Solstice Enterprise Manager 4.1 C++ API Reference | ![]() ![]() ![]() ![]() ![]() |
Access Control API
To access to Solstice EM tools and managed objects, users must belong to a group. In addition, users' access privileges are determined based on the group to which they belong. The Access Control API provides a solid C++ interface to GDMO object classes.
The Access Control API enables you to:
- Assign rules that define access for groups of users
- Define the access rules at a group level
- Control access to Solstice EM applications and managed objects
This chapter comprises the following topics:
- Section 5.1 Design Objectives
- Section 5.2 Access Control Types
- Section 5.3 Class Hierarchy
- Section 5.4 Symbolic Constants and Defined Types
- Section 5.5 Access Control API Classes
5.1 Design Objectives
The Access Control API was developed with the following design objectives:
- Uniform treatment of all the access control objects to maximize reusability of design and code
- Compatibility with the X.741 standard
- Ease of use, especially for users familiar with PMI
- Object-oriented design of the API, so that it is consistent with the other Solstice EM APIs
5.2 Access Control Types
The Access Control API defines two types of access control:
- Object-level access control. Controls the level of access to managed objects. For example, users belonging to the operator group are denied access to the log object, but they get back a response.
- Feature-level access control. Controls the level of access to application features. For example, users belonging to the operator group are denied access to the destroy feature of the em_viewer application, but allowed to access the view feature.
5.3 Class Hierarchy
FIGURE 5-1 illustrates the hierarchy of the Access Control API container classes.
![]()
FIGURE 5-1 C++ Container Classes and Their InheritanceFIGURE 5-2 Illustrates the hierarchy of the Access Control API.
![]()
FIGURE 5-2 Access Control C++ Classes and Their InheritanceTABLE 5-1 describes the Access Control API classes.
5.4 Symbolic Constants and Defined Types
5.4.1 Constants
ACAuxOwnerType
enum ACAuxOwnerType {ACAccessControlSwitch
enum ACAccessControlSwitch {emAccessControlOff,emAccessControlOn}ACCallbackType
enum ACCallbackType {OBJECT_CREATION_CALLBACK,OBJECT_DELETION_CALLBACK,ATTRIBUTE_VALUE_CHANGED_CALLBACK,IMAGE_INCLUDED_CALLBACK,IMAGE_EXCLUDED_CALLBACK,RAW_EVENT_CALLBACK}ACDenialGranularity
enum ACDenialGranularity {request,object,attribute}ACEMAuditLevel
enum ACEMAuditLevel{AUDIT_OFF,AUDIT_LEVEL1,AUDIT_LEVEL2}ACEMSecurityLevel
enum ACEMSecurityLevel{SECURITY_OFF,SECURITY_LEVEL1,SECURITY_LEVEL2}ACErrorType
ACObjectType
enum ACObjectType {AC_TARGETS_OBJECT,AC_RULE_OBJECT,AC_APPLICATION_OBJECT,AC_GROUP_OBJECT,AC_DB_OBJECT,AC_EM_NOTIFICATION_EMITTER}ACTargetsType
enum ACTargetsType {X741_TARGETS,EM_TARGETS}EnforcementAction
enum EnforcementAction {denyWithResponse,denyWithoutResponse,abortAssociation,denyWithFalseResponse,allow}5.4.2 Defined Types
This section lists the defined types.
ACAccessUserListSet
typedef RWTValSlist<ACUser> ACAccessUserListSetACApplicationAndFeatureList
typedef RWTValSlist<RWCString> ACApplicationAndFeatureListACApplicationFeatureList
typedef RWTValSlist<RWCString> ACApplicationFeatureListACApplicationList
typedef RWTValSlist<RWCString> ACApplicationListACDbObjectAccessList
typedef RWTValSlist<RWCString> ACDbObjectAccessListACDbObjectList
typedef RWTValSlist<RWCString> ACDbObjectListACDbObjectTableList
typedef RWTValSlist<RWCString> ACDbObjectTableListACDefaultAccess
typedef RWTValSlist<RWCString> ACDefaultAccessACDefaultEventAccess
typedef EnforcementAction ACDefaultEventAccessACDenialResponse
typedef EnforcementAction ACDenialResponseACDomainIdentity
typedef RWCString ACDomainIdentityACEventsDiscriminator
typedef RWCString ACEventsDiscriminatorACFilter
typedef RWCString ACFilterACGroupDescription
typedef RWCString ACGroupDescriptionACGroupList
typedef RWTValSlist<RWCString> ACGroupListACGroupMemberList
typedef RWTValSlist<RWCString> ACGroupMemberListACMOCList
typedef RWTValSlist<RWCString> ACMOCListACMOIList
typedef RWTValSlist<RWCString> ACMOIListACOperationsList
typedef RWTValSlist<RWCString> ACOperationsListACRuleList
typedef RWTValSlist<RWCString> ACRuleListACTargetsList
typedef RWTValSlist<RWCString> ACTargetsListACSuperUserList
typedef RWTValHashSet<RWCString> ACSuperUserListACTrustedHostList
typedef RWTValHashSet<RWCString> ACTrusedHostList5.5 Access Control API Classes
This section describes the following Access Control API classes:
5.6 ACAccessControlRules Class
Inheritance: class ACObject
#include <acapi/accesscontrolrules.hh>Data Members: No public data members are declared in this class.
The ACAccessControlRules class represents the emAccessControlRules GDMO object class, which is defined in the Solstice EM Access Control module and is derived from X.741's accessControlRules GDMO object class.
The emAccessControlRules GDMO object class extends the accessControlRules GDMO object class by adding the following attributes:
- accessControlSwitch
- trustedHostList
- defaultEventAccess
The ACAccessControlRules class provides methods for accessing and modifying the default attribute values of the access control service. This class acts as a container for all the rules in the system.
5.6.1 Constructor
ACAccessControlRules()The default constructor initializes the object that it represents, and prepares itself to register callbacks.
Note It is possible to construct more than one ACAccessControlRules object. The additional objects, however, are references to the same object, because there can only be one instance of the emAccessControlRules GDMO object.
5.6.2 Destructor
~ACAccessControlRules()5.6.3 ACAccessControlRules Member Functions
add_trusted_hosts
Result add_trusted_hosts(ACTrustedHostList& add_trusted_host_list)Adds add_trusted_host_list to the list of trusted hosts. If a host is already included in the trusted hosts list, it is not added again.
get_access_control_switch
ACAccessControlSwitch get_access_control_switch()Gets the access control status of the currently running Solstice EM. This function returns one of the following two values:
- emAccessControlOff
- Indicates that any user can freely view, modify, or delete objects in the platform. Access control is not enforced.
