Skip navigation links


oracle.iam.identity.rolemgmt.api
Interface RoleManager


public interface RoleManager

The RoleManager API exposes the methods to manage roles.


Method Summary
 RoleManagerResult addRoleRelationship(java.lang.String parentAttrName, java.lang.Object parentAttrValue, java.lang.String childAttrName, java.lang.Object childAttrValue)
          Add a direct relationship between two roles.
 RoleManagerResult addRoleRelationship(java.lang.String roleParentKey, java.lang.String roleChildKey)
          Add a direct relationship between two roles.
 RoleManagerResult create(Role role)
          This method creates a role in the back end data store
 RoleManagerResult delete(java.util.Set roleKeys)
          Bulk delete operation.
 RoleManagerResult delete(java.lang.String roleKey)
          Delete the role.
 RoleManagerResult delete(java.lang.String attributeName, java.lang.Object attributeValue)
          This method deletes a role based on a search criteria
 Role getDetails(java.lang.String attributeName, java.lang.Object attributeValue, java.util.Set retAttrs)
          This method return the role details for a role based on a search criteria
 Role getDetails(java.lang.String roleKey, java.util.Set retAttrs)
          Returns the profile details of the specified role.
 java.util.List getDirectRoleChildren(java.lang.String roleParentKey, java.util.Set retAttrs, java.util.Map configParams)
          Retrieve the roles direct children of the given role.
 java.util.List getDirectRoleParents(java.lang.String roleChildKey, java.util.Set retAttrs, java.util.Map configParams)
          Retrieve the roles who are the direct parents of the given role.
 java.util.List getRoleChildren(java.lang.String roleParentKey, boolean directAndIndirect)
          Retrieve the roles children of the given role.
 Relationship getRoleGrantDetails(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue, java.util.Set retAttrs)
          Lookup the attributes of a role grant.
 Relationship getRoleGrantDetails(java.lang.String roleKey, java.lang.String userKey, java.util.Set retAttrs)
          Lookup the attributes of a role grant.
 java.util.List getRoleIndirectMembers(java.lang.String roleKey, oracle.iam.platform.entitymgr.vo.SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams)
          Retrieve the users indirect members of the given role matching the specified SearchCriteria.
 java.util.List getRoleMembers(java.lang.String roleKey, boolean directAndIndirect)
          Retrieve all the users members of the given role.
 java.util.List getRoleMembers(java.lang.String roleKey, oracle.iam.platform.entitymgr.vo.SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams, boolean directAndIndirect)
          Retrieve the users members of the given role matching the specified SearchCriteria.
 java.util.List getRoleParents(java.lang.String roleChildKey, boolean directAndIndirect)
          Retrieve the roles who are the parents of the given role.
 Relationship getRoleRelationshipDetails(java.lang.String parentAttrName, java.lang.Object parentAttrValue, java.lang.String childAttrName, java.lang.Object childAttrValue, java.util.Set retAttrs)
          Lookup the attributes of a role relationship.
 Relationship getRoleRelationshipDetails(java.lang.String roleParentKey, java.lang.String roleChildKey, java.util.Set retAttrs)
          Lookup the attributes of a role relationship.
 java.util.List getUnassignedRoleMembers(java.lang.String roleKey)
          Retrieve all the users that are not direct members of the given role.
 java.util.List getUnassignedRoleMembers(java.lang.String roleKey, oracle.iam.platform.entitymgr.vo.SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams)
          Retrieve all the users that are not direct members of the given role matching the specified.
 java.util.List getUnassignedUserMemberships(java.lang.String userKey, oracle.iam.platform.entitymgr.vo.SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams)
          Retrieve all the roles that are not direct memberships of the given user matching the specified SearchCriteria.
 java.util.List getUserMemberships(java.lang.String userKey, boolean directAndIndirect)
          Retrieve all the roles that the user is a member of.
 java.util.List getUserMemberships(java.lang.String userKey, oracle.iam.platform.entitymgr.vo.SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams, boolean directAndIndirect)
          Retrieve the roles of the given user matching the specified SearchCriteria.
 RoleManagerResult grantRole(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue)
          Grant the role identified to the specified user/s based on the search criteria.
 RoleManagerResult grantRole(java.lang.String roleKey, java.util.Set userKeys)
          Grant the role identified by roleKey to the specified user/s.
 RoleManagerResult grantRole(java.lang.String roleKey, java.util.Set userKeys, boolean evaluatePolicies)
          Grant the role identified by roleKey to the specified user/s.
 RoleManagerResult grantRoles(java.lang.String userKey, java.util.Set roleKeys)
          Grant the roles identified by roleKeys to the specified user.
 boolean isRoleGranted(java.lang.String roleKey, java.lang.String userKey, boolean directAndIndirect)
          Return true if the user has the role granted.
 boolean isRoleParent(java.lang.String parentRoleKey, java.lang.String roleChildKey, boolean directAndIndirect)
          Return true if the role has the given parent.
 RoleManagerResult modify(Role role)
          This method updates the existing role having key 'roleKey' with the values specified.
 RoleManagerResult modify(java.util.Set roleKeys, Role role)
          Modifies roles in bulk.
 RoleManagerResult modify(java.lang.String attributeName, java.lang.Object attributeValue, Role role)
          This method modifies the role details for a role based on a search criteria
 RoleManagerResult removeRoleRelationship(java.lang.String parentAttrName, java.lang.Object parentAttrValue, java.lang.String childAttrName, java.lang.Object childAttrValue)
          Remove a direct relationship between two roles.
 RoleManagerResult removeRoleRelationship(java.lang.String roleParentKey, java.lang.String roleChildKey)
          Remove a direct relationship between two roles.
 RoleManagerResult revokeRoleGrant(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue)
          Revoke the role for the specified user/s based on the search criteria.
 RoleManagerResult revokeRoleGrant(java.lang.String roleKey, java.util.Set userKeys)
          Revoke the role identified by roleKey to the specified user/s.
 RoleManagerResult revokeRoleGrant(java.lang.String roleKey, java.util.Set userKeys, boolean evaluatePolicies)
          Revoke the role identified by roleKey to the specified user/s.
 RoleManagerResult revokeRoleGrants(java.lang.String userKey, java.util.Set roleKeys)
          Revoke the roles identified by roleKeys to the specified user.
 java.util.List search(oracle.iam.platform.entitymgr.vo.SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams)
          Searches for roles matching the specified SearchCriteria.
 void updateEntityDefinition()
          This method updates UDF entry in Role.xml in MDS repository.
 RoleManagerResult updateRoleGrant(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue, java.util.Map args)
          Update a role grant.
 RoleManagerResult updateRoleGrant(java.lang.String roleKey, java.lang.String userKey, java.util.Map args)
          Update a role grant.
 RoleManagerResult updateRoleRelationship(java.lang.String parentAttrName, java.lang.Object parentAttrValue, java.lang.String childAttrName, java.lang.Object childAttrValue, java.util.Map args)
          Update a relationship between two roles.
 RoleManagerResult updateRoleRelationship(java.lang.String roleKey, java.lang.String roleChildKey, java.util.Map args)
          Update a relationship between two roles.

