com.bea.ales.management
Class AdminRole

java.lang.Object
  |
  +--com.bea.ales.management.AdminRole
public class AdminRole
extends java.lang.Object

This class represents Administration Role for Scope.

Inner Class Summary
 class AdminRole.Privilege
           
 
Field Summary
static java.lang.String ACTION_MANAGE
          ACTION_MANAGE means current role can view and manage the corresponding object
static java.lang.String ACTION_VIEW
          ACTION_VIEW means current role can only view the corresponding object
static java.lang.String OBJECT_ACTION
           
static java.lang.String OBJECT_APPLICATION
           
static java.lang.String OBJECT_AUTHORIZATION_POLICY
           
static java.lang.String OBJECT_AUTHORIZATION_POLICY_REPORT
           
static java.lang.String OBJECT_CHILD_ORGANIZATION
           
static java.lang.String OBJECT_EXTENSION
           
static java.lang.String OBJECT_GROUP
           
static java.lang.String OBJECT_GROUP_MEMBERSHIP
           
static java.lang.String OBJECT_IDENTITY_DIRECTORY
           
static java.lang.String OBJECT_POLICY_DISTRIBUTION
           
static java.lang.String OBJECT_POLICY_SIMULATOR
           
static java.lang.String OBJECT_RESOURCE
           
static java.lang.String OBJECT_ROLE
           
static java.lang.String OBJECT_ROLE_POLICY
           
static java.lang.String OBJECT_ROLE_POLICY_REPORT
           
static java.lang.String OBJECT_USER
           
 
Method Summary
 AdminRoleMembershipRule createMembershipRule(java.util.List subjects, java.lang.String constraint)
          Create the membership rule for this role.
 AdminRoleMembershipRule createMembershipRule(java.lang.Object subject, java.lang.String constraint)
          Create the membership rule for this role.
 java.lang.String getDescription()
          Get the description of the AdminRole
 java.lang.String getFullyQualifiedName()
          Get the fully qualified name of this admin role
 AdminRole.Privilege[] getGrantedPrivileges()
          Get all granted privileges
 AdminRoleMembershipRule getMembershipRule(java.util.List subjects, java.lang.String constraint)
           
 AdminRoleMembershipRule[] getMembershipRules()
          Find all related membership rules
 java.lang.String getName()
          Get the name of this role
 void grantPrivilege(AdminRole.Privilege priv)
          grant privilege to the admin role
 void grantPrivilege(java.lang.String action, java.lang.String object)
          grant privilege to the admin role
 void grantPrivileges(AdminRole.Privilege[] privileges)
          grant privileges to the admin role
 boolean isPrimaryAdminRole()
          Test if this AdminRole is primary Admin Role.
 void removeMembershipRule(java.util.List subjects, java.lang.String constraint)
          Remove the membership rule which matches the given parameters.
 void removeMembershipRule(java.lang.Object subject, java.lang.String constraint)
          Remove the membership rule which matches the given parameters.
 void rename(java.lang.String newName)
          Rename the role with the given newName.
 void revokePrivilege(AdminRole.Privilege priv)
          Revoke the privilege from the admin role
 void revokePrivilege(java.lang.String action, java.lang.String object)
          Revoke the privilege from the admin role
 void revokePrivileges(AdminRole.Privilege[] privileges)
          revoke privileges to the admin role
 void setDescription(java.lang.String description)
          Set the description of this AdminRole
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ACTION_VIEW

public static final java.lang.String ACTION_VIEW
ACTION_VIEW means current role can only view the corresponding object

ACTION_MANAGE

public static final java.lang.String ACTION_MANAGE
ACTION_MANAGE means current role can view and manage the corresponding object