- emAccessControlOn
- Indicates that users need to be added to the platform and given appropriate privileges to view, modify, or delete objects. Access control is enforced.
get_default_access
ACDefaultAccess get_default_access()Gets the default access value for each operation (action, create, delete, and so on).
Returns a list of value pairs of the form {<operation> <access>, <operation> <access>, ...}. For example:
The default access value for all operations is denyWithResponse.
get_default_event_access
ACDefaultEventAccess get_default_event_access()Gets the default action for events. It returns one of the following values:
- denyWithResponse (default)
- denyWithoutResponse
- abortAssociation
- denyWithFalseResponse
- allow
get_denial_granularity
ACDenialGranularity get_denial_granularity()Returns one of the following three values that represent the level at which denial of access is exhibited:
- request
- Access is denied at the request level. An entire request to access one or more managed objects in the MIS is denied if access to one of the managed objects in the request is denied. The request is allowed only when all managed objects in the request are accessible.
- object
- Access is denied at the object level. Access is denied only to the request's managed objects that are not accessible. Access to the remaining managed objects in the request is allowed.
- attribute
- Access is denied at the attribute level. Request to access a managed object is denied if access to one or more of its attributes is denied. Access to the managed object is allowed only when all the attributes of the managed object are accessible.
get_denial_response
ACDenialResponse get_denial_response()Returns the denial response that access control sends out when denial is made because the default rule was satisfied.
The return values are as follows:
- denyWithResponse (default)
- denyWithoutResponse
- abortAssociation
- denyWithFalseResponse
- allow
get_domain_identity
ACDomainIdentity get_domain_identity()Returns the access control domain identity that is governed by the access control rules. By default, the domain identity is EM.
get_trusted_host_list
ACTrustedHostList get_trusted_host_list(Boolean real) constReturns the list of trusted hosts. Trusted hosts are systems that can freely connect as root to an MIS machine. The list of trusted hosts is maintained by the MIS server that holds the security profiles.
is_trusted_host
RWBoolean is_trusted_host(const RWCString& host_name) constChecks whether host_name is in the list of trusted hosts. If host_name is part of the list, this function returns TRUE; otherwise, it returns FALSE.
remove_trusted_hosts
Result remove_trusted_hosts(ACTrustedHostList& remove_trusted_host_list)Removes the hosts in remove_trusted_host_list from the list of trusted hosts. If a host in remove_trusted_host_list is not in the list of trusted hosts, it is ignored.
Returns TRUE on successful completion; otherwise, FALSE.
replace_trusted_host_list
Result replace_trusted_host_list(ACTrustedHostList& new_trusted_host_list)Replaces the trusted host list with new_trusted_host_list.
Returns TRUE on successful completion; otherwise, FALSE.
set_access_control_switch
Result set_access_control_switch(ACAccessControlSwitch)Sets the access control status in the MIS to one of the following values:
- emAccessControlOff
- Any user can freely view, modify, or delete objects in the platform. Access control is not enforced.
- emAccessControlOn
- Users need to be added to the platform and given appropriate privileges to view, modify, or delete objects. Access control is enforced.
Returns TRUE on successful completion; otherwise, FALSE.
set_default_access
Result set_default_access(ACDefaultAccess&)Sets the default access for each operation (action, create, delete, and so on) as a list of value pairs of the form {<operation> <access>, <operation> <access>, ...}.
For example:
Returns TRUE on successful completion; otherwise, FALSE.
set_default_event_access
Result set_default_event_access(ACDefaultEventAccess)Sets the access control status in the platform to one of the following values:
- denyWithResponse (default)
- denyWithoutResponse
- abortAssociation
- denyWithFalseResponse
- allow
Returns TRUE on successful completion; otherwise, FALSE.
set_denial_granularity
Result set_denial_granularity(ACDenialGranularity)Sets the access denial level to one of the following values (passed through the ACDenialGranularity parameter):
- request
- Access is denied at the request level. An entire request to access one or more managed objects in the MIS is denied if access to one of the managed objects in the request is denied. The request is allowed only when all managed objects in the request are accessible.
- object
- Access is denied at the object level. Access is denied only to the request's managed objects that are not accessible. Access to the remaining managed objects in the request is allowed.
- attribute
- Access is denied at the attribute level. Request to access a managed object is denied if access to one or more of its attributes is denied. Access to the managed object is allowed only when all the attributes of the managed object are accessible.
Note Solstice EM only supports object-level access control.
Returns TRUE on successful completion; otherwise, FALSE.
set_denial_response
Result set_denial_response(ACDenialResponse)Sets the denial response to be returned by access control when the default rule is satisfied to one of the following values:
- denyWithResponse (default)
- denyWithoutResponse
- abortAssociation
- denyWithFalseResponse
- allow
Returns TRUE on successful completion; otherwise, FALSE.
5.7 ACAccessUserList Class
Inheritance: public ACObject
#include <acapi/acaccessuserlist.hh>Data Members: No public data members are declared in this class.
The ACAccessUserList class represents the accessUserList GDMO object in the MIS. This class stores the list of users registered under access control, and maintains a list of super users. Whenever any of the attribute values for this class changes, it sends attributeValueChange notifications.
5.7.1 Constructor
ACAccessUserList()The default constructor initializes the ACAccessUserList class, and prepares it to register callbacks.
Note It is possible to construct more than one ACAccessUserList object. The additional objects, however, are references to the same object, because there can only be one instance of the accessUserList GDMO object.
5.7.2 Destructor
~ACAccessUserList()5.7.3 ACAccessUserList Member Functions
add_superusers
Result add_superusers(ACSuperUserList& add_superuser_list)Adds add_superuser_list to the list of super users, unless a user in list is already a super user.
Returns TRUE on successful completion; otherwise, FALSE.
add_user
Result add_user(ACUser& user)Adds user as a user under access control. If user already exits, the error type is set to ACC_USER_EXISTS, and the error string is set to "User exists in accessUserList!".
Returns TRUE on successful completion; otherwise, FALSE.
get_access_user_list_set
ACAccessUserListSet get_access_user_list_set()Returns a list of the users registered under access control.
get_superuser_list
ACSuperUserList get_superuser_list(Boolean real = TRUE) constReturns a list of the super users under the access control domain.
is_superuser
RWBoolean is_superuser(const RWCString& user_name) constReturns TRUE if user_name is a super user; otherwise, FALSE.
replace_superuser_list
Result replace_superuser_list(ACSuperUserList& new_superuser_list)Replaces the existing list of super users with new_superuser_list.