 

Method Detail

create

RoleManagerResult create(Role role)
                         throws ValidationFailedException,
                                oracle.iam.platform.authz.exception.AccessDeniedException,
                                RoleAlreadyExistsException,
                                RoleCreateException
This method creates a role in the back end data store
Parameters:
role - The attributes and values for this role.
Returns:
RoleManagerResult containing the entity id of the role created in the database.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleAlreadyExistsException - if the role already exists.
RoleCreateException - if the orchestration fails for the create operation.

modify

RoleManagerResult modify(Role role)
                         throws ValidationFailedException,
                                oracle.iam.platform.authz.exception.AccessDeniedException,
                                RoleModifyException,
                                NoSuchRoleException
This method updates the existing role having key 'roleKey' with the values specified.
Parameters:
role - The attributes and values to update the role with.
Returns:
RoleManagerResult containing the entity id of the role updated in the database.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleModifyException - if the orchestration fails for modify operation.
NoSuchRoleException - if the role with given key is not found.

modify

RoleManagerResult modify(java.lang.String attributeName,
                         java.lang.Object attributeValue,
                         Role role)
                         throws ValidationFailedException,
                                oracle.iam.platform.authz.exception.AccessDeniedException,
                                RoleModifyException,
                                NoSuchRoleException,
                                SearchKeyNotUniqueException,
                                RoleLookupException
This method modifies the role details for a role based on a search criteria
Parameters:
attributeName - The attribute name for the search criteria
attributeValue - The attribute value for the search criteria
role - The attributes and values to update the role with.
Returns:
RoleManagerResult containing the entity id of the role updated in database
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleModifyException - if the orchestration fails for modify operation.
NoSuchRoleException - if the role with given search criteria is not found.
SearchKeyNotUniqueException - if there is more than one role of the search criteria
RoleLookupException

delete

RoleManagerResult delete(java.lang.String attributeName,
                         java.lang.Object attributeValue)
                         throws SearchKeyNotUniqueException,
                                ValidationFailedException,
                                oracle.iam.platform.authz.exception.AccessDeniedException,
                                RoleDeleteException,
                                NoSuchRoleException,
                                RoleLookupException
This method deletes a role based on a search criteria
Parameters:
attributeName - The attribute name for the search criteria
attributeValue - The attribute value for the search criteria
Returns:
RoleManagerResult containing the entity id of the role deleted in the database.
Throws:
SearchKeyNotUniqueException - if there is more than one role of the search criteria
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleDeleteException - if the orchestration fails for delete operation.
NoSuchRoleException - if the role with given search criteria is not found.
RoleLookupException

modify

RoleManagerResult modify(java.util.Set roleKeys,
                         Role role)
                         throws ValidationFailedException,
                                oracle.iam.platform.authz.exception.AccessDeniedException,
                                RoleModifyException,
                                NoSuchRoleException
Modifies roles in bulk. The profile of all roles whose key is in roleKeys set are updated with value of all bulk modifiable attribute specified in the map.
Parameters:
roleKeys - The keys of the roles whose profiles are to be updated.
role - The common set of attributes and values to update the roles with.
Returns:
RoleManagerResult containing the set of success and failure results. Each failure result has a reason for failure associated with it.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleModifyException - if the orchestration fails for modify operation.
NoSuchRoleException - if the role with given key is not found.

