang.String roleIdentity)
                            throws CSSInvalidRoleException,
                                   CSSInvalidIdentityException,
                                   CSSCommunicationException,
                                   CSSException

Return the role with the specified identity.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

roleIdentity - - the identity of the role.

Returns:

CSSRoleIF - The Role Object for the specified identity.

Throws:

CSSInvalidRoleException - - the role specified by the identity does not exist.

CSSInvalidIdentityException - - If the identity specified is not valid.

CSSException - - Any other reasons.

CSSCommunicationException

getRoleByIdentity

public CSSRoleIF getRoleByIdentity(java.util.Map context,
                                   CSSPrincipalIF principal,
                                   java.lang.String roleIdentity,
                                   java.lang.String typeOfAccess)
                            throws CSSInvalidRoleException,
                                   CSSInvalidIdentityException,
                                   CSSCommunicationException,
                                   CSSException

Deprecated.

Use getRoleByIdentity(Map, CSSPrincipalIF, String) instead.

Throws:

CSSInvalidRoleException

CSSInvalidIdentityException

CSSCommunicationException

CSSException

getUsers

public CSSUserIF[] getUsers(java.util.Map context,
                            CSSPrincipalIF principal,
                            java.lang.String userName,
                            java.lang.String typeOfAccess,
                            java.lang.String applicationId)
                     throws CSSCommunicationException,
                            CSSException

Returns the users that the principal can view from across the providers and if an application ID is specified then the users returned are associated with the application. In order to be associated with an application, the user has to have a role for this application.

The context can specify the following:

1. CSSAPIIF.LOCALE
2. CSSAPIIF.ENTITY_DEACTIVATE - Deactivated users would be returned as well.

The applicationId will specify one of the following:

1. applicationId
2. CSSAPIIF.SPECIFY_NONE: if the user list required is not application specific. This will return a list of users from across directories.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

userName - - the userName. A filter can be specified here.

typeOfAccess - - the typeOfAccess can be CSSAPIIF.ACCESS_TYPE_VIEW or CSSAPIIF.ACCESS_TYPE_MANAGE.

applicationId - - the id for the application.

Returns:

if empty is returned then a user with the name specified does not exist.

Throws:

CSSCommunicationException - - if provider is specified with the name of the user viz. in the userName argument but is not reachable. For instance: "userName@providerName".

CSSException

getUserByIdentity

public CSSUserIF getUserByIdentity(java.util.Map context,
                                   CSSPrincipalIF principal,
                                   java.lang.String identity,
                                   java.lang.String applicationId,
                                   java.lang.String typeOfAccess)
                            throws CSSCommunicationException,
                                   CSSInvalidIdentityException,
                                   CSSInvalidUserException,
                                   CSSAuthorizationException,
                                   CSSUserNotProvisionedException,
                                   CSSException

Deprecated.

Use getUserByIdentity(Map, CSSPrincipalIF, String, String) instead.

Throws:

CSSCommunicationException

CSSInvalidIdentityException

CSSInvalidUserException

CSSAuthorizationException

CSSUserNotProvisionedException

CSSException

getUserByIdentity

public CSSUserIF getUserByIdentity(java.util.Map context,
                                   CSSPrincipalIF principal,
                                   java.lang.String identity,
                                   java.lang.String applicationId)
                            throws CSSCommunicationException,
                                   CSSInvalidIdentityException,
                                   CSSInvalidUserException,
                                   CSSAuthorizationException,
                                   CSSUserNotProvisionedException,
                                   CSSException

Returns the user with the specified identity provisioned to the specified application id. A CSSAuthorizationException will be thrown if the principal does not have access to this application.

The applicationId will specify one of the following:

1. applicationId: If the user is not associated with the application CSSUserNotProvisionedException will be thrown.
2. CSSAPIIF.SPECIFY_NONE: This will return the CSSUserIF irrespective of the users association with the application.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

identity - - the identity of the user.

applicationId - - the application Id.

Returns:

CSSUserIF - The User Object for the specified identity.

Throws:

CSSCommunicationException - - If the provider is not reachable.

CSSInvalidIdentityException - - If the identity specified is not valid.

CSSUserNotProvisionedException - - If the User Identity specfied is not provisioned to the application specified.

CSSAuthorizationException - - If the principal does not have access to the application.

CSSInvalidUserException - - this implies that the user does not exist but must have existed at some time in the past.

