Skip navigation links

Oracle Fusion Middleware Java API Reference for Oracle Platform Security Services
11g Release 1 (11.1.1)

E14650-04


oracle.security.jps.service.policystore.entitymanager
Interface PermissionSetManager

All Superinterfaces:
EntityManager

public interface PermissionSetManager
extends EntityManager

An Entity Manager that offers create, read, update and delete of a PermissionSet in a persistent store.


Method Summary
 EntryReference createPermissionSet(PermissionSetEntry permSet)
          Create a PermissionSet
 void deletePermissionSet(EntryReference ref, boolean cascade)
          Delete a PermissionSet
 PermissionSetEntry getPermissionSet(java.lang.String permissionSetName)
          Get a PermissionSet by Name.
 java.util.List<PermissionSetEntry> getPermissionSets(PermissionSetSearchQuery query)
          Query PermissionSets based upon a search criteria.
 void modifyPermissionSet(EntryReference ref, javax.naming.directory.ModificationItem[] modItems)
          Modify the PermissionSet.
 void modifyPermissionSet(EntryReference ref, ResourceActionsEntry resourceActionsToAdd, ResourceActionsEntry resourceActionsToDelete)
          Modify the PermissionSet

 

Methods inherited from interface oracle.security.jps.service.policystore.entitymanager.EntityManager
resolveReference

 

Method Detail

createPermissionSet

EntryReference createPermissionSet(PermissionSetEntry permSet)
                                   throws InvalidArgumentException,
                                          PolicyStoreException
Create a PermissionSet
Parameters:
permSet - the permission set. If the following prerequisites are not satisfied, the method would throw PolicyObjectNotFoundException 1. The resource type referenced in permSet should exist at the application scope level, 2. The resource names referenced in permSet should exist at the same level at which the permissionSet is being defined. For example, if creating an PermissionSet at the application scope, then resource must exist at the application scope, and if the permissionSet is being created at a PolicyDomain level, then resource must exist in the PolicyDomain.
Returns:
a reference to the PermissionSet created.
Throws:
PolicyObjectAlreadyExistsException - if the permission set exists already
PolicyObjectNotFoundException - if the resource type or resource name referenced in the permSet does not already exist in policy store
InvalidArgumentException - if permSet is null
PolicyStoreException - if there was an error while creating the PermissionSet. For example, if the resource instance is not found in the store, a PolicyStoreException is reported.

deletePermissionSet

void deletePermissionSet(EntryReference ref,
                         boolean cascade)
                         throws InvalidArgumentException,
                                PolicyStoreException
Delete a PermissionSet
Parameters:
ref - a reference to the PermissionSet
cascade - if set to false, a check is performed to determine if there are any grants referencing this PermissionSet. If there are any grants, an exception is raised.

if set to true, any grant referencing this PermissionSet is also deleted along with this PermissionSet.

Throws:
InvalidArgumentException - if the input parameters are invalid.
PolicyStoreException - if there was an error while deleting the PermissionSet.
PolicyStoreOperationNotAllowedException - if the PermissionSet being deleted is in use and force flag is false.

modifyPermissionSet

void modifyPermissionSet(EntryReference ref,
                         ResourceActionsEntry resourceActionsToAdd,
                         ResourceActionsEntry resourceActionsToDelete)
                         throws InvalidArgumentException,
                                PolicyStoreException
Modify the PermissionSet

If there are any grants referencing this PermissionSet, the grants are also modified.

Parameters:
ref - the reference to the PermissionSet
resourceActionsToAdd - the ResourceActionsEntry to add. It can be null.
resourceActionsToDelete - the ResourceActionsEntry to remove. It can be null. If Non-null, the resourceActionsToRemove must be present in this PermissionSet.
Throws:
PolicyStoreException - if there was an error while modifying the PermissionSet.

If both resourceActionsToAdd and resourceActionsToDelete are both null an InvalidArgumentException is thrown.

InvalidArgumentException

modifyPermissionSet

void modifyPermissionSet(EntryReference ref,
                         javax.naming.directory.ModificationItem[] modItems)
                         throws InvalidArgumentException,
                                PolicyStoreException
Modify the PermissionSet.

The displayname and description of the permission can be modified by this method.

The following code fragment illustrates how to Replace the display name.

     PermissionSetManager psm; 
     String property2Change = PermissionSetEntry.Properties.PROPERTY_DISPLAY_NAME.name();
     String newValue =  "this is the new description";
     Attribute attr = new BasicAttribute ( property2Change, newValue);
     ModificationItem displayModItem = new ModificationItem ( DirContext.REPLACE_ATTRIBUTE, attr);
     ModificationItem[] allItems = new ModificationItem []{ displayModItem };
     // get psm
     psm.modifyPermissionSet ( ref, allItems );
 
Parameters:
ref - a reference to the PermissionSet
modItems - an array of modification items.
Throws:
InvalidArgumentException - if the input parameters are invalid
PolicyStoreException - if there was an error while modifying the PermissionSet.

getPermissionSet

PermissionSetEntry getPermissionSet(java.lang.String permissionSetName)
                                    throws InvalidArgumentException,
                                           PolicyObjectNotFoundException,
                                           PolicyStoreException
Get a PermissionSet by Name.
Parameters:
permissionSetName - name of the PermissionSet.
Returns:
PermissionSetEntry The permission set contains a set of Resource-Actions that constitute the PermissionSet. Every attempt is made to retrieve the display name and description of the Resource. If the resource is not found in the store, the display name and description are set to null.

If the resource is managed in an external store, it is possible the resource has been deleted without the PermissionSet being updated.

If the resoure is managed in the default store, it is also possible for the resource to have been deleted without the PermissionSet having been updated. This is possible in distributed policy environment.

Throws:
InvalidArgumentException - if permissionSetName is null or empty.
PolicyObjectNotFoundException - if PermissionSet with the name does not exist.
PolicyStoreException - if there was an error while searching for the PermissionSet.

getPermissionSets

java.util.List<PermissionSetEntry> getPermissionSets(PermissionSetSearchQuery query)
                                                     throws InvalidArgumentException,
                                                            PolicyStoreException
Query PermissionSets based upon a search criteria. To get all permission sets, use query with ANY MATCHER and null value. Query must not be null. To get all permission sets defined in the scope, set matcher to ANY and value to match to null.
Parameters:
query - search criteria, must not be null.
Returns:
PermissionSetEntry. The display name and description of the Resource is not returned by this method. Their values are set to null in the returned ResourceEntry unlike getPermissionSet(String) which attempts to lookup the description and display name of the resource. Returns an empty list if no permisison set matching the query is found.

If no permissionSets are found, an empty list is returned.

Throws:
InvalidArgumentException - if query is null.
PolicyStoreException - if there was an error while querying.

Skip navigation links

Oracle Fusion Middleware Java API Reference for Oracle Platform Security Services
11g Release 1 (11.1.1)

E14650-04


Copyright © 2011, Oracle. All rights reserved.