delete

RoleManagerResult delete(java.lang.String roleKey)
                         throws ValidationFailedException,
                                oracle.iam.platform.authz.exception.AccessDeniedException,
                                RoleDeleteException,
                                NoSuchRoleException
Delete the role. This is a hard delete operation and will remove the role from the data store.
Parameters:
roleKey - The key of the role to be deleted.
Returns:
RoleManagerResult containing the entity id of the role deleted in the database.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleDeleteException - if the orchestration fails for delete operation.
NoSuchRoleException - if the role with given key is not found.

delete

RoleManagerResult delete(java.util.Set roleKeys)
                         throws ValidationFailedException,
                                oracle.iam.platform.authz.exception.AccessDeniedException,
                                RoleDeleteException,
                                NoSuchRoleException
Bulk delete operation. It will delete all the specified roles.
Parameters:
roleKeys - The keys of the roles to be deleted.
Returns:
RoleManagerResult containing the set of success and failure results. Each failure result has a reason for failure associated with it.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleDeleteException - if the orchestration fails for delete operation.
NoSuchRoleException - if the role with given key is not found.

getDetails

Role getDetails(java.lang.String roleKey,
                java.util.Set retAttrs)
                throws oracle.iam.platform.authz.exception.AccessDeniedException,
                       NoSuchRoleException,
                       RoleLookupException
Returns the profile details of the specified role.
Parameters:
roleKey - The key of the role who's details are required.
retAttrs - The set of attributes which are to be returned for each role.
Returns:
If the role exists then an 'Role' object containing all the retAttrs of the role is returned otherwise NoSuchRoleException exception is thrown.
Throws:
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
NoSuchRoleException
RoleLookupException

search

java.util.List search(oracle.iam.platform.entitymgr.vo.SearchCriteria criteria,
                      java.util.Set retAttrs,
                      java.util.Map configParams)
                      throws oracle.iam.platform.authz.exception.AccessDeniedException,
                             RoleSearchException
Searches for roles matching the specified SearchCriteria.
Parameters:
criteria - The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL and NOT_EQUAL. For additional comparisons like contains the SearchCriteria Operator will be EQUAL with value to be searched will be '*<value>*'
retAttrs - The set of attributes which are to be returned for each role.
configParams - Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.

The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched. These parameters are mandatory.

The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to 'User Login' by default.

The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.

Returns:
the list of roles which matched the search criteria. This list is filtered based on the attribute and entity permissions of the logged-in user.
Throws:
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleSearchException - if there is an exception while doing the search

getDetails

Role getDetails(java.lang.String attributeName,
                java.lang.Object attributeValue,
                java.util.Set retAttrs)
                throws SearchKeyNotUniqueException,
                       oracle.iam.platform.authz.exception.AccessDeniedException,
                       NoSuchRoleException,
                       RoleLookupException
This method return the role details for a role based on a search criteria
Parameters:
attributeName - - The attribute name for the search criteria
attributeValue - - The attribute value for the search criteria
retAttrs - - The attributes to be returned for the role
Returns:
- The role that matches the search criteria
Throws:
SearchKeyNotUniqueException - if there is more than one role of the search criteria
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleSearchException - if there is an exception while doing the search
NoSuchRoleException - if the role with given search criteria is not found
RoleLookupException

grantRole

RoleManagerResult grantRole(java.lang.String roleKey,
                            java.util.Set userKeys)
                            throws ValidationFailedException,
                                   oracle.iam.platform.authz.exception.AccessDeniedException,
                                   RoleGrantException
Grant the role identified by roleKey to the specified user/s.
Parameters:
roleKey - The key of the role to be granted.
userKeys - The keys of the user to whom to grant the role.
Returns:
RoleManagerResult containing the set of success and failure results. Each failure result has a reason for failure associated with it.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleGrantException - If operation fails.

grantRole

RoleManagerResult grantRole(java.lang.String roleKey,
                            java.util.Set userKeys,
                            boolean evaluatePolicies)
                            throws ValidationFailedException,
                                   oracle.iam.platform.authz.exception.AccessDeniedException,
                                   RoleGrantException
Grant the role identified by roleKey to the specified user/s.
Parameters:
roleKey - The key of the role to be granted.
userKeys - The keys of the user to whom to grant the role.
evaluatePolicies - Boolean to indicate whether to evaluate policies or not when user is granted to the role
Returns:
RoleManagerResult containing the set of success and failure results. Each failure result has a reason for failure associated with it.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleGrantException - If operation fails.

revokeRoleGrant

RoleManagerResult revokeRoleGrant(java.lang.String roleKey,
                                  java.util.Set userKeys)
                                  throws ValidationFailedException,
                                         oracle.iam.platform.authz.exception.AccessDeniedException,
                                         RoleGrantRevokeException
Revoke the role identified by roleKey to the specified user/s.
Parameters:
roleKey - The key of the role to be revoked.
userKeys - The keys of the user to whom to revoke the role.
Returns:
RoleManagerResult containing the set of success and failure results. Each failure result has a reason for failure associated with it.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleGrantRevokeException - If operation fails.