CSSException - Any other reasons.

getUsersByIdentity

public java.util.List getUsersByIdentity(java.util.Map context,
                                         CSSPrincipalIF principal,
                                         java.util.List identities,
                                         java.lang.String applicationId,
                                         java.lang.String typeOfAccess)
                                  throws CSSCommunicationException,
                                         CSSInvalidIdentityException,
                                         CSSInvalidUserException,
                                         CSSAuthorizationException,
                                         CSSUserNotProvisionedException,
                                         CSSException

Deprecated.

Use getUsersByIdentity(Map, CSSPrincipalIF, List, String) instead.

Throws:

CSSCommunicationException

CSSInvalidIdentityException

CSSInvalidUserException

CSSAuthorizationException

CSSUserNotProvisionedException

CSSException

getUsersByIdentity

public java.util.List getUsersByIdentity(java.util.Map context,
                                         CSSPrincipalIF principal,
                                         java.util.List identities,
                                         java.lang.String applicationId)
                                  throws CSSCommunicationException,
                                         CSSInvalidIdentityException,
                                         CSSInvalidUserException,
                                         CSSAuthorizationException,
                                         CSSUserNotProvisionedException,
                                         CSSException

Returns users with specified identities provisioned to the specified application id. A CSSAuthorizationException will be thrown if the specified principal does not have access to the application.

The applicationId will specify one of the following:

1. applicationId: If the user is not associated with the application CSSUserNotProvisionedException will be thrown.
2. CSSAPIIF.SPECIFY_NONE: This will return the CSSUserIF irrespective of the users association with the application.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

identities - - A list of identities of users.

applicationId - - the application Id.

Returns:

List - A list of CSSUserIF objects if lookup for all identities is sucessful.

Throws:

CSSCommunicationException - - If the provider is not reachable.

CSSInvalidIdentityException - - If any one of the identities specified is not valid.

CSSUserNotProvisionedException - - If any of the user identitities specfied is not provisioned to the application specified.

CSSAuthorizationException - If the principal is not authorized to view this application.

CSSInvalidUserException - - this implies that the user does not exist but must have existed at some time in the past.

CSSException - Any other reasons.

getAllProvisionedUsersInApp

public CSSUserIF[] getAllProvisionedUsersInApp(java.util.Map context,
                                               CSSPrincipalIF principal,
                                               java.lang.String userName,
                                               java.lang.String typeOfAccess,
                                               java.lang.String applicationId)
                                        throws CSSCommunicationException,
                                               CSSException

Returns the users that the specified principal can view from across the providers that are associated with the application specified. Interest in a provider cannot be specified for this method. Please note that this returns all users that are provisioned to this app either directly or indirectly through group membership. In order to be associated with an application, the user has to have a role for this application.

The context can specify the following:

1. CSSAPIIF.LOCALE
2. CSSAPIIF.ENTITY_DEACTIVATE - if specified, then the deactivated users will be returned as well.

In Joyce, this method returns both active and inactive users and the CSSAPIIF.ENTITY_DEACTIVATE is not implemented.

The applicationId will specify the applicationId.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

userName - - the userName. A filter can be specified here.

typeOfAccess - - the typeOfAccess can be CSSAPIIF.ACCESS_TYPE_VIEW or CSSAPIIF.ACCESS_TYPE_MANAGE.

applicationId - - the id for the application.

Returns:

if empty is returned then a user with the name specified does not exist.

Throws:

CSSCommunicationException - - if any of the configured provider is not reachable.

CSSException

getAllProvisionedUsersInApp

public CSSUserIF[] getAllProvisionedUsersInApp(java.util.Map context,
                                               CSSPrincipalIF principal,
                                               UserSearchFilter userSrchFilter,
                                               java.lang.String typeOfAccess,
                                               java.lang.String applicationId)
                                        throws CSSCommunicationException,
                                               CSSException

Returns the users that the specified principal can view from across the providers that are associated with the specified application and search filter passed in. Interest in a provider cannot be specified for this method. Please note that this returns all users that are provisioned to this app either directly or indirectly through group membership. In order to be associated with an application, the user has to have a role for this application.

UserSearchFilter contains user filter attributes and values like, USERNAME,FIRSTNAME,LASTNAME,EMAIL,DESCRIPTION. This supports wild card search. Eg. The search for users based on *userName* should return all users matching this pattern.

when the attribute value is specified as "*" This implies that all the users in the directory need to be returned.The query can be based on any one of the above attributes.