Returns TRUE on successful completion; otherwise, FALSE.
remove_superusers
Result remove_superusers(ACSuperUserList& remove_superuser_list)Removes the super users that are specified in the remove_superuser_list list.
Returns TRUE on successful completion; otherwise, FALSE.
remove_user
Result remove_user(ACUser& user)Removes user from the list of users under access control.
Returns TRUE on successful completion; otherwise, FALSE.
5.8 ACAppFeatureContainer Class
Inheritance: class ACContainer
#include <acapi/acapplicationfeature.hh>Data Members: No public data members are declared in this class.
The ACAppFeatureContainer class is a container for all the features that can be controlled through Solstice EM's feature-level access control for a given application.
5.8.1 Constructor
ACAppFeatureContainer(const RWCString& appl_name)The constructor creates a feature container object for appl_name. If an object has already been created for appl_name, the object is not created again. Instead, the object's internal reference count is incremented by one.
5.8.2 Destructor
~ACAppFeatureContainer()5.8.3 ACAppFeatureContainer Member Functions
get_all_features
ACApplicationFeatureList get_all_features()Returns all the features that have been registered for feature-level access control for the application that this class represents.
get_container_name
RWCString get_container_name()Returns the container name, which is the application name.
get_feature
ACApplicationFeature get_feature(const RWCString& featurename)Returns the ACApplicationFeature object featurename.
5.9 ACApplication Class
Inheritance: class ACObject
#include <acapi/acapplication.hh>Data Members: No public data members are declared in this class.
The ACApplication class represents the application GDMO object class defined in the Solstice EM Access Control module. This object is a container for all the features that are controlled through Solstice EM's feature-level access control for a given application.
5.9.1 Constructor
ACApplication(const RWCString& appl_name)The constructor creates an application object whose name is the value of appl_name. If an object has already been created for appl_name, the object is not created again. Instead, the object's internal reference count is incremented by one.
5.9.2 Destructor
~ACApplication()5.9.3 ACApplication Member Functions
destroy
Result destroy()Removes the application object that this class represents from all groups to which it belongs. In addition, deletes the application object and its features from access control. Upon the deletion, the application is no longer subject to access control.
Returns TRUE on successful completion; otherwise, FALSE.
get_application_description
RWCString get_application_description()Gets the application description information.
Returns TRUE on successful completion; otherwise, FALSE.
set_application_description
Result set_application_description(const RWCString& desc)Sets desc as the application's description information.
Returns TRUE on successful completion; otherwise, FALSE.
5.10 ACApplicationContainer Class
Inheritance: public ACContainer
#include <acapi/acapplication.hh>Data Members: No public data members are declared in this class.
The ACApplicationContainer class represents the applicationContainer GDMO object class which is defined in the Solstice EM Access Control module. This object is a container for all the applications that can be controlled through Solstice EM's feature-level access control.
5.10.1 Constructor
ACApplicationContainer()The constructor creates an application container object that contains all the applications that are subject to access control. If such an object has already been created, its internal reference count is incremented by one.
5.10.2 Destructor
~ACApplicationContainer()5.10.3 ACApplicationContainer Member Functions
get_all_applications
ACApplicationList get_all_applications()Returns a list of all the applications under the ACApplicationContainer object which, by default, includes most of the Solstice EM applications.
get_application
ACApplication get_application(const RWCString& appname)Returns the ACApplication object whose name is stored in appname.
5.11 ACApplicationFeature Class
Inheritance: public ACObject
#include <acapi/acapplicationfeature.hh>Data Members: No public data members are declared in this class.
The ACApplicationFeature class represents the applicationFeature GDMO object class which is defined in the Solstice EM Access Control module. ACApplicationFeature represents a feature that can be controlled through Solstice EM's feature-level access control for a given application.
5.11.1 Constructor
ACApplicationFeature(const RWCString& appname, const RWCString& featurename)The constructor creates an applicationFeature object based on the values of appname and featurename. If such an object already exists, the internal reference count is incremented by one, and the object is returned.
5.11.2 Destructor
~ACApplicationFeature()5.11.3 ACApplicationFeature Member Functions
destroy
Result destroy()Removes an application's feature object from all groups to which it belongs and deletes the feature object from access control. Upon deletion, the application's feature is no longer subject to access control.
Returns TRUE on successful completion; otherwise, FALSE.
get_feature_description
RWCString get_feature_description()Returns the feature's description.
set_feature_description
Result set_feature_description(const RWCString& desc)Sets desc as the description for the feature.
Returns TRUE if successful; otherwise, FALSE.
5.12 ACCallback Class
Inheritance: class Callback
#include <acapi/accallback.hh>This class is a simple extension of the PMI callback class.
5.12.1 Constructors
ACCallback()The default constructor initializes the Callback object.
ACCallback(CallbackHandler hand, Ptr userdata, ACCallbackType type)
- hand, defined in pmi/callback.hh, is a pointer to the function that the scheduler must call.
- type can be one of the following:
The preceding is a copy constructor.
5.12.2 Destructor
~ACCallback()5.12.3 ACCallback Operator Overloading
ACCallback& operator = (const ACCallback& other)The assignment operator works like the copy constructor.
5.12.4 ACCallback Member Functions
exec_callback
void exec_callback(Ptr call_data) constInvokes the callback's handler with the callback's data, and exec's call_data as arguments.
get_callback_type
ACCallbackType get_callback_type() const5.13 ACContainer Class
Inheritance: None
#include <acapi/accontainer.hh>Data Members: No public data members are declared in this class.
The ACContainer class is an abstract base class that abstracts the concept of a container for access control GDMO objects.
This class is subclassed to derive more specific classes that serve as an interface to containers of various X.741 GDMO object classes. For example, the subclass ACRuleContainer C++ provides the interface to the container of X.741 rule GDMO objects.
Multiple ACContainer objects that represent the same container of X.741 GDMO objects share the same object by maintaining a reference count. The ACContainer class allows its subclasses to register any object inclusion and object exclusion events from the container and any raw events from PMI, so that the container is updated dynamically and automatically.
5.13.1 Constructor
This constructor is protected so that the user cannot instantiate this object.
5.13.2 Destructor
virtual ~ACContainer() = 0;5.13.3 ACContainer Operator Overloading
Boolean operator == (const ACContainer& self, const ACContainer& other)If the two compared container objects have the same object names, the preceding comparison operator returns TRUE.
ACContainer& operator=(const ACContainer&)The preceding operator overloads the assignment operator.
5.13.4 ACContainer Member Functions
add_callback
void add_callback(const ACCallback& cb)Adds the given callback pointer to ACContainer's callback queue.
Note You can add more than one callback for a given type of event. This allows you to use multiple callbacks to process the same event.