revokeRoleGrant

RoleManagerResult revokeRoleGrant(java.lang.String roleKey,
                                  java.util.Set userKeys,
                                  boolean evaluatePolicies)
                                  throws ValidationFailedException,
                                         oracle.iam.platform.authz.exception.AccessDeniedException,
                                         RoleGrantRevokeException
Revoke the role identified by roleKey to the specified user/s.
Parameters:
roleKey - The key of the role to be revoked.
userKeys - The keys of the user to whom to revoke the role.
evaluatePolicies - Boolean to indicate whether to evaluate policies or not when user is revoked from the role
Returns:
RoleManagerResult containing the set of success and failure results. Each failure result has a reason for failure associated with it.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleGrantRevokeException - If operation fails.

getRoleGrantDetails

Relationship getRoleGrantDetails(java.lang.String roleKey,
                                 java.lang.String userKey,
                                 java.util.Set retAttrs)
                                 throws oracle.iam.platform.authz.exception.AccessDeniedException,
                                        NoSuchRoleGrantException,
                                        RoleGrantLookupException
Lookup the attributes of a role grant.
Parameters:
roleKey - The key of the role whose grant we are looking up.
userKey - The key of the user whose grant we are looking up.
retAttrs - The attributes to lookup.
Returns:
Relationship containing the attributes of the role grant.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleGrantLookupException - If operation fails.
NoSuchRoleGrantException - If the grant doesn't exist

grantRoles

RoleManagerResult grantRoles(java.lang.String userKey,
                             java.util.Set roleKeys)
                             throws ValidationFailedException,
                                    oracle.iam.platform.authz.exception.AccessDeniedException,
                                    RoleGrantException
Grant the roles identified by roleKeys to the specified user.
Parameters:
userKey - The key of the user to whom to grant the roles.
roleKeys - The keys of roles to be granted.
Returns:
RoleManagerResult containing the set of success and failure results. Each failure result has a reason for failure associated with it.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleGrantException - If operation fails.

revokeRoleGrants

RoleManagerResult revokeRoleGrants(java.lang.String userKey,
                                   java.util.Set roleKeys)
                                   throws ValidationFailedException,
                                          oracle.iam.platform.authz.exception.AccessDeniedException,
                                          RoleGrantRevokeException
Revoke the roles identified by roleKeys to the specified user.
Parameters:
userKey - The key of the user to whom to revoke the roles.
roleKeys - The keys of the roles to be revoked.
Returns:
RoleManagerResult containing the set of success and failure results. Each failure result has a reason for failure associated with it.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleGrantRevokeException - If operation fails.

updateRoleGrant

RoleManagerResult updateRoleGrant(java.lang.String roleKey,
                                  java.lang.String userKey,
                                  java.util.Map args)
                                  throws ValidationFailedException,
                                         oracle.iam.platform.authz.exception.AccessDeniedException,
                                         RoleGrantUpdateException,
                                         NoSuchRoleGrantException
Update a role grant.
Parameters:
roleKey - The key of the role whose grant we are updating.
userKey - The key of the user whose grant we are updating.
args - The attributes and values to update the role grant with.
Returns:
RoleManagerResult containing the status of the operation.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleGrantUpdateException - If operation fails.
RoleGrantUpdateException - If the role grant doesn't exist
NoSuchRoleGrantException

getRoleMembers

java.util.List getRoleMembers(java.lang.String roleKey,
                              boolean directAndIndirect)
                              throws oracle.iam.platform.authz.exception.AccessDeniedException,
                                     RoleMemberException
Retrieve all the users members of the given role. Note that this API only checks for direct and indirect memberships based on the directAndIndirect flag.
Parameters:
roleKey - The key of the role whose members we are looking up.
directAndIndirect - The flag used to lookup the role members either directly or indirectly.
Returns:
the list of users that are members of the given role.
Throws:
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleMemberException - If operation fails.

getRoleMembers

java.util.List getRoleMembers(java.lang.String roleKey,
                              oracle.iam.platform.entitymgr.vo.SearchCriteria criteria,
                              java.util.Set retAttrs,
                              java.util.Map configParams,
                              boolean directAndIndirect)
                              throws oracle.iam.platform.authz.exception.AccessDeniedException,
                                     RoleMemberException
Retrieve the users members of the given role matching the specified SearchCriteria.
Parameters:
roleKey - The key of the role whose members we are looking up.
criteria - The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL and NOT_EQUAL. For additional comparisons like contains the SearchCriteria Operator will be EQUAL with value to be searched will be '*<value>*'
retAttrs - The set of attributes which are to be returned for each user.
configParams - Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.

The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched. These parameters are mandatory.

The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to 'User Login' by default.

The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.

directAndIndirect - if the directAndIndirect is false returns only direct assigned members to role which are matched with search criteria.if the directAndIndirect is true returns direct and indirect assigned members of given role which are matched with search criteria.
Returns:
the list of users that are members of the given role which matched the search criteria. This list is filtered based on the attribute and entity permissions of the logged-in user.
Throws:
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleMemberException - If operation fails.

getRoleIndirectMembers

java.util.List getRoleIndirectMembers(java.lang.String roleKey,
                                      oracle.iam.platform.entitymgr.vo.SearchCriteria criteria,
                                      java.util.Set retAttrs,
                                      java.util.Map configParams)
                                      throws oracle.iam.platform.authz.exception.AccessDeniedException,
                                             RoleMemberException
Retrieve the users indirect members of the given role matching the specified SearchCriteria.
Parameters:
roleKey - The key of the role whose indirect members we are looking up.
criteria - The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL and NOT_EQUAL. For additional comparisons like contains the SearchCriteria Operator will be EQUAL with value to be searched will be '*<value>*'
retAttrs - The set of attributes which are to be returned for each user.
configParams - Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.