Sample use of the application:

 UserSearchFilter userSrchFilter = new UserSearchFilter(UserFilterAttribute.FIRSTNAME, "*j*");
 CSSUserIF[] users = upAPI.getAllProvisionedUsersInApp(context, principal, userSrchFilter, CSSAPIIF.ACCESS_TYPE_MANAGE, "HP1:HPLOCAL");
 

The context can specify the following:

1. CSSAPIIF.LOCALE
2. CSSAPIIF.ENTITY_DEACTIVATE - if specified, then the deactivated users will be returned as well.

In Joyce, this method returns both active and inactive users and the CSSAPIIF.ENTITY_DEACTIVATE is not implemented.

The applicationId will specify the applicationId.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

userSrchFilter - - contains the search filter attribute and value.

typeOfAccess - - the typeOfAccess can be CSSAPIIF.ACCESS_TYPE_VIEW or CSSAPIIF.ACCESS_TYPE_MANAGE.

applicationId - - the id for the application.

Returns:

if null is returned then a user with the specified filter does not exist.

Throws:

CSSCommunicationException - - if any of the configured provider is not reachable.

CSSException

getGroups

public CSSGroupIF[] getGroups(java.util.Map context,
                              CSSPrincipalIF principal,
                              java.lang.String groupName,
                              java.lang.String typeOfAccess,
                              java.lang.String applicationId)
                       throws CSSCommunicationException,
                              CSSException

Returns the groups that the specified principal can view from across providers and if an application is specified then the groups returned are associated with the application. In order to be associated with an application, the group has to have a role for this application.

The context can specify the following:

1. CSSAPIIF.LOCALE

The applicationId will specify one of the following:

1. applicationId
2. CSSAPIIF.SPECIFY_NONE: if the group list required is not application specific. This will return a list of group from across directories.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

groupName - - the group Name. A filter can be specified here.

typeOfAccess - - the typeOfAccess can be CSSAPIIF.ACCESS_TYPE_VIEW or CSSAPIIF.ACCESS_TYPE_MANAGE.

applicationId - - the id for the application.

Returns:

if null is returned then a group with the name specified does not exist.

Throws:

CSSCommunicationException - - if provider is specified with the name of the user viz. in the userName argument but is not reachable. For instance: "groupName@providerName".

CSSException

getGroupByIdentity

public CSSGroupIF getGroupByIdentity(java.util.Map context,
                                     CSSPrincipalIF principal,
                                     java.lang.String identity,
                                     java.lang.String applicationId,
                                     java.lang.String typeOfAccess)
                              throws CSSCommunicationException,
                                     CSSInvalidIdentityException,
                                     CSSInvalidGroupException,
                                     CSSGroupNotProvisionedException,
                                     CSSAuthorizationException,
                                     CSSException

Deprecated.

Use getGroupByIdentity(Map, CSSPrincipalIF, String, String) instead.

Throws:

CSSCommunicationException

CSSInvalidIdentityException

CSSInvalidGroupException

CSSGroupNotProvisionedException

CSSAuthorizationException

CSSException

getGroupByIdentity

public CSSGroupIF getGroupByIdentity(java.util.Map context,
                                     CSSPrincipalIF principal,
                                     java.lang.String identity,
                                     java.lang.String applicationId)
                              throws CSSCommunicationException,
                                     CSSInvalidIdentityException,
                                     CSSInvalidGroupException,
                                     CSSGroupNotProvisionedException,
                                     CSSAuthorizationException,
                                     CSSException

Returns the group with the specified identity provisioned to the specified application id. A CSSAuthorizationException will be thrown if the specified principal does have access to the application.

The applicationId will specify one of the following:

1. applicationId: If the group is not associated with the application CSSGroupNotProvisionedException will be thrown.
2. CSSAPIIF.SPECIFY_NONE: This will return the CSSGroupIF irrespective of the groups association with the application.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

identity - - the identity of the group.

applicationId - - the application Id.

Returns:

CSSGroupIF - The Group Object for the specified identity.

Throws:

CSSCommunicationException - - If the provider is not reachable.

CSSInvalidIdentityException - - If the identity specified is not valid.

CSSInvalidGroupException - - this implies that the group does not exist but must have existed at some time in the past.

CSSAuthorizationException - If the principal is not authorized to view this application.

CSSGroupNotProvisionedException - - If the Group Identity specfied is not provisioned to the application specified.