The following six types of events are supported:
- OBJECT_CREATION
- OBJECT_DELETION
- ATTRIBUTE_VALUE_CHANGED
- IMAGE_INCLUDED
- IMAGE_EXCLUDED
- RAW_EVENT
get_error_string
RWCString get_error_string()Returns the error string stored in the ACAccessControl object that pertains to the object that this function represents.
get_error_type
ACErrorType get_error_type()Returns the error type stored in the ACAccessControl object that pertains to the object that this function represents. The possible values of the error type are:
get_name_only
RWCString get_name_only()Returns the name of the ACAccessControl object that pertains to the ACContainer.
get_object_name
RWCString get_object_name() constReturns the name of the ACAccessControl object stored in the distinguished name (DN) format.
remove_callback
void remove_callback(const ACCallback& cb)Removes the callback associated with its object.
reset_error
void reset_error()Resets the error state of the ACAccessControl object that pertains to the ACContainer by setting both the error string and error type to ACC_OK.
set_error
void set_error(ACErrorType type, const RWCString& err)Sets the error type to the type argument, and the error string to the err argument. If type is ACC_OK, this method performs the same action as the reset_error method.
set_error_string
void set_error_string(const RWCString& err)Sets the error string to the err.
set_error_type
void set_error_type(ACErrorType type)Sets the error type to the type argument. If type is ACC_OK, this method performs the same action as the reset_error method.
5.14 ACDbObject Class
Inheritance: public ACObject
#include <acapi/acdbobject.hh>Data Members: No public data members are declared in this class.
The ACDbObject class represents the emDbObject GDMO object class from the Solstice EM DB Info module. An emDbObject object represents a database object on which access control can be specified.
5.14.1 Constructor
ACDbObject(const RWCString& objectname)The constructor creates an emDbObject object whose name is specified by objectname. If a Dbobject with the same name already exists, the internal reference count is incremented by one and the object is returned.
5.14.2 Destructor
~ACDbObject()5.14.3 ACDbObject Member Functions
add_db_object_access
Result add_db_object_access(const RWCString& access)Adds the given argument to the emDbObject object's access list.
Returns TRUE on successful completion. Otherwise, if access already exists in the access list, this function sets the error type to ACC_DB_OBJECT_ACCESS_EXISTS and the error string to "Access exists in emDbObjectAccessList!", and returns FALSE.
add_db_object_table
Result add_db_object_table(const RWCString& table)Adds table to emDbObject's table list.
Returns TRUE on successful completion. Otherwise, if table already exists in the table list, this function sets the error type to ACC_DB_OBJECT_ACCESS_EXISTS and the error string to "Access exists in emDbObjectAccessList!", and returns FALSE.
get_db_object_access_list
ACDbObjectAccessList get_db_object_access_list()Returns the access list that contains the names of the groups that can access DbObject.
get_db_object_table_list
ACDbObjectTableList get_db_object_table_list()Returns the list of tables that are under access control for the DbObject object.
remove_db_object_access
Result remove_db_object_access(const RWCString& access)Removes access from the DbObject object's access list.
Returns TRUE on successful completion. Otherwise, if access does not exist, this function sets the error type to ACC_DB_OBJECT_ACCESS_NOT_EXISTS and the error string to "Access doesn't exist in emDbObjectAccessList!", and returns FALSE.
remove_db_object_table
Result remove_db_object_table(const RWCString& table)Removes table from the DbObject object's table list.
Returns TRUE on successful completion. Otherwise, if table does not exist, this function sets the error type to ACC_DB_OBJECT_TABLE_NOT_EXISTS and the error string to "Table doesn't exist in emDbObjectTableList!", and returns FALSE.
set_db_object_access_list
Result set_db_object_access_list(ACDbObjectAccessList& accesslist)Replaces DbObject's current access with accesslist.
Returns TRUE on successful completion; otherwise, FALSE.
set_db_object_table_list
Result set_db_object_table_list(ACDbObjectTableList& tablelist)Replaces the current table list of the DbObject with tablelist.
Returns TRUE on successful completion; otherwise, FALSE.
set_auxobject_owner
Result set_auxobject_owner( ACAuxOwnerType owntype,RWCString ownid)The above method sets the owner of the auxiliary object to ownid and the type of the owner to owntype. Returns TRUE on successful completion; otherwise, FALSE.
get_auxobject_owner_type
ACAuxOwnerType get_auxobject_owner_type()The above method returns the type of owner, that is USER or GROUP of the auxiliary object. If the owner type is not known or incorrect INVALID_OWNER_TYPE is returned.
get_auxobject_owner_id
RWCString get_auxobject_owner_id()The above method returns the owner id of the auxiliary object, this is valid only when the owner type of the auxiliary object is USER or GROUP.
5.14.4 Notes About the ACDbObject Class
The default owner of an auxiliary object is created as root. In order to change the owner, you need to set the owner id using the set_auxobject_owner() method. The owner type can be USER or GROUP and the owner id can be a the name of a user or the name of a group.
After setting the auxiliary object's owner, you must perform a create() or store() operation so that the changes in the auxiliary object are pushed down to the MIS. CODE EXAMPLE 5-1 illustrates the sequence for performing a create() operation (M-CREATE).
Note Two test programs that show how to create and set an ACDbObject object are supplied in the /opt/SUNWconn/em/src/ac_api directory.
5.15 ACDbObjectContainer Class
Inheritance: public ACContainer
#include <acapi/acdbobject.hh>Data Members: No public data members are declared in this class.
The ACDbObjectContainer class represents the emDbInfo GDMO object class from the Solstice EM DB Info module. ACDbObjectContainer is a container for all ACDbObject objects. It stores database-specific access control information.
5.15.1 Constructor
ACDbObjectContainer()The default constructor creates the container object. If the object has already been created, the internal reference count for the object is incremented by one.
5.15.2 Destructor
~ACDbObjectContainer()5.15.3 ACDbObjectContainer Member Functions
get_access_db_objects
ACDbObjectList get_access_db_objects(const RWCString& group)Returns all ACDbObject objects that contain the given group in the ACDbObjectContainer object's access list.
get_all_db_objects
ACDbObjectList get_all_db_objects()Returns all ACDbObject objects that are stored in ACDbObjectContainer.
get_db_object
ACDbObject get_db_object(const RWCString& appname)Returns the ACDbObject object whose name is specified by appname.
get_db_server_name
RWCString get_db_server_name()Returns the database server name.
get_db_server_type
RWCString get_db_server_type()Returns the database server type.
5.16 ACEMNotificationEmitter Class
Inheritance: public ACObject
#include <acapi/notificationemitter.hh>Data Members: No public data members are declared in this class.