The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched. These parameters are mandatory.

The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to 'User Login' by default.

The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.

Returns:
Throws:
oracle.iam.platform.authz.exception.AccessDeniedException
RoleMemberException

getUnassignedRoleMembers

java.util.List getUnassignedRoleMembers(java.lang.String roleKey)
                                        throws oracle.iam.platform.authz.exception.AccessDeniedException,
                                               RoleMemberException
Retrieve all the users that are not direct members of the given role. Note that this API only checks for direct memberships.
Parameters:
roleKey - The key of the role whose not members we are looking up.
Returns:
the list of users that are not members of the given role.
Throws:
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleMemberException - If operation fails.

getUnassignedRoleMembers

java.util.List getUnassignedRoleMembers(java.lang.String roleKey,
                                        oracle.iam.platform.entitymgr.vo.SearchCriteria criteria,
                                        java.util.Set retAttrs,
                                        java.util.Map configParams)
                                        throws oracle.iam.platform.authz.exception.AccessDeniedException,
                                               RoleMemberException
Retrieve all the users that are not direct members of the given role matching the specified.
Parameters:
roleKey - The key of the role whose not direct members we are looking up.
criteria - The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL and NOT_EQUAL. For additional comparisons like contains the SearchCriteria Operator will be EQUAL with value to be searched will be '*<value>*'
retAttrs - The set of attributes which are to be returned for each user.
configParams - Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.

The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched. These parameters are mandatory.

The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to 'User Login' by default.

The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.

Returns:
the list of users that are members of the given role which matched the search criteria. This list is filtered based on the attribute and entity permissions of the logged-in user.
Throws:
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleMemberException - If operation fails.

isRoleGranted

boolean isRoleGranted(java.lang.String roleKey,
                      java.lang.String userKey,
                      boolean directAndIndirect)
                      throws oracle.iam.platform.authz.exception.AccessDeniedException,
                             UserMembershipException
Return true if the user has the role granted. Note that this API only checks for direct and indirect memberships based on the directAndIndirect flag.
Parameters:
roleKey - The key of the role whose memberships we are looking up.
userKey - The key of the user whose memberships we are looking up.
directAndIndirect - if true, checks for direct and indirect memberships.
Returns:
true if the user had the role granted.
Throws:
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
UserMembershipException - If operation fails.

getUserMemberships

java.util.List getUserMemberships(java.lang.String userKey,
                                  boolean directAndIndirect)
                                  throws oracle.iam.platform.authz.exception.AccessDeniedException,
                                         UserMembershipException
Retrieve all the roles that the user is a member of. Note that this API only checks for direct and indirect memberships based on the directAndIndirect flag.
Parameters:
userKey - The key of the user whose memberships we are looking up.
directAndIndirect - The flag used to lookup the user memberships either directly or indirectly.
Returns:
the list of roles that are granted to the given user.
Throws:
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
UserMembershipException - If operation fails.

getUserMemberships

java.util.List getUserMemberships(java.lang.String userKey,
                                  oracle.iam.platform.entitymgr.vo.SearchCriteria criteria,
                                  java.util.Set retAttrs,
                                  java.util.Map configParams,
                                  boolean directAndIndirect)
                                  throws oracle.iam.platform.authz.exception.AccessDeniedException,
                                         UserMembershipException
Retrieve the roles of the given user matching the specified SearchCriteria. Note that this API only checks for direct and indirect memberships based on the directAndIndirect flag.
Parameters:
userKey - The key of the user whose memberships we are looking up.
criteria - The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL and NOT_EQUAL. For additional comparisons like contains the SearchCriteria Operator will be EQUAL with value to be searched will be '*<value>*'
retAttrs - The set of attributes which are to be returned for each role.
configParams - Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.

The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched. These parameters are mandatory.

The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to 'User Login' by default.

The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.

directAndIndirect - The flag used to lookup the user memberships either directly or indirectly.
Returns:
the list of roles that are granted to the given user.
Throws:
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
UserMembershipException - If operation fails.

getUnassignedUserMemberships

java.util.List getUnassignedUserMemberships(java.lang.String userKey,
                                            oracle.iam.platform.entitymgr.vo.SearchCriteria criteria,
                                            java.util.Set retAttrs,
                                            java.util.Map configParams)
                                            throws oracle.iam.platform.authz.exception.AccessDeniedException,
                                                   UserMembershipException
Retrieve all the roles that are not direct memberships of the given user matching the specified SearchCriteria.
Parameters:
userKey - The key of the user whose not direct memberships we are looking up.
criteria - The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL and NOT_EQUAL. For additional comparisons like contains the SearchCriteria Operator will be EQUAL with value to be searched will be '*<value>*'
retAttrs - The set of attributes which are to be returned for each role.
configParams - Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.

The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched. These parameters are mandatory.