CSSException - Any other reasons.

getAllProvisionedGroupsInApp

public CSSGroupIF[] getAllProvisionedGroupsInApp(java.util.Map context,
                                                 CSSPrincipalIF principal,
                                                 java.lang.String groupName,
                                                 java.lang.String typeOfAccess,
                                                 java.lang.String applicationId)
                                          throws CSSCommunicationException,
                                                 CSSException

Returns the groups that the specified principal can view from across the providers that are associated with the application specified. Interest in a provider cannot be specified for this method. Please note that this returns all groups that are provisioned to this app either directly or indirectly through group membership. In order to be associated with an application, the group has to have a role for this application.

The context can specify the following:

1. CSSAPIIF.LOCALE

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

groupName - - the group Name. A filter can be specified here.

typeOfAccess - - the typeOfAccess can be CSSAPIIF.ACCESS_TYPE_VIEW or CSSAPIIF.ACCESS_TYPE_MANAGE.

applicationId - - the id for the application.

Returns:

if null is returned then a group with the name specified does not exist.

Throws:

CSSCommunicationException - - if any of the configured provider is not reachable.

CSSException

getAllProvisionedGroupsInApp

public CSSGroupIF[] getAllProvisionedGroupsInApp(java.util.Map context,
                                                 CSSPrincipalIF principal,
                                                 GroupSearchFilter groupSrchFilter,
                                                 java.lang.String typeOfAccess,
                                                 java.lang.String applicationId)
                                          throws CSSCommunicationException,
                                                 CSSException

Returns the groups that the specified principal can view from across the providers that are associated with the specified application and search filter passed in. Interest in a provider cannot be specified for this method. Please note that this returns all groups that are provisioned to this app either directly or indirectly through group membership.

GroupSearchFilter stores the search criteria for searching groups. Search is based on GroupFilterAttribute representing group filter attributes such as GROUPNAME / DESCRIPTION, groupFilter accepting wildcards In order to be associated with an application, the group has to have a role for this application.

Sample use of the application:

 GroupSearchFilter groupSrchFilter = new GroupSearchFilter(GroupFilterAttribute.DESCRIPTION, "*v*");
 CSSGroupIF[] groups = upAPI.getAllProvisionedGroupsInApp(context, principal, groupSrchFilter, CSSAPIIF.ACCESS_TYPE_MANAGE, "HP1:HPLOCAL");
 

The context can specify the following:

1. CSSAPIIF.LOCALE

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

groupSrchFilter - - contains the search filter attribute and value.

typeOfAccess - - the typeOfAccess can be CSSAPIIF.ACCESS_TYPE_VIEW or CSSAPIIF.ACCESS_TYPE_MANAGE.

applicationId - - the id for the application.

Returns:

if null is returned then a group with the specified filter does not exist.

Throws:

CSSCommunicationException - - if any of the configured provider is not reachable.

CSSException

setRolesList

public void setRolesList(java.util.Map context,
                         CSSPrincipalIF principal,
                         java.lang.String identity,
                         java.lang.String[] roles,
                         java.lang.String applicationId,
                         boolean add)
                  throws CSSCommunicationException,
                         CSSAuthorizationException,
                         CSSInvalidIdentityException,
                         CSSException

Sets the roles for this user or group. Check to make sure that the caller has the appropriate privileges on this Application. A CSSAuthorizationException will be thrown if the principal does not have access to the identity specified. For assigning users and groups to Hub Global roles, please use the CSSAPIIF.HUB_APPLICATION_IDas the application id. For the roles that are specific to applications, please pass in the product's application id.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller

identity - - the identity of the user or group

roles - - the identities of the roles.

applicationId - - the id of the Application

add - - if true, then the roles are added to the existing roles. Otherwise, the existing roles are replaced.

Throws:

CSSCommunicationException

CSSAuthorizationException - - If the principal does not have access to the idenitity specified.

CSSInvalidIdentityException

CSSException

getProjectForApplication

public java.lang.String getProjectForApplication(java.util.Map context,
                                                 CSSPrincipalIF principal,
                                                 java.lang.String applicationId)
                                          throws CSSCommunicationException,
                                                 CSSException

Gets the Project for the Application specified.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

applicationId - - the id of the Application.

Returns:

String

Throws:

CSSException

CSSCommunicationException

getUsersWithRoleInApplication

public CSSUserIF[] getUsersWithRoleInApplication(java.util.Map context,
                                                 CSSPrincipalIF principal,
                                                 java.lang.String userNameFilter,
                                                 java.lang.String roleIdentity,
                                                 java.lang.String applicationId,
                                                 java.lang.String typeOfAccess)
                                          throws CSSCommunicationException,
                                                 CSSException

Returns the users that the principal can view with the role specified in this application.