The ACEMNotificationEmitter class represents the emNotificationEmitter GDMO object class from the Solstice EM Access Control module. The emNotificationEmitter object represents a notification emitter for security alarm and auditing.
5.16.1 Constructor
ACEMNotificationEmitter()The constructor creates a notificationEmitter object. If such an object has already been created, the internal reference count for the object is incremented by one.
5.16.2 Destructor
~ACEMNotificationEmitter()5.16.3 ACEMNotificationEmitter Member Functions
get_audit_level
ACEMAuditLevel get_audit_level()Returns one of the following values that represent the audit level:
- AUDIT_OFF
- AUDIT_LEVEL1
- AUDIT_LEVEL2
get_invalid_access_attempts
long get_invalid_access_attempts()Returns a count of the number of times that access was denied.
get_security_level
ACEMSecurityLevel get_security_level()Returns one of the following values that represent the security level:
- SECURITY_OFF
- SECURITY_LEVEL1
- SECURITY_LEVEL2
get_valid_access_attempts
long get_valid_access_attempts()Returns a count of the number of times that an access control decision function authorized access.
set_audit_level
Result set_audit_level(ACEMAuditLevel)Sets the audit level to one of the following values:
- AUDIT_OFF
- AUDIT_LEVEL1
- AUDIT_LEVEL2
Returns TRUE on successful completion; otherwise, FALSE.
set_security_level
Result set_security_level(ACEMSecurityLevel)Sets the security level to one of the following values:
- SECURITY_OFF
- SECURITY_LEVEL1
- SECURITY_LEVEL2
Returns TRUE on successful completion; otherwise, FALSE.
5.17 ACEMTargets Class
Inheritance: public ACTargets
#include <acapi/acemtargets.hh>Data Members: No public data members are declared in this class.
The ACEMTargets class represents the emTargets GDMO object class which is defined in the Solstice EM Access Control module. emTargets is derived from X.741's targets GDMO object class. ACEMTargets class adds an eventDiscriminator attribute to the targets class to be used for event access control.
5.17.1 Constructor
ACEMTargets(const RWCString& objname)The preceding constructor creates an ACEMTargets object whose name is specified by objname. If an object has already been created with the same name, the internal reference count for the object is incremented by one.
5.17.2 Destructor
~ACEMTargets()5.17.3 ACEMTargets Member Functions
get_event_discriminator
ACEventsDiscriminator get_event_discriminator()Returns the ACEMTargets object's event discriminator.
set_event_discriminator
Result set_event_discriminator(ACEventsDiscriminator)Sets the ACEMTargets object's event discriminator to ACEventsDiscriminator.
Returns TRUE on successful completion; otherwise, FALSE.
5.18 ACGroup Class
Inheritance: public ACObject
#include <acapi/acgroup.hh>Data Members: No public data members are declared in this class.
The ACGroup class represents the group GDMO object class which is defined in the Solstice EM Access Control module. group is derived from X.741's aclInitiators GDMO object class.
5.18.1 Constructor
ACGroup(const RWCString& objectname)The constructor creates an ACGroup object whose name is specified by objectname. If an object with the same name has already been created, the internal reference count for the object is incremented by one.
5.18.2 Destructor
~ACGroup()5.18.3 ACGroup Member Functions
add_application
Result add_application(const RWCString& app)Adds app to the list of applications that can be accessed by its group.
Returns TRUE on successful completion; otherwise, FALSE.
add_application_feature
Result add_application_feature(const RWCString& app, const RWCString& feature)Adds feature to the feature list of app that can be accessed by its group.
Returns TRUE on successful completion; otherwise, FALSE.
add_group_member
Result add_group_member(const RWCString& membername)Adds the given member to its group.
Returns TRUE on successful completion. Otherwise, if the given member already exists in the group, this function sets the error type to ACC_USER_EXISTS and the error string to "User exists in groupMemberList!", and returns FALSE.
destroy
Result destroy()Removes the instantiated group object from all containers that contains it, and then removes the object itself.
Returns TRUE on successful completion; otherwise, FALSE.
get_all_applications_full_access
Boolean get_all_applications_full_access()Returns TRUE if the group it represents contains the DN of the application container in its applicationAndFeatureList, which indicates that the group has full access to all applications; otherwise, FALSE.
A group has full access to all applications in an application container if the group contains the DN of the application container. This method returns TRUE if the instantiated group contains the DN of an application container in the applicationAndFeatureList of the group; otherwise, FALSE.
get_applications
ACApplicationList get_applications()Returns all the applications that are accessible by its group.
get_application_and_feature_list
ACApplicationAndFeatureList get_application_and_feature_list(Boolean real)If real is TRUE, this function returns a list of the DNs of all MIS applications and features that are accessible by the instantiated group; otherwise, it returns a list of the DNs of all applications and features in its own application space.
get_application_feature
Result add_application_feature(const RWCString& app, const RWCString& feature)Adds feature to the feature list of <app> that can be accessed by its group.
Returns TRUE on successful completion; otherwise, FALSE. For more information, check the error type and string by calling the get_error_type function and the get_error_string function. Verify that the application has full access by calling get_application_full_access.
get_application_features
ACApplicationFeatureList get_application_features(
const RWCString& appname)This function returns all the features of the given application that are accessible by its group. If the given application has full access, this function returns an empty list. Verify that the application has full access by calling get_application_full_access.
get_application_full_access
Boolean get_application_full_access(const RWCString& appname)Checks the applicationAndFeatureList of the instantiated group for the DN of the given application, to determine whether the group has full access to the given application.
Returns TRUE if its group has full access to the given application; otherwise, FALSE.
get_group_description
ACGroupDescription get_group_description()Returns the ACGroup object's description information.
get_group_member_list
ACGroupMemberList get_group_member_list()Returns a list of the group members (users).
remove_application
Result remove_application(const RWCString& app)Removes the given application and all of its associated features from the applicationAndFeatureList of the group.
Returns TRUE on successful completion; otherwise, FALSE.
remove_application_feature
Result remove_application_feature(const RWCString& app, const RWCString& feature)Removes the given feature from the given application.
Returns TRUE on successful completion; otherwise, FALSE.
If the given feature does not exist, this function sets the error type to ACC_FEATURE_NOT_EXISTS and the error string to "Application feature doesn't exist in applicationAndFeatureList!".
remove_group_member
Result remove_group_member(const RWCString& membername)Removes the given member (user) from its groupMemberList.
Returns TRUE on successful completion; otherwise, FALSE.