The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to 'User Login' by default.

The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.

Returns:
the list of roles that are granted to the given user.
Throws:
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
UserMembershipException - If operation fails.

addRoleRelationship

RoleManagerResult addRoleRelationship(java.lang.String roleParentKey,
                                      java.lang.String roleChildKey)
                                      throws ValidationFailedException,
                                             oracle.iam.platform.authz.exception.AccessDeniedException,
                                             RoleRelationshipException
Add a direct relationship between two roles.
Parameters:
roleParentKey - The key of the parent role in the relationship that we are creating.
roleChildKey - The key of the child role in the relationship that we are creating.
Returns:
RoleManagerResult containing the status of the operation.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleRelationshipException - If operation fails.

removeRoleRelationship

RoleManagerResult removeRoleRelationship(java.lang.String roleParentKey,
                                         java.lang.String roleChildKey)
                                         throws ValidationFailedException,
                                                oracle.iam.platform.authz.exception.AccessDeniedException,
                                                RoleRelationshipRemoveException
Remove a direct relationship between two roles.
Parameters:
roleParentKey - The key of the parent role in the relationship that we are deleting.
roleChildKey - The key of the child role in the relationship that we are deleting.
Returns:
RoleManagerResult containing the status of the operation.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleRelationshipRemoveException - If operation fails.

getRoleRelationshipDetails

Relationship getRoleRelationshipDetails(java.lang.String roleParentKey,
                                        java.lang.String roleChildKey,
                                        java.util.Set retAttrs)
                                        throws oracle.iam.platform.authz.exception.AccessDeniedException,
                                               NoSuchRoleRelationshipException,
                                               RoleRelationshipLookupException
Lookup the attributes of a role relationship.
Parameters:
roleParentKey - The key of the parent role in the relationship we are looking up.
userKey - The key of the child role in the relationship we are looking up.
retAttrs - The attributes to lookup.
Returns:
Relationship containing the attributes of the role relationship.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleRelationshipLookupException - If operation fails.
NoSuchRoleRelationshipException - If the role relationship doesn't exist

updateRoleRelationship

RoleManagerResult updateRoleRelationship(java.lang.String roleKey,
                                         java.lang.String roleChildKey,
                                         java.util.Map args)
                                         throws ValidationFailedException,
                                                oracle.iam.platform.authz.exception.AccessDeniedException,
                                                RoleRelationshipUpdateException,
                                                NoSuchRoleRelationshipException
Update a relationship between two roles.
Parameters:
roleKey - The key of the parent role in the relationship that we are updating.
roleChildKey - The key of the child role in the relationship that we are updating.
args - The attributes and values to update the role relationship with.
Returns:
RoleManagerResult containing the status of the operation.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleRelationshipUpdateException - If operation fails.
NoSuchRoleRelationshipException - If the relationship doesn't exist

getRoleChildren

java.util.List getRoleChildren(java.lang.String roleParentKey,
                               boolean directAndIndirect)
                               throws oracle.iam.platform.authz.exception.AccessDeniedException,
                                      RoleMemberException
Retrieve the roles children of the given role. Note that this API only checks for direct and indirect relationships based on the directAndIndirect flag.
Parameters:
roleParentKey - The key of the role whose relationships are looking up.
directAndIndirect - The flag used to lookup the role relationships either directly or indirectly.
Returns:
the list of roles that are children of the given role.
Throws:
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleMemberException - If operation fails.

getDirectRoleChildren

java.util.List getDirectRoleChildren(java.lang.String roleParentKey,
                                     java.util.Set retAttrs,
                                     java.util.Map configParams)
                                     throws oracle.iam.platform.authz.exception.AccessDeniedException,
                                            RoleMemberException
Retrieve the roles direct children of the given role.
Parameters:
roleParentKey - The key of the role whose children are looking up.
retAttrs - The set of attributes which are to be returned for each role.
configParams - Parameters to further configure the search operation. There are two configuration parameters. STARTROW, and ENDROW The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched. These parameters are mandatory.
Returns:
the list of roles that are direct children of the given role.
Throws:
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleMemberException - If operation fails.

isRoleParent

boolean isRoleParent(java.lang.String parentRoleKey,
                     java.lang.String roleChildKey,
                     boolean directAndIndirect)
                     throws oracle.iam.platform.authz.exception.AccessDeniedException,
                            RoleMemberException
Return true if the role has the given parent. Note that this API only checks for for direct and indirect relationships based on the directAndIndirect flag.
Parameters:
parentRoleKey - The key of the role whose relationship we are looking up.
directAndIndirect - if true, checks for direct and indirect relationships.
roleChildKey - The key of the role whose relationship we are looking up.
Returns:
true if the role has the given parent.
Throws:
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleMemberException - If operation fails.

getRoleParents

java.util.List getRoleParents(java.lang.String roleChildKey,
                              boolean directAndIndirect)
                              throws oracle.iam.platform.authz.exception.AccessDeniedException,
                                     RoleMemberException
Retrieve the roles who are the parents of the given role. Note that this API checks for direct and indirect relationship based on directAndIndirect
Parameters:
roleChildKey - The key of the role whose parent we are looking up.
directAndIndirect - When set to false, will only return direct parents. When set to true, will return direct and indirect parents.
Returns:
the list of roles who are the parents of the given role.
Throws:
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleMemberException - If operation fails.