OBJECT_ROLE

public static final java.lang.String OBJECT_ROLE

OBJECT_RESOURCE

public static final java.lang.String OBJECT_RESOURCE

OBJECT_ACTION

public static final java.lang.String OBJECT_ACTION

OBJECT_EXTENSION

public static final java.lang.String OBJECT_EXTENSION

OBJECT_AUTHORIZATION_POLICY

public static final java.lang.String OBJECT_AUTHORIZATION_POLICY

OBJECT_ROLE_POLICY

public static final java.lang.String OBJECT_ROLE_POLICY

OBJECT_AUTHORIZATION_POLICY_REPORT

public static final java.lang.String OBJECT_AUTHORIZATION_POLICY_REPORT

OBJECT_ROLE_POLICY_REPORT

public static final java.lang.String OBJECT_ROLE_POLICY_REPORT

OBJECT_POLICY_SIMULATOR

public static final java.lang.String OBJECT_POLICY_SIMULATOR

OBJECT_POLICY_DISTRIBUTION

public static final java.lang.String OBJECT_POLICY_DISTRIBUTION

OBJECT_CHILD_ORGANIZATION

public static final java.lang.String OBJECT_CHILD_ORGANIZATION

OBJECT_APPLICATION

public static final java.lang.String OBJECT_APPLICATION

OBJECT_IDENTITY_DIRECTORY

public static final java.lang.String OBJECT_IDENTITY_DIRECTORY

OBJECT_USER

public static final java.lang.String OBJECT_USER

OBJECT_GROUP

public static final java.lang.String OBJECT_GROUP

OBJECT_GROUP_MEMBERSHIP

public static final java.lang.String OBJECT_GROUP_MEMBERSHIP
Method Detail

grantPrivileges

public void grantPrivileges(AdminRole.Privilege[] privileges)
                     throws ManagementException
grant privileges to the admin role

Parameters:
privileges - the privilege list to be granted
Throws:
ManagementException - if the operation fails

grantPrivilege

public void grantPrivilege(java.lang.String action,
                           java.lang.String object)
                    throws ManagementException
grant privilege to the admin role

Parameters:
action -  
object -  
Throws:
ManagementException - if the operation fails

grantPrivilege

public void grantPrivilege(AdminRole.Privilege priv)
                    throws ManagementException
grant privilege to the admin role

Parameters:
priv - the privilege to be grant
Throws:
ManagementException - if the operation fails

revokePrivileges

public void revokePrivileges(AdminRole.Privilege[] privileges)
                      throws ManagementException
revoke privileges to the admin role

Parameters:
privileges - the privilege list to be revoked
Throws:
ManagementException - if the operation fails

revokePrivilege

public void revokePrivilege(java.lang.String action,
                            java.lang.String object)
                     throws ManagementException
Revoke the privilege from the admin role

Parameters:
action -  
object -  
Throws:
ManagementException - if the operation fails

revokePrivilege

public void revokePrivilege(AdminRole.Privilege priv)
                     throws ManagementException
Revoke the privilege from the admin role

Parameters:
priv -  
Throws:
ManagementException - if the operation fails

getGrantedPrivileges

public AdminRole.Privilege[] getGrantedPrivileges()
                                           throws ManagementException
Get all granted privileges

Returns:
a list of privileges
Throws:
ManagementException - if the operation fails

createMembershipRule

public AdminRoleMembershipRule createMembershipRule(java.lang.Object subject,
                                                    java.lang.String constraint)
                                             throws java.lang.IllegalArgumentException,
                                                    ManagementException
Create the membership rule for this role. This is convenient method to create the none delegate membership ship rule.

Parameters:
subject - subject of the membership rule. One of possible type of subject is User or Group. If it is null or incorrect type, an IllegalArgumentException will be thrown.
constraint - constraint of the membership rule. The constraint is a series of boolean operations over attribute values which can be used to further limit the applicability of membership rule.
Returns:
the new created membership rule.
Throws:
java.lang.IllegalArgumentException - if one of parameters is invalid.
ManagementException - if failed to create the membership rule.

createMembershipRule

public AdminRoleMembershipRule createMembershipRule(java.util.List subjects,
                                                    java.lang.String constraint)
                                             throws java.lang.IllegalArgumentException,
                                                    ManagementException
Create the membership rule for this role. This is convenient method to create the none delegate membership ship rule.