The context can specify the following:

1. CSSAPIIF.LOCALE
2. CSSAPIIF.ENTITY_DEACTIVATE- if specified, then the deactivated users will be returned as well.
3. CSSAPIIF.DIRECT_ROLE_ONLY- if specified, only the role identity passed is considered. Else, the parent roles of the role identity passed also are considered.

In Joyce, this method returns both active and inactive users and the CSSAPIIF.ENTITY_DEACTIVATE is not implemented. To get all users associated with this application through any of the roles, please pass in CSSAPIIF.SPECIFY_ALLfor the roleIdentity argument.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

userNameFilter -

roleIdentity -

applicationId -

typeOfAccess - - the typeOfAccess can be CSSAPIIF.ACCESS_TYPE_VIEW or CSSAPIIF.ACCESS_TYPE_MANAGE.

Returns:

CSSUserIF[]

Throws:

CSSException

CSSCommunicationException

getGroupsWithRoleInApplication

public CSSGroupIF[] getGroupsWithRoleInApplication(java.util.Map context,
                                                   CSSPrincipalIF principal,
                                                   java.lang.String groupNameFilter,
                                                   java.lang.String roleIdentity,
                                                   java.lang.String applicationId,
                                                   java.lang.String typeOfAccess)
                                            throws CSSException

Returns the groups that the principal can view with the role specified in this application.

The context can specify the following:

1. CSSAPIIF.DIRECT_ROLE_ONLY- if specified, only the role identity passed is considered. Else, the parent roles of the role identity passed also are considered.

To get all users associated with this application through any of the roles, please pass in CSSAPIIF.SPECIFY_ALLfor the roleIdentity argument.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

groupNameFilter -

roleIdentity -

applicationId -

typeOfAccess - - the typeOfAccess can be CSSAPIIF.ACCESS_TYPE_VIEW or CSSAPIIF.ACCESS_TYPE_MANAGE.

Returns:

CSSGroupIF[]

Throws:

CSSException

createProduct

public void createProduct(java.util.Map context,
                          java.lang.String productCode)
                   throws CSSCommunicationException,
                          CSSException

Creates product "organizational unit" in the Roles hierarchy if one doesn't exist. Pre-configured roles are then added under this "ou" in the process of adding application to a project.

Parameters:

context - - Map structure holding key-value information about locale.

productCode - - product code obtained from application instance

Throws:

CSSException

CSSCommunicationException

getRolesListForEntry

public CSSAppEntryIF[] getRolesListForEntry(java.util.Map context,
                                            CSSPrincipalIF principal,
                                            java.lang.String entryIdentity,
                                            java.lang.String[] appIds,
                                            boolean indirect)
                                     throws CSSCommunicationException,
                                            CSSException

Returns the roles that this entry is assigned to within the context of the specified applications. A CSSAuthorizationException will be thrown if the specified Indirect would not be supported for Joyce and London.

The context can specify the following:

1. CSSAPIIF.LOCALE
2. CSSAPIIF.QUERY_LIMIT- If true, it limits the scope of the operations and would not return the name, email etc. of the user or group entries. If true, then the impact in terms of faster execution of the method would be seen especially when utilized with the indirect=false settings. In this case the query would not extend to any corporate directories.

The entryIdentity will specify one of the following:

1. entryIdentity
2. CSSAPIIF.SPECIFY_ALL: Returns all the provisioned entries. Basically returns all entries that are provisoned to the applications specified.

This method will return CSSAppEntryIF[] for only valid App ID

If there are no user or group entries provisioned to an app then the corresponding CSSAppEntryIF returned would not have any associations with any users or groups - CSSAppEntryIF.getEntries() would be an empty array.
Please note that this method would not set any limits on the no of entries returned. All entries would be returned.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

entryIdentity - - the identity of the entry whose roles assignements are requested.

appIds - - the application ids array

indirect - - if true then returns the roles assigned to this entry through indirect associations such as through parent groups. This (value of true) is not supported yet.

Returns:

- the array of CSSAppEntry[] that depicts the relationship between the entries and the applications through the roles. A CSSAppEntryIF object for each app would be returned even if there are no users or groups provisioned for that app.

Throws:

CSSCommunicationException - - if there is issue communicating to the corporate or Hyperion User Directory.