getDirectRoleParents

java.util.List getDirectRoleParents(java.lang.String roleChildKey,
                                    java.util.Set retAttrs,
                                    java.util.Map configParams)
                                    throws oracle.iam.platform.authz.exception.AccessDeniedException,
                                           RoleMemberException
Retrieve the roles who are the direct parents of the given role.
Parameters:
roleChildKey - the key of the role whose parents are looking up.
retAttrs - The set of attributes which are to be returned for each role.
configParams - Parameters to further configure the search operation. There are two configuration parameters. STARTROW, and ENDROW The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched. These parameters are mandatory.
Returns:
the list of roles who are the direct parents of the given role.
Throws:
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleMemberException - If operation fails.

updateEntityDefinition

void updateEntityDefinition()
This method updates UDF entry in Role.xml in MDS repository. An assumption is that any UDF in Role.xml will only be added or modified through Design console. This API is being invoked from Design console. tcfrmUDFManager. This will be called when user has made any modification in UDF of Roles only.

grantRole

RoleManagerResult grantRole(java.lang.String roleAttributeName,
                            java.lang.Object roleAttributeValue,
                            java.lang.String userAttributeName,
                            java.lang.Object userAttributeValue)
                            throws ValidationFailedException,
                                   oracle.iam.platform.authz.exception.AccessDeniedException,
                                   RoleGrantException,
                                   SearchKeyNotUniqueException,
                                   NoSuchRoleException,
                                   NoSuchUserException
Grant the role identified to the specified user/s based on the search criteria.
Parameters:
roleAttributeName - The role attribute name for the search criteria.
roleAttributeValue - The role attribute value for the search criteria.
userAttributeName - The user attribute name for the search criteria.
userAttributeValue - The user attribute value for the search criteria.
Returns:
RoleManagerResult containing the set of success and failure results. Each failure result has a reason for failure associated with it.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required. authorization.
RoleGrantException - If operation fails.
SearchKeyNotUniqueException - if there is more than one roles or users for the given search criteria.
NoSuchRoleException - if the role with given search criteria is not found.
NoSuchUserException - if the user with given search criteria is not found.

getRoleGrantDetails

Relationship getRoleGrantDetails(java.lang.String roleAttributeName,
                                 java.lang.Object roleAttributeValue,
                                 java.lang.String userAttributeName,
                                 java.lang.Object userAttributeValue,
                                 java.util.Set retAttrs)
                                 throws oracle.iam.platform.authz.exception.AccessDeniedException,
                                        NoSuchRoleGrantException,
                                        RoleGrantLookupException,
                                        SearchKeyNotUniqueException,
                                        NoSuchRoleException,
                                        NoSuchUserException
Lookup the attributes of a role grant.
Parameters:
roleAttributeName - The role attribute name for the search criteria.
roleAttributeValue - The role attribute value for the search criteria.
userAttributeName - The user attribute name for the search criteria.
userAttributeValue - The user attribute value for the search criteria.
retAttrs - The attributes to lookup.
Returns:
Relationship containing the attributes of the role grant.
Throws:
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleGrantLookupException - If operation fails.
NoSuchRoleGrantException - If the grant doesn't exist.
SearchKeyNotUniqueException - if there is more than one roles or users for the given search criteria.
NoSuchRoleException - if the role with given search criteria is not found.
NoSuchUserException - if the user with given search criteria is not found.

updateRoleGrant

RoleManagerResult updateRoleGrant(java.lang.String roleAttributeName,
                                  java.lang.Object roleAttributeValue,
                                  java.lang.String userAttributeName,
                                  java.lang.Object userAttributeValue,
                                  java.util.Map args)
                                  throws ValidationFailedException,
                                         oracle.iam.platform.authz.exception.AccessDeniedException,
                                         RoleGrantUpdateException,
                                         NoSuchRoleGrantException,
                                         SearchKeyNotUniqueException,
                                         NoSuchRoleException,
                                         NoSuchUserException
Update a role grant.
Parameters:
roleAttributeName - The role attribute name for the search criteria.
roleAttributeValue - The role attribute value for the search criteria.
userAttributeName - The user attribute name for the search criteria.
userAttributeValue - The user attribute value for the search criteria.
args - The attributes and values to update the role grant with.
Returns:
RoleManagerResult containing the status of the operation.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleGrantUpdateException - If operation fails.
NoSuchRoleGrantException - If the role grant doesn't exist.
SearchKeyNotUniqueException - if there is more than one roles or users for the given search criteria.
NoSuchRoleException - if the role with given search criteria is not found.
NoSuchUserException - if the user with given search criteria is not found.