Parameters:
subjects - list of subjects. If the list is null or empty, an IllegalArgumentException will be thrown. One of possible type of subject is User or Group. If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.
constraint - constraint of the membership rule. The constraint is a series of boolean operations over attribute values which can be used to further limit the applicability of membership rule.
Returns:
the new created membership rule.
Throws:
java.lang.IllegalArgumentException - if one of parameters is invalid.
ManagementException - if failed to create the membership rule.

removeMembershipRule

public void removeMembershipRule(java.lang.Object subject,
                                 java.lang.String constraint)
                          throws java.lang.IllegalArgumentException,
                                 ManagementException
Remove the membership rule which matches the given parameters.

Parameters:
subject - subject of the membership rule. One of possible type of subject is User or Group. If it is null or incorrect type, an IllegalArgumentException will be thrown.
constraint - constraint of authorization policy. The constraint is a series of boolean operations over attribute values which can be used to further limit the applicability of the membership rule.
Throws:
java.lang.IllegalArgumentException - if one of parameters is invalid.
ManagementException - if failed to remove the membership rule.

removeMembershipRule

public void removeMembershipRule(java.util.List subjects,
                                 java.lang.String constraint)
                          throws java.lang.IllegalArgumentException,
                                 ManagementException
Remove the membership rule which matches the given parameters.

Parameters:
subjects - list of subjects. If the list is null or empty, an IllegalArgumentException will be thrown. One of possible type of subject is User or Group. If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.
constraint - constraint of authorization policy. The constraint is a series of boolean operations over attribute values which can be used to further limit the applicability of the membership rule.
Throws:
java.lang.IllegalArgumentException - if one of parameters is invalid.
ManagementException - if failed to remove the membership rule.

getMembershipRules

public AdminRoleMembershipRule[] getMembershipRules()
                                             throws java.lang.IllegalArgumentException,
                                                    ManagementException
Find all related membership rules

Returns:
a set of membership rules
Throws:
ManagementException - if the operation fails

getMembershipRule

public AdminRoleMembershipRule getMembershipRule(java.util.List subjects,
                                                 java.lang.String constraint)
                                          throws java.lang.IllegalArgumentException,
                                                 ManagementException

Parameters:
subjects - list of subjects. If the list is null or empty, an IllegalArgumentException will be thrown. One of possible type of subject is User or Group. If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.
constraint - constraint of authorization policy. The constraint is a series of boolean operations over attribute values which can be used to further limit the applicability of the membership rule.
Returns:
the Admin Role membership rule found
Throws:
java.lang.IllegalArgumentException -  
ManagementException -  

rename

public void rename(java.lang.String newName)
            throws ManagementException
Rename the role with the given newName.

Parameters:
newName - the new name desired.
Throws:
ManagementException - if the operation fails.

getFullyQualifiedName

public java.lang.String getFullyQualifiedName()
                                       throws ManagementException
Get the fully qualified name of this admin role

Returns:
the fully qualified name of this admin role.
Throws:
ManagementException - if the operation fails

getName

public java.lang.String getName()
                         throws ManagementException
Get the name of this role

Returns:
the name of this role.
Throws:
ManagementException - if the operation fails

getDescription

public java.lang.String getDescription()
                                throws ManagementException
Get the description of the AdminRole

Returns:
a string description for the AdminRole
Throws:
ManagementException - if the operation fails

setDescription

public void setDescription(java.lang.String description)
                    throws ManagementException
Set the description of this AdminRole

Parameters:
description - the description to set
Throws:
ManagementException - if the operation fails

isPrimaryAdminRole

public boolean isPrimaryAdminRole()
                           throws ManagementException
Test if this AdminRole is primary Admin Role. A primary Admin Role is created by default when scope created, which could not be renamed or removed. Its rights could not be more than parent scope's primary Admin Role. Its rights could be modified only by user with parent scope's primary Admin Role. All other Admin Roles, called secondary Admin Role, could not have more rights than primary Admin Role of same Scope.

Returns:
 
Throws:
ManagementException -  
Copyright © 2004-2008, Oracle and/or its affiliates. All rights reserved.