If the given member does not exist, this function sets the error type to ACC_USER_NOT_EXISTS and the error string to "User doesn't exist in groupMemberList!".
set_all_applications_full_access
Result set_all_applications_full_access(Boolean fullacccess)A group has full access to all applications in an application container if the group contains the DN of the application container.
If fullaccess is TRUE, this method adds the DN of an application container to the applicationAndFeatureList of the instantiated group.
If fullaccess is FALSE, this method removes the DN from the applicationAndFeatureList of the instantiated group.
Returns TRUE on successful completion; otherwise, FALSE.
set_application_and_feature_list
Result set_application_and_feature_list(A
CApplicationAndFeatureList& list)Sets the given list as the applicationAndFeatureList for the instantiated group.
Returns TRUE on successful completion; otherwise, FALSE.
set_application_full_access
Result set_application_full_access(const RWCString& application)Sets the DN of the given application in the applicationAndFeatureList of the instantiated group so that the group has full access to the given application.
Returns TRUE on successful completion; otherwise, FALSE.
set_group_description
Result set_group_description(const ACGroupDescription& description)Sets the description of the instantiated group object to description.
Returns TRUE on successful completion; otherwise, FALSE.
set_group_member_list
Result set_group_member_list(ACGroupMemberList& list)Sets the member (user) list of the instantiated group to list.
Returns TRUE on successful completion; otherwise, FALSE.
get_initiator_aci_mandated
Boolean get_initiator_aci_mandated()Returns TURE if the initiator of the instantiated ACGroup object is authorized; otherwise, FALSE.
set_initiator_aci_mandated
Result set_initiator_aci_mandated(Boolean mandated)If mandated is TRUE, sets the initiator of the instantiated ACGroup object to authorized; otherwise, sets the initiator to unauthorized.
Returns TRUE on successful completion; otherwise, FALSE.
5.19 ACGroupContainer Class
Inheritance: public ACContainer
#include <acapi/acgroup.hh>Data Members: No public data members are declared in this class.
The ACGroupContainer class represents the groupContainer GDMO object class which is defined in the Solstice EM Access Control module. groupContainer is a container for all the groups that are defined under access control of Solstice EM.
5.19.1 Constructor
ACGroupContainer()The constructor creates a group container object that, when instantiated, contains all the groups that are subject to access control. By default, the following groups are available: full access, operator, and view-only. If such an object exists, the internal reference count for the object is incremented by one.
5.19.2 Destructor
~ACGroupContainer()5.19.3 ACGroupContainer Member Functions
get_all_groups
ACGroupList get_all_groups()Returns all the groups under the groupContainer object in the form of a group list.
get_group
ACGroup get_group(const RWCString& groupname)Returns the group object with the given name.
get_user_group_list
ACGroupList get_user_group_list(const RWCString& username)Returns all the groups containing a user with the given name.
5.20 ACInterface Class
Inheritance: None
#include <acapi/acinterface.hh>Data Members: No public data members are declared in this class.
The ACInterface class is a convenience class that you can use to get all the container objects for access control and their contained objects.
5.20.1 Constructor
ACInterface()The default constructor does nothing because there are no data members to initialize.
5.20.2 Destructor
~ACInterface()5.20.3 ACInterface Member Functions
get_access_user_list
ACAccessUserList get_access_user_list();Creates an ACAccessUserList object if it does not exist and returns it.
get_application_container
ACApplicationContainer get_application_container()Creates an ACApplicationContainer object if it does not exist and returns it.
get_db_object_container
ACDbObjectContainer get_db_object_container()Creates an ACDbObjectContainer object if it does not exist and returns it.
get_em_notification_emitter
ACEMNotificationEmitter get_em_notification_emitter()Creates an ACEMNotificationEmitter object if it does not exist and returns it. If such an object exists, its internal reference count is incremented by one.
get_feature_container
ACAppFeatureContainer get_feature_container(const RWCString& appname)Creates an ACAppFeatureContainer object (for the given application) if it does not exist and returns it.
get_group_container
ACGroupContainer get_group_container()Creates an ACGroupContainer object if it does not exist and returns it.
get_rule_container
ACRuleContainer get_rule_container()Creates an ACRuleContainer object if it does not exist and returns it.
get_targets_container
ACTargetsContainer get_targets_container()Creates an ACTargetsContainer object if it does not exist and returns it.
5.21 ACObject Class
Inheritance: None
#include <acapi/acobject.hh>Data Members: No public data members are declared in this class.
The ACObject class represents the accessControl managed object class, an abstract base class, as defined in X.741. ACObject is subclassed to derive more specific classes that serve as an interface to X.741 GDMO object classes.
ACObject should be used as a base class for only those classes that represent a concrete GDMO object class; that is, one that can be instantiated. For example, the ACRule C++ class derives from the ACObject class and provides the interface to the X.741 rule GDMO object class.
5.21.1 Constructor
There is no default public constructor available for this class.
ACObject(const ACObject&)A copy constructor is defined whose declaration is shown above.
5.21.2 Destructor
virtual ~ACObject() = 0When the reference count for this object becomes 0, the object is deleted.
5.21.3 ACObject Operator Overloading
ACObject& operator = (const ACObject&)The preceding is the declaration of an assignment operator.
Boolean operator == (const ACObject& other)The preceding comparison operator returns TRUE if the objects on both sides are the same; otherwise, FALSE.
5.21.4 ACObject Member Functions
add_callback
void add_callback(const ACCallback& cb)Adds the given callback to receive one of the following three events:
- objectCreation
- objectDeletion
- It is your responsibility to delete the object name to free the allocated memory for object name.
- attributeValueChange
As part of the call data to the callback, the instantiated ACObject object is passed.
Note It is possible to add more than one callback for the same event type.
copy
Result copy(ACObject& source)Makes a copy of the given ACobject.
Returns TRUE on successful completion; otherwise, FALSE.
create
Result create()Creates an ACObject object that represents the accessControl GDMO object. This is analogous to the Image::create() function in PMI.
Returns TRUE on successful completion; otherwise, FALSE. .
destroy
virtual Result destroy()Destroys an ACObject that represents the accessControl GDMO object. This is analogous to the Image::destroy() function in PMI.
Returns TRUE on successful completion; otherwise, FALSE.
exists
Boolean exists()Checks whether the object exists. This is analogous to the Image::exists() function in PMI.