CSSException - - any other abonormality

getGraphForGroupEntries

public CSSNodeIF[] getGraphForGroupEntries(java.util.Map context,
                                           CSSPrincipalIF principal,
                                           java.lang.String[] groupEntries,
                                           int level)
                                    throws CSSCommunicationException,
                                           CSSAuthorizationException,
                                           CSSException

Returns the graph of the "memberOf " relationships between groups and users with groups. Note that if an invalid group entry is passed, NO exception will be thrown, the group will be ignored in the result.

if the specified principal does not have access to the specified group identities a CSSAuthorizationException will be thrown.

The "memberOf" relationship will also be filtered based on the users and groups that the specified principal can view. For example: Group1 has Group2 and Group3 as members. Principal has access only to Group1 and Group2, then Group3 will be filtered out of the result graph.

The context can specify the following:

1. CSSAPIIF.LOCALE

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

groupEntries - - the identities of groups for which the children are to be returned in a graph.

level - - the level to recurse to. Zero specifies recurse to all levels. Not implemented in this release. The default is to recurse to return all the children irresepective of the level they are at.

Returns:

-an array of CSSNodeIF instances that can be used by the caller to build up the relationship graph. Please note that the size of the returned array would be the same or less than the size of group identities passed in. The size will be less incase the group identity is invalid.

Throws:

CSSCommunicationException - - if there is issue communicating to the corporate or Hyperion User Directory.

CSSAuthorizationException - - if the principal does not have access to the specified group identities.

CSSException - - any other abonormality

getRolesListForEntries

public CSSAppEntryIF[] getRolesListForEntries(java.util.Map context,
                                              CSSPrincipalIF principal,
                                              java.lang.String[] entryIdentities,
                                              java.lang.String[] appIds,
                                              boolean indirect)
                                       throws CSSCommunicationException,
                                              CSSAuthorizationException,
                                              CSSException

Returns the roles that these array of entries are assigned to within the context of the specified applications. A CSSAuthorizationException will be thrown if the entry identities is not accessible by the specified principal. Indirect would not be supported for Joyce.

The context can specify the following:

1. CSSAPIIF.LOCALE
2. CSSAPIIF.QUERY_LIMIT- If true, it limits the scope of the operations and would not return the name, email etc. of the user or group entries. If true, then the impact in terms of faster execution of the method would be seen especially when utilized with the indirect=false settings. In this case the query would not extend to any corporate directories.

If even one of the apps do not exist then an exception will be thrown.

If there are no user or group entries provisioned to an app then the corresponding CSSAppEntryIF returned would not have any associations with any users or groups - CSSAppEntryIF.getEntries() would be an empty array.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

entryIdentities - - the identities of the entries whose roles assignements are requested.

appIds - - the application ids array

indirect - - if true then returns the roles assigned to this entry through indirect associations such as through parent groups.

Returns:

- the array of CSSAppEntry[] that depicts the relationship between the entries and the applications through the roles. A CSSAppEntryIF object for each app would be returned even if there are no users or groups provisioned for that app.

Throws:

CSSCommunicationException - - if there is issue communicating to the corporate or Hyperion User Directory.

CSSAuthorizationException - - if the principal does not have access to the specified entry identities.

CSSException - - any other abonormality

reRegisterApplication

public void reRegisterApplication(java.util.Map context,
                                  CSSPrincipalIF principal,
                                  CSSApplicationInstance applicationInstance)
                           throws CSSException,
                                  CSSCommunicationException,
                                  CSSRollbackException

For Internal Use only - Re-registers an Application that is associated with a Project. The re-register is responsible for the following:

1. Do nothing if the application does not exists in NativeProvider.
2. Read the registration file and update version numbers for the roles of the product that this application belongs to.
3. Update the version numbers for the user defined roles of the product that this application belongs to.

This method is intended for migration purpose only.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller

applicationInstance - - the instance of CSSApplicationInstance

Throws:

CSSRollbackException - - if the application cannot be added to a project in CSS. This would signal the caller to rollback their transaction to maintain integrity between CSS and their repository. If the principal does not have the appropriate access on the project then this exception is thrown as well.

CSSException - - any other abnormality.

CSSCommunicationException

getProvisionedApps

public java.lang.String[] getProvisionedApps(java.util.Map context,
                                             CSSPrincipalIF principal,
                                             java.lang.String identity)
                                      throws CSSException

Deprecated.

Returns a string array containing application identities for all applications for which this user/grouphas been provisioned.