revokeRoleGrant

RoleManagerResult revokeRoleGrant(java.lang.String roleAttributeName,
                                  java.lang.Object roleAttributeValue,
                                  java.lang.String userAttributeName,
                                  java.lang.Object userAttributeValue)
                                  throws ValidationFailedException,
                                         oracle.iam.platform.authz.exception.AccessDeniedException,
                                         RoleGrantRevokeException,
                                         SearchKeyNotUniqueException,
                                         NoSuchRoleException,
                                         NoSuchUserException
Revoke the role for the specified user/s based on the search criteria.
Parameters:
roleAttributeName - The role attribute name for the search criteria.
roleAttributeValue - The role attribute value for the search criteria.
userAttributeName - The user attribute name for the search criteria.
userAttributeValue - The user attribute value for the search criteria.
Returns:
RoleManagerResult containing the set of success and failure results. Each failure result has a reason for failure associated with it.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleGrantRevokeException - If operation fails.
SearchKeyNotUniqueException - if there is more than one roles or users for the given search criteria.
NoSuchRoleException - if the role with given search criteria is not found.
NoSuchUserException - if the user with given search criteria is not found.

getRoleRelationshipDetails

Relationship getRoleRelationshipDetails(java.lang.String parentAttrName,
                                        java.lang.Object parentAttrValue,
                                        java.lang.String childAttrName,
                                        java.lang.Object childAttrValue,
                                        java.util.Set retAttrs)
                                        throws oracle.iam.platform.authz.exception.AccessDeniedException,
                                               NoSuchRoleRelationshipException,
                                               RoleRelationshipLookupException,
                                               SearchKeyNotUniqueException,
                                               NoSuchRoleException
Lookup the attributes of a role relationship.
Parameters:
parentAttrName - The parent role attribute name for the search criteria.
parentAttrValue - The parent role attribute value for the search criteria.
childAttrName - The child role attribute name for the search criteria.
childAttrValue - The child role attribute value for the search criteria.
retAttrs - The attributes to lookup.
Returns:
Relationship containing the attributes of the role relationship.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleRelationshipLookupException - If operation fails.
NoSuchRoleRelationshipException - If the role relationship doesn't exist.
SearchKeyNotUniqueException - if there is more than one roles or users for the given search criteria.
NoSuchRoleException - if the role with given search criteria is not found.

addRoleRelationship

RoleManagerResult addRoleRelationship(java.lang.String parentAttrName,
                                      java.lang.Object parentAttrValue,
                                      java.lang.String childAttrName,
                                      java.lang.Object childAttrValue)
                                      throws ValidationFailedException,
                                             oracle.iam.platform.authz.exception.AccessDeniedException,
                                             RoleRelationshipException,
                                             SearchKeyNotUniqueException,
                                             NoSuchRoleException
Add a direct relationship between two roles.
Parameters:
parentAttrName - The parent role attribute name for the search criteria.
parentAttrValue - The parent role attribute value for the search criteria.
childAttrName - The child role attribute name for the search criteria.
childAttrValue - The child role attribute value for the search criteria.
Returns:
RoleManagerResult containing the status of the operation.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleRelationshipException - If operation fails.
SearchKeyNotUniqueException - if there is more than one roles or users for the given search criteria.
NoSuchRoleException - if the role with given search criteria is not found.

removeRoleRelationship

RoleManagerResult removeRoleRelationship(java.lang.String parentAttrName,
                                         java.lang.Object parentAttrValue,
                                         java.lang.String childAttrName,
                                         java.lang.Object childAttrValue)
                                         throws ValidationFailedException,
                                                oracle.iam.platform.authz.exception.AccessDeniedException,
                                                RoleRelationshipRemoveException,
                                                SearchKeyNotUniqueException,
                                                NoSuchRoleException
Remove a direct relationship between two roles.
Parameters:
parentAttrName - The parent role attribute name for the search criteria.
parentAttrValue - The parent role attribute value for the search criteria.
childAttrName - The child role attribute name for the search criteria.
childAttrValue - The child role attribute value for the search criteria.
Returns:
RoleManagerResult containing the status of the operation.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleRelationshipRemoveException - If operation fails.
SearchKeyNotUniqueException - if there is more than one roles or users for the given search criteria.
NoSuchRoleException - if the role with given search criteria is not found.

updateRoleRelationship

RoleManagerResult updateRoleRelationship(java.lang.String parentAttrName,
                                         java.lang.Object parentAttrValue,
                                         java.lang.String childAttrName,
                                         java.lang.Object childAttrValue,
                                         java.util.Map args)
                                         throws ValidationFailedException,
                                                oracle.iam.platform.authz.exception.AccessDeniedException,
                                                RoleRelationshipUpdateException,
                                                NoSuchRoleRelationshipException,
                                                SearchKeyNotUniqueException,
                                                NoSuchRoleException
Update a relationship between two roles.
Parameters:
parentAttrName - The parent role attribute name for the search criteria.
parentAttrValue - The parent role attribute value for the search criteria.
childAttrName - The child role attribute name for the search criteria.
childAttrValue - The child role attribute value for the search criteria.
args - The attributes and values to update the role relationship with.
Returns:
RoleManagerResult containing the status of the operation.
Throws:
ValidationFailedException - if the validation during the orchestration process fails.
oracle.iam.platform.authz.exception.AccessDeniedException - if the logged-in user does not have the required authorization.
RoleRelationshipUpdateException - If operation fails.
NoSuchRoleRelationshipException - If the relationship doesn't exist.
SearchKeyNotUniqueException - if there is more than one roles or users for the given search criteria.
NoSuchRoleException - if the role with given search criteria is not found.

Skip navigation links


Copyright © 2010, Oracle and/or its affiliates. All rights reserved.