Returns TRUE on successful completion; otherwise, FALSE.
get_error_string
RWCString get_error_string() constReturns the error string stored in the ACAccessControl object that pertains to the instantiated ACObject.
get_error_type
ACErrorType get_error_type() const;Returns the error type stored in the ACAccessControl object that pertains to the instantiated ACObject. The error type can have one of the following values:
ACC_APPLICATION_EXISTS ACC_MOC_EXISTS ACC_APPLICATION_NOT_EXISTS ACC_MOC_NOT_EXISTS ACC_DB_OBJECT_ACCESS_EXISTS ACC_MOI_EXISTS ACC_DB_OBJECT_ACCESS_NOT_EXISTS ACC_MOI_NOT_EXISTS ACC_DB_OBJECT_TABLE_EXISTS ACC_NO_MEMORY ACC_DB_OBJECT_TABLE_NOT_EXISTS ACC_OK ACC_FAILED ACC_RULE_EXISTS ACC_FEATURE_EXISTS ACC_RULE_NOT_EXISTS ACC_FEATURE_NOT_EXISTS ACC_TARGETS_EXISTS ACC_GROUP_EXISTS ACC_TARGETS_NOT_EXISTS ACC_GROUP_NOT_EXISTS ACC_USER_EXISTS ACC_INVALID_USER_NAME ACC_USER_NOT_EXISTS
get_name_only
RWCString get_name_only() constReturns the name of the instantiated ACObject.
get_object_name
RWCString get_object_name() constReturns the name of the instantiated ACObject in the distinguished name (DN) format.
remove_callback
void remove_callback(const ACCallback& cb)reset_error
void reset_error()Resets the error state of the object by setting the error string to "ACC_OK" and the error type to ACC_OK.
revert
Result revert()Reverts the state of the object by canceling any pending set operation that has not yet been stored.
Returns TRUE on successful completion; otherwise, FALSE.
set_error
void set_error(ACErrorType type, const RWCString& err)Sets the error type to the given type and error string to the given string. A type value of ACC_OK performs a reset_error on the object.
set_error_string
void set_error_string(const RWCString& err)Sets the error string to the given string.
set_error_type
void set_error_type(ACErrorType type)Sets the error type to the given type. A type value of ACC_OK performs a reset_error on the object.
store
Result store()Stores the object that will be the representation of the GDMO object. This is analogous to the Image::store() function in PMI.
Returns TRUE on successful completion; otherwise, FALSE.
5.22 ACRule Class
Inheritance: public ACObject
#include <acapi/acrule.hh>Data Members: No public data members are declared in this class.
The ACRule class represents X.741's rule GDMO object class, which grants or denies access. If the value of the enforcement action attribute is allow, access is permitted. Otherwise, the enforcement action attribute defines the type of denial response made to the initiator of the management operation.
5.22.1 Constructor
ACRule(const RWCString& objectname);The constructor creates an ACRule object whose name is specified by objectname. If such an object with this name has already been created, the internal reference count for the object is incremented by one.
5.22.2 Destructor
~ACRule()5.22.3 ACRule Member Functions
add_group
Result add_group(const RWCString& groupname)Adds the given group to the rule's initiator list.
Returns TRUE on successful completion; otherwise, FALSE.
If the given group already exists, this function sets the error type to ACC_GROUP_EXISTS and the error string to "Group exists in initiatorsList!".
add_targets
Result add_targets(const RWCString& target)Adds the given target to the rule's target list.
Returns TRUE on successful completion; otherwise, FALSE.
If the given target already exists, this function sets the error type to ACC_TARGETS_EXISTS and the error string to "Targets exists in initiatorsList!".
get_enforcement_action
EnforcementAction get_enforcement_action()Returns the enforcement action that is defined for this rule, which can be one of the following:
- denyWithResponse
- denyWithoutResponse
- abortAssociation
- denyWithFalseResponse
- allow
get_group_list
ACGroupList get_group_list()Returns a list of the groups that belong to the rule object.
get_targets_list
ACTargetsList get_targets_list()Returns a list of the targets that belong to the rule object.
remove_group
Result remove_group(const RWCString& groupname)Removes the given group from the rule's initiator's list.
Returns TRUE on successful completion; otherwise, FALSE.
If the given group already exists, this function sets the error type to ACC_GROUP_NOT_EXISTS and the error string to "Group doesn't exist in initiatorsList!".
remove_targets
Result remove_targets(const RWCString& target)Removes the given target from the rule's target list.
Returns TRUE on successful completion; otherwise, FALSE.
If the given target already exists, this function sets the error type to ACC_TARGETS_NOT_EXISTS and the error string to "Targets doesn't exist in initiatorsList!".
set_enforcement_action
Result set_enforcement_action(EnforcementAction action)Sets the given action as the enforcement action for the rule. The given action can be one of the following:
- denyWithResponse
- denyWithoutResponse
- abortAssociation
- denyWithFalseResponse
- allow
Returns TRUE on successful completion; otherwise, FALSE.
set_group_list
Result set_group_list(ACGroupList& grouplist)Sets the given list as the rule's initiator list.
Returns TRUE on successful completion; otherwise, FALSE.
set_targets_list
Result set_targets_list(ACTargetsList& targetlist)Sets the given list as the rule's target list.
Returns TRUE on successful completion; otherwise, FALSE.
5.23 ACRuleContainer Class
Inheritance: public ACContainer
#include <acapi/acrule.hh>Data Members: No public data members are declared in this class.
The ACRuleContainer class is a container for all the rules defined in access control. This class does not directly represent any GDMO object class.
5.23.1 Constructor
ACRuleContainer()The constructor creates a rule container object, so that when it is instantiated it contains all the rules that are subject to access control. If such an object has already been created, the internal reference count for the object is incremented by one.
5.23.2 Destructor
~ACRuleContainer()5.23.3 ACRuleContainer Member Functions
get_access_control_rules
ACAccessControlRules get_access_control_rules()Returns the ACAccessControlRules object that represents the emAccessControlRules GDMO object class. This ACAccessControlRules object can be used to get the various attributes of the emAccessControlRule.
get_all_rules
ACRuleList get_all_rules()Returns all the rules available in the rule container object.
get_group_rule_list
ACRuleList get_group_rule_list(const RWCString& groupname)Returns a list of all the rules that reference the given group.
get_rule
ACRule get_rule(const RWCString& rulename)Returns the rule object whose name is specified by rulename.
get_targets_rule_list
ACRuleList get_targets_rule_list(const RWCString& targetsname)Returns all the rules that reference the given target.
5.24 ACScope Class
Inheritance: None
#include <acapi/actargets.hh>Data Members: The following public data members are defined.
- type can be:
- level can be any positive integer.
The ACScope class contains the scope information.
5.24.1 Constructors
Default Constructor
ACScope()The default constructor initializes type to BASE_OBJECT and level to 0.
ACScope(MessScopeType t, U32 l)The preceding constructor initializes type to t and level to l.
- type can be:
The preceding constructor is a copy constructor.