This will not return the HUB application as per product specific requirement. The context can specify the following:

1. CSSAPIIF.LOCALE

   Parameters:

   context - - Map structure holding key-value information about locale.

   principal - - the identity of the caller. Cannot be null.

   identity - - the identity of the user/group

   Returns:

   - An empty array if no applications are provisioned, else a string array of application ids.

   Throws:

   CSSException - -thrown when the operation is not successful.

getProvisionedApps

public java.lang.String[] getProvisionedApps(java.util.Map context,
                                             CSSPrincipalIF principal,
                                             java.lang.String identity,
                                             java.lang.String productCode)
                                      throws CSSException

Deprecated.

Returns a string array containing application identities for all applications in a product for which this user/group has been provisioned.

The context can specify the following:

1. CSSAPIIF.LOCALE

   Parameters:

   context - - Map structure holding key-value information about locale.

   principal - - the identity of the caller. Cannot be null.

   identity - - the identity of the user/group

   productCode - - The product code for which the provisioned applications are looked for.

   Returns:

   - An empty array if no applications are provisioned, else a string array of application ids.

   Throws:

   CSSException - -thrown when the operation is not successful.

getProvisionedApplications

public CSSApplicationInfoIF[] getProvisionedApplications(java.util.Map context,
                                                         CSSPrincipalIF principal,
                                                         java.lang.String identity,
                                                         java.lang.String[] productCodes)
                                                  throws CSSException

Returns an array containing CSSApplicationInfoIF objects for all applications in given products for which this user/group has been provisioned.

The context can specify the following:

1. CSSAPIIF.LOCALE

   Parameters:

   context - - Map structure holding key-value information about locale.

   principal - - the identity of the caller. Cannot be null.

   identity - - the identity of the user/group

   productCodes - - The product codes (such as HP, HFM) for which the provisioned applications are looked for. - null to get for all applications.

   Returns:

   - An empty array if no applications are provisioned, else an array of CSSApplicationInfoIF objects.

   Throws:

   CSSException - -thrown when the operation is not successful.

getDelegatedEntries

public java.lang.String[] getDelegatedEntries(java.util.Map context,
                                              CSSPrincipalIF principal,
                                              java.lang.String[] identities)
                                       throws CSSException

Returns the css identities that the principal has access to from the specified list of CSS identities. The identities can be either USER or GROUP identities. If an invalid identity is specified, it will be ignored and no invalid identity exception will be thrown.

CSSException will be thrown incase there is any trouble getting the delegated list for this principal.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

identities - - the identities of the users/groups

Returns:

- String array of identities that the principal can access. If the principal does not have access to any identities it will return an empty array. It will return null if identities parameter is null.

Throws:

CSSIllegalArgumentException - - when principal is null

CSSException

getAllProvisionedUsersInApps

public CSSUserIF[] getAllProvisionedUsersInApps(java.util.Map context,
                                                CSSPrincipalIF principal,
                                                UserSearchFilter userSrchFilter,
                                                com.hyperion.css.common.CSSRoleInfo[] rolesInfo,
                                                java.lang.String typeOfAccess)
                                         throws CSSException

Returns all the provisioned users in specified applications across providers. Note that the user will be returned if provisioned to any of the specified role in any specified application and matching the search filter passed in. Interest in a provider cannot be specified for this method. Please note that this returns all users that are provisioned to the specifed roles for these apps either directly or indirectly through group membership. In order to be associated with an application, the user has to have a role for this application.

UserSearchFilter contains user filter attributes and values like USERNAME, FIRSTNAME, LASTNAME, EMAIL, DESCRIPTION. This supports wild card search. Eg. The search for users based on *userName* should return all users matching this pattern.

When the attribute value is specified as "*" this implies that all the users in the directory need to be returned. The query can be based on any one of the above attributes.

Sample use of the application:

 UserSearchFilter userSrchFilter = new UserSearchFilter(UserFilterAttribute.FIRSTNAME, "*j*");
 String[] hubRoles = new String[]{
       		"native://DN=cn=HUB:15,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE", 
       		CSSAPIIF.ROLE_CREATE_INTEGRATIONS_IDENTITY,
       		CSSAPIIF.ROLE_PLANNING_APPLICATION_CREATOR_IDENTITY,
       		CSSAPIIF.ROLE_PLANNING_CALCULATION_MANAGER_ADMINISTRATOR_IDENTITY,
       		CSSAPIIF.ROLE_RUN_INTEGRATIONS_IDENTITY
      	};
 String[] planningRoles = new String[]{
       		"native://DN=cn=HP:0002,ou=HP,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE",
       		"native://DN=cn=HP:0003,ou=HP,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE",
       		"native://DN=cn=HP:0001,ou=HP,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE"
      	};
 CSSRoleInfo[] rolesInfo = new CSSRoleInfo[]{
       		new CSSRoleInfo("HUB:1111", hubRoles), 
       		new CSSRoleInfo("HP:HPAPP",planningRoles)
      	};
      
