![]() |
![]() |
|
|
T_ACLPRINCIPAL Class Definition
Overview
The T_ACLPRINCIPAL class represents users or domains that can access a BEA Tuxedo application and the group with which they are associated. To join the application as a specific user, it is necessary to present a user-specific password.
Attribute Table
Attribute |
Type |
Permissions |
Values |
Default |
---|---|---|---|---|
TA_PRINNAME( r )( * ) |
string |
rU------- |
string[1...30] |
N/A |
TA_PRINCLTNAME( k ) |
string |
rw------- |
string[1...30] |
"*" |
TA_PRINID( k ) |
long |
rU------- |
1 = num 131,072 |
lowest id |
TA_PRINGRP( k ) |
long |
rw------- |
0 = num 16,384 |
0 |
TA_PRINPASSWD |
string |
rwx------ |
string |
N/A |
TA_STATE |
string |
rw------- |
GET:"{INA}" SET:"{NEW|INV}" |
N/A N/A |
( k ) - GET key field |
VALid |
T_ACLPRINCIPAL object is defined and inactive. Note that this is the only valid state for this class. ACL principals are never active. |
NEW |
Create T_ACLPRINCIPAL object for application. State change allowed only when in the INValid state. Successful return leaves the object in the VALid state. |
unset |
Modify an existing T_ACLPRINCIPAL object. This combination is not allowed in the INValid state. Successful return leaves the object state unchanged. |
INValid |
Delete T_ACLPRINCIPAL object for application. State change allowed only when in the VALid state. Successful return leaves the object in the INValid state. |
Limitations
A user or domain can be associated with exactly one ACL group. For someone to take on more than one role or be associated with more than one group, multiple principal entries must be defined.
Diagnostics
There are two general types of errors that may be returned to the user when interfacing with ACL_MIB(5). First, any of the three ATMI verbs (tpcall(3), tpgetrply(3) and tpdequeue(3)) used to retrieve responses to administrative requests may return any error defined for them. These errors should be interpreted as described on the appropriate reference pages.
If, however, the request is successfully routed to a system service capable of satisfying the request and that service determines that there is a problem handling the request, then failure may be returned in the form of an application level service failure. In these cases, tpcall(3) and tpgetrply(3) will return an error with tperrno set to TPESVCFAIL and return a reply message containing the original request along with TA_ERROR, TA_STATUS and TA_BADFLD fields further qualifying the error as described below. When a service failure occurs for a request forwarded to the system through the TMQFORWARD(5) server, the failure reply message will be enqueued to the failure queue identified on the original request (assuming the -d option was specified for TMQFORWARD).
When a service failure occurs during processing of an administrative request, the FML32 field TA_STATUS is set to a textual description of the failure, the FML32 field TA_ERROR is set to indicate the cause of the failure as indicated below. All error codes specified below are guaranteed to be negative.
The following diagnostic codes are returned in TA_ERROR to indicate successful completion of an administrative request. These codes are guaranteed to be non-negative.
Interoperability
The header files and field tables defined in this reference page are available on BEA Tuxedo system Release 6.0 and later. Fields defined in these headers and tables will not be changed from release-to-release. New fields may be added which are not defined on the older release site. Access to the /AdminAPI is available from any site with the header files and field tables necessary to build a request. The T_ACLPRINCIPAL, T_ACLGROUP, and T_ACLPERM classes are new with BEA Tuxedo system Release 6.0.
Portability
The existing FML32 and ATMI functions necessary to support administrative interaction with BEA Tuxedo system MIBs, as well as the header file and field table defined in this reference page, are available on all supported native and workstation platforms.
Example
Following is a sequence of code fragments that adds a user to a group and adds permissions for that group to a service name.
Field Tables
The field table tpadm must be available in the environment to have access to attribute field identifiers. This can be done at the shell level as follows:
$ FIELDTBLS=tpadm
$ FLDTBLDIR=${TUXDIR}/udataobj$ export FIELDTBLS FLDTBLDIR
Header Files
The following header files are included.
#include <atmi.h>
#include <fml32.h>
#include <tpadm.h>
Add User
The following code fragment adds a user to the default group "other."
/* Allocate input and output buffers */ ibuf = tpalloc("FML32", NULL, 1000); obuf = tpalloc("FML32", NULL, 1000); /* Set MIB(5) attributes defining request type */ Fchg32(ibuf, TA_OPERATION, 0, "SET", 0); Fchg32(ibuf, TA_CLASS, 0, "T_ACLPRINCIPAL", 0); /* Set ACL_MIB(5) attributes */ Fchg32(ibuf, TA_PRINNAME, 0, ta_prinname, 0); Fchg32(ibuf, TA_PRINID, 0, (char *)ta_prinid, 0); Fchg32(ibuf, TA_STATE, 0, (char *)"NEW", 0); Fchg32(ibuf, TA_PRINPASSWD, 0, (char *)passwd, 0); /* Make the request */ if (tpcall(".TMIB", (char *)ibuf, 0, (char **)obuf, olen, 0) 0) { fprintf(stderr, "tpcall failed: %s\en", tpstrerror(tperrno)); if (tperrno == TPESVCFAIL) { Fget32(obuf, TA_ERROR, 0,(char *)ta_error, NULL); ta_status = Ffind32(obuf, TA_STATUS, 0, NULL); fprintf(stderr, "Failure: %ld, %s\en", ta_error, ta_status); } /* Additional error case processing */ }
Files
${TUXDIR}/include/tpadm.h, ${TUXDIR}/udataobj/tpadm
See Also
Fintro(3), Fadd32(3), Fchg32(3), Ffind32(3), tpalloc(3), tprealloc(3), tpcall(3), tpacall(3), tpgetrply(3), tpenqueue(3), tpdequeue(3), MIB(5), TM_MIB(5), BEA WebLogic Enterprise Administration Guide, BEA Tuxedo Programmer's Guide
![]() |
![]() |
![]() |
|
Copyright © 2000 BEA Systems, Inc. All rights reserved.
|