5.24.1.1 ACScope Operator Overloading
ACScope& operator=(const ACScope& other)The preceding operator overloads the assignment operator and assigns the values of right side to left side.
5.24.1.2 ACScope Member Functions
5.25 ACTargets Class
Inheritance: public ACObject
#include <acapi/actargets.hh>Data Members: No public data members are declared in this class.
The ACTargets class represents X.741's targets GDMO object class. Targets identify managed objects within the security domain.
5.25.1 Constructor
ACTargets(const RWCString& objectname, ACTargetsType type = X741_TARGETS)The constructor creates an ACTargets object with the given name and type. The default type is X741_TARGETS, which creates a targets GDMO object from X.741. Any other type creates an emTargets GDMO object which is defined in the Solstice EM Access Control module. If an object with the same name exists, the internal reference count for the object is incremented by one.
The constructor creates an ACTargets object with the given name and type. The type is either the targets GDMO object defined in X741.gdmo or the emTargets GDMO object defined in the Solstice EM Access Control module. The default type is the targets GDMO object if no type is specified.
5.25.2 Destructor
virtual ~ACTargets()5.25.3 ACTargets Member Functions
add_moc
Result add_moc(const RWCString& mocname)Adds the given managed object class (MOC) name to the MOC list that is defined for the target.
Returns TRUE on successful completion; otherwise, FALSE.
If the given MOC already exists, the function sets the error type to ACC_MOC_EXISTS and the error string to "MOC exists in targetsList!".
add_moi
Result add_moi(const RWCString& moiname)Adds the given managed object instance (MOI) to the list of MOIs that are defined for the target.
Returns TRUE on successful completion; otherwise, FALSE.
If the given MOI already exists in the target list, this function sets the error type to ACC_MOI_EXISTS and the error string to "MOI exists in targetsList!".
destroy
Result destroy()Removes the target from all the rules that reference it, and deletes the target.
Returns TRUE on successful completion; otherwise, FALSE.
get_filter
ACFilter get_filter()Returns the stored filter for the target.
get_moc_list
ACMOCList get_moc_list()Returns the list of MOCs that are defined for the instantiated target object.
get_moi_list
ACMOIList get_moi_list()Returns a list of the MOIs that are defined for the target.
Check for the error type to get any error that occurred while performing this function.
get_operations_list
ACOperationsList get_operations_list()Returns the list of operations that are defined for this target. For example, {action, get, multipleObjectSelection, filter}.
Check for the error type to get any error that occurred while performing this function.
get_scope
ACScope get_scope()remove_moc
Result remove_moc(const RWCString& mocname)Removes the given MOC from this target's list of MOCs.
Returns TRUE on successful completion; otherwise, FALSE.
If the given MOC already exists, this function sets the error type to ACC_MOC_NOT_EXISTS and the error string to "MOC doesn't exist in targetsList!".
remove_moi
Result remove_moi(const RWCString& moiname)Removes the given MOI from this target's list of MOIs.
Returns TRUE on successful completion; otherwise, FALSE.
If the given MOI already exists, this function sets the error type to ACC_MOI_NOT_EXISTS and the error string to "MOI doesn't exist in targetsList!".
set_filter
Result set_filter(const ACFilter& filter)Sets the given filter for the target object.
Returns TRUE on successful completion; otherwise, FALSE.
set_moc_list
Result set_moc_list(ACMOCList& moclist)Sets the given MOC list for the target object.
Returns TRUE on successful completion; otherwise, FALSE.
set_moi_list
Result set_moi_list(ACMOIList& moilist)Sets the given MOI list for the target object.
Returns TRUE on successful completion; otherwise, FALSE.
set_operations_list
Result set_operations_list(ACOperationsList& operlist)Sets the given operations list for the target object.
Returns TRUE on successful completion; otherwise, FALSE.
set_scope
Result set_scope(const ACScope& scope)Sets the given scope for the target object.
Returns TRUE on successful completion; otherwise, FALSE.
5.26 ACTargetsContainer Class
Inheritance: public ACContainer
#include <acapi/actargets.hh>Data Members: No public data members are declared in this class.
The ACTargetsContainer class represents the targetContainer GDMO object class which is defined in the Solstice EM Access Control module. ACTargetsContainer is a container for all the Solstice EM access control targets.
5.26.1 Constructor
ACTargetsContainer()The constructor creates a targets container object to contain all the targets that are subject to access control. If such an object exists, the internal reference count for the object is incremented by one.
5.26.2 Destructor
~ACTargetsContainer()5.26.3 ACTargetsContainer Member Functions
get_all_targets
ACTargetsList get_all_targets()Returns all the targets under the targetContainer object.
get_em_targets
ACEMTargets get_em_targets(const RWCString& targetsname)Returns the ACEMTargets object with the given name.
get_targets
ACTargets get_targets(const RWCString& targetsname)Returns the ACTargets object with the given name.
5.27 ACUser Class
Inheritance: None
#include <acapi/acaccessuserlist.hh>Data Members: No public data members are declared in this class.
The ACUser class stores a user's login name and full name in memory. Access control applications get a user's login name and full name by accessing the instantiated ACUser object.
5.27.1 Constructors
Default Constructor
ACUser()The default constructor does not initialize the login name and full name.
ACUser(const RWCString& loginname, const RWCString& fullname)The preceding constructor initializes the login name to loginname and the full name to fullname.
ACUser(const RWCString& loginname)The preceding constructor initializes the login name to loginname and the full name to an empty string.
ACUser(const ACUser& other)The above constructor is a copy constructor.
5.27.2 ACUser Operator Overloading
ACContainerData& operator = (const ACContainerData& other)The preceding operator overloads the assignment operator, and assigns the values of other to self.
friend Boolean operator == (const ACContainerData& self, const ACContainerData& other)The preceding operator overloads the equality operator, so that if both the self and other objects have the same login name, the overload method returns TRUE; otherwise, the method returns FALSE.
5.27.3 ACUser Member Functions
get_full_name
RWCString get_full_name() constReturns the full name stored in the object.
get_login_name
RWCString get_login_name() constReturns the login name stored in the object.
is_valid_user
Boolean is_valid_user(unsigned int& error_code)Verifies the validity of the instantiated ACUser by contacting em_login daemon to check whether the user is a valid user on the MIS host. Returns TRUE on successful completion; otherwise, FALSE.
set_full_name
void set_full_name(const RWCString&)Sets the full name in the object to the given name.
set_login_name
void set_login_name(const RWCString&)
Sun Microsystems, Inc. Copyright information. All rights reserved. |
Doc Set | Contents | Previous | Next | Index |