 CSSUserIF[] users = CSSSystem.getManager().getNativeProvider().getUsersForRolesInApps(context, 
       		principal, userSrchFilter, rolesInfo, CSSAPIIF.ACCESS_TYPE_VIEW);
 

The context can specify the following:

1. CSSAPIIF.LOCALE
2. CSSAPIIF.ENTITY_DEACTIVATE - if specified, then the deactivated users will be returned as well.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

userSrchFilter - - contains the search filter attribute and value.

typeOfAccess - - the typeOfAccess can be CSSAPIIF.ACCESS_TYPE_VIEW or CSSAPIIF.ACCESS_TYPE_MANAGE.

rolesInfo - - array of data structures which takes appId and roles array. Every rolesInfo element should specify at least one role in the roles array.

Returns:

Users that are provisioned to specified apps and any of the specified roles either directly or indirectly through group membership. Empty array is returned when a user with the specified filter does not exist.

Throws:

CSSCommunicationException - - if any of the configured provider is not reachable.

CSSException

getAllProvisionedGroupsInApps

public CSSGroupIF[] getAllProvisionedGroupsInApps(java.util.Map context,
                                                  CSSPrincipalIF principal,
                                                  GroupSearchFilter groupSrchFilter,
                                                  com.hyperion.css.common.CSSRoleInfo[] rolesInfo,
                                                  java.lang.String typeOfAccess)
                                           throws CSSException

Returns all the provisioned groups in specified applications across providers. Note that the group will be returned if provisioned to any of the specified role in any specified application and matching the search filter passed in. Interest in a provider cannot be specified for this method. Please note that this returns all groups that are provisioned to these apps and any of the specified roles either directly or indirectly through group membership.

GroupSearchFilter stores the search criteria for searching groups. Search is based on GroupFilterAttribute representing group filter attributes such as GROUPNAME / DESCRIPTION, groupFilter accepting wildcards. In order to be associated with an application, the group has to have a role for this application.

Sample use of the application:

 GroupSearchFilter groupSrchFilter = new GroupSearchFilter(GroupFilterAttribute.DESCRIPTION, "*v*");
 String[] hubRoles = new String[]{
       		"native://DN=cn=HUB:15,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE", 
       		CSSAPIIF.ROLE_CREATE_INTEGRATIONS_IDENTITY,
       		CSSAPIIF.ROLE_PLANNING_APPLICATION_CREATOR_IDENTITY,
       		CSSAPIIF.ROLE_PLANNING_CALCULATION_MANAGER_ADMINISTRATOR_IDENTITY,
       		CSSAPIIF.ROLE_RUN_INTEGRATIONS_IDENTITY
       };
       String[] planningRoles = new String[]{
       		"native://DN=cn=HP:0002,ou=HP,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE",
       		"native://DN=cn=HP:0003,ou=HP,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE",
       		"native://DN=cn=HP:0001,ou=HP,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE"
       };
       CSSRoleInfo[] rolesInfo = new CSSRoleInfo[]{
       		new CSSRoleInfo("HUB:1111", hubRoles), 
       		new CSSRoleInfo("HP:HPAPP",planningRoles)
       };
 
 CSSGroupIF[] groups = upAPI.getGroupsForRolesInApps(context, principal, groupSrchFilter, rolesInfo, CSSAPIIF.ACCESS_TYPE_VIEW);
 

The context can specify the following:

1. CSSAPIIF.LOCALE

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

groupSrchFilter - - contains the search filter attribute and value.

typeOfAccess - - the typeOfAccess can be CSSAPIIF.ACCESS_TYPE_VIEW or CSSAPIIF.ACCESS_TYPE_MANAGE.

rolesInfo - - array of data structures which takes appId and roles array. Every rolesInfo element should specify at least one role in the roles array.

Returns:

Groups that are provisioned to specified apps and any of the specified roles either directly or indirectly through group membership. Empty array is returned when a group with the specified filter does not exist.

Throws:

CSSCommunicationException - - if any of the configured provider is not reachable.

CSSException