Skip navigation links
oracle.iam.platform.authz.api
Interface AuthorizationService
-
public interface AuthorizationService
Service interface specifying contracts for the authorization checks supported by the OIM Authorization layer. Clients need to call this service for authorization checks at their Policy Enforcement Points. Examples of PEPs may be specific navigation items or action widgets on the user interface, or proactive checkpoints before processing a request in a feature, or an access control mechanism embedded in a custom OIM client.
| Method Summary |
AuthorizationResult |
hasAccess(java.lang.String subjectId, java.lang.String resourceType)
Checks whether a subject can manage the given resource type. |
AuthorizationResult |
hasAccess(java.lang.String subjectId, java.lang.String resourceType, java.lang.String actionId)
Checks whether a subject has access to perform specified action on a resource of type resourceType. |
AuthorizationResult |
hasAccess(java.lang.String subjectId, java.lang.String resourceId, java.lang.String resourceType, java.lang.String action)
Checks whether a subject has access on resource identified by resourceId of given resource type for specified action or not. |
hasAccess
AuthorizationResult hasAccess(java.lang.String subjectId,
java.lang.String resourceType)
- Checks whether a subject can manage the given resource type.
-
- Parameters:
subjectId - unique identifier for subject (e.g 'usr_key' of loggedin user)resourceType - type of feature to be accessed. (e.g "USER_MANAGEMENT", "RECONCILIATION_MANAGEMENT", "AUTHORIZATION_POLICY_MANAGEMENT", "ROLE_MANAGEMENT", "SELF_SERVICE_USER_MANAGEMENT", "SCHEDULER", "USER_MANAGEMENT_CONFIG" feature.)- Returns:
- An object containing the decision and obligations, if any.
hasAccess
AuthorizationResult hasAccess(java.lang.String subjectId,
java.lang.String resourceType,
java.lang.String actionId)
- Checks whether a subject has access to perform specified action on a resource of type resourceType. This method is useful when operation to be performed is independent of target such as create, search and browse operation.
-
- Parameters:
subjectId - unique identifier for subject (e.g 'usr_key' of loggedin user)resourceType - type of feature to be accessed. (e.g "USER_MANAGEMENT", "RECONCILIATION_MANAGEMENT", "AUTHORIZATION_POLICY_MANAGEMENT", "ROLE_MANAGEMENT", "SELF_SERVICE_USER_MANAGEMENT", "SCHEDULER", "USER_MANAGEMENT_CONFIG" feature.)actionId - the operation to be performed (e.g. "CREATE" operation)- Returns:
- An object containing the decision and obligations, if any.
hasAccess
AuthorizationResult hasAccess(java.lang.String subjectId,
java.lang.String resourceId,
java.lang.String resourceType,
java.lang.String action)
- Checks whether a subject has access on resource identified by resourceId of given resource type for specified action or not. This method is useful when performing an action on a selected resource. The actions such as lookup, enable, disable, delete can make use of this method.
-
- Parameters:
subjectId - unique identifier for subject (e.g 'usr_key' of loggedin user)resourceId - unique identifier of the resource on which user wants to perform the specified operation. (e.g 'usr_key' of the user to be modified, 'act_key' of the organization to be modified)resourceType - type of feature to be accessed. (e.g "USER_MANAGEMENT", "RECONCILIATION_MANAGEMENT", "AUTHORIZATION_POLICY_MANAGEMENT", "ROLE_MANAGEMENT", "SELF_SERVICE_USER_MANAGEMENT", "SCHEDULER", "USER_MANAGEMENT_CONFIG" feature.)action - the operation to be performed on given resource identified by resourceId. (e.g "MODIFY" operation)- Returns:
- An object containing the decision and obligations, if any.
Skip navigation links
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.