com.hyperion.css
Interface CSSUserProvisioningAPIIF

public interface CSSUserProvisioningAPIIF

Note that only a subset of the API's will be supported in Fusion/JPS mode.

This API is utilized for purposes of Provisioning - both users and groups as well as authorization through the use of roles. This API is thread safe - threads can access it concurrently without introducing any deadlock or any other abnormal behavior. CSS defines "Provisioning" as the process of granting users and groups access to resources, be they other users and groups or entities such as dimensions, reports etc. All methods that retrieve users and groups would return both active and inactive instances. Please note that methods that specify relationships on CAS Domain Objects such as Project and Applications are to be invoked only after CAS/Hub has been invoked for the same. These methods are invoked internally by the Hub, and the product teams do not need to invoke these. If during the course of the invocation of a method, the user identified by the CSSPrincipalIF parameter is deleted then a CSSInvalidPrincipalException is nested in a CSSExceptionand thrown.

Please note that any role that is associated with the Hub is considered global. For instance: CSSAPIIF.ROLE_DIRECTORY_MANAGER_IDENTITYis a global role. If a user is assigned global roles then they are across applications. If a user or a group is assigned a global role and even if it is not assigned any roles on any application, it is considered to be provisioned.

Please note that to assign a user or group to a role in a application, the principal needs to have CSSPermissionIF.MODIFYon the role, and the user, group and application should be viewable.

In methods where a filter can be specified on names, wildcards such as '*' can be used. For example a filter 'a*' used in the userName parameter would return the usernames that begin with 'a' in the order of directories that is specified by the search order.

Since:

CSS v3.0

See Also:

CSSAPIIF

Method Summary

void	copyProvisioning(java.util.Map context, CSSPrincipalIF principal, java.lang.String fromAppId, java.lang.String toAppId) Copies the provisioning information from a source application to the destination application.
void	deleteApplication(java.util.Map context, CSSPrincipalIF principal, java.lang.String applicationID) This API is responsible to de-provision all the users and groups related to the applciation id.
void	deleteProduct(java.util.Map context, CSSPrincipalIF principal, java.lang.String productType) This is an EPM mode only API.
CSSGroupIF[]	getAllProvisionedGroupsInApp(java.util.Map context, CSSPrincipalIF principal, GroupSearchFilter groupSrchFilter, java.lang.String typeOfAccess, java.lang.String applicationId) This is an EPM mode only API.
CSSGroupIF[]	getAllProvisionedGroupsInApp(java.util.Map context, CSSPrincipalIF principal, java.lang.String groupName, java.lang.String typeOfAccess, java.lang.String applicationId) This is an EPM mode only API.
CSSGroupIF[]	getAllProvisionedGroupsInApps(java.util.Map context, CSSPrincipalIF principal, GroupSearchFilter groupSrchFilter, com.hyperion.css.common.CSSRoleInfo[] rolesInfo, java.lang.String typeOfAccess) This is an EPM mode only API.
CSSUserIF[]	getAllProvisionedUsersInApp(java.util.Map context, CSSPrincipalIF principal, java.lang.String userName, java.lang.String typeOfAccess, java.lang.String applicationId) Returns the users that the specified principal can view from across the providers that are associated with the application specified.
CSSUserIF[]	getAllProvisionedUsersInApp(java.util.Map context, CSSPrincipalIF principal, UserSearchFilter userSrchFilter, java.lang.String typeOfAccess, java.lang.String applicationId) This is an EPM mode only API.
CSSUserIF[]	getAllProvisionedUsersInApps(java.util.Map context, CSSPrincipalIF principal, UserSearchFilter userSrchFilter, com.hyperion.css.common.CSSRoleInfo[] rolesInfo, java.lang.String typeOfAccess) This is an EPM mode only API.
CSSApplicationInstance	getApplicationInstance(java.util.Map context, CSSPrincipalIF principal, java.lang.String applicationID) Gets the application instance from the specified application id.
CSSApplicationInstance[]	getApplicationsForPrincipal(java.util.Map context, CSSPrincipalIF principal, java.lang.String roleIdentity) This is an EPM mode only API.
java.util.Set<CSSApplicationInstance>	getApplicationsForProductType(java.util.Map context, CSSPrincipalIF principal, java.lang.String productType) Gets the application instances for the specified product type.
java.lang.String[]	getDelegatedEntries(java.util.Map context, CSSPrincipalIF principal, java.lang.String[] identities) This is an EPM mode only API.
CSSGroupIF	getGroupByIdentity(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity, java.lang.String applicationId) This is an EPM mode only API.
CSSGroupIF	getGroupByIdentity(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity, java.lang.String applicationId, java.lang.String typeOfAccess) Deprecated. - Use getGroupByIdentity(Map, CSSPrincipalIF, String, String) instead. This is an EPM mode only API.
CSSGroupIF[]	getGroups(java.util.Map context, CSSPrincipalIF principal, java.lang.String groupName, java.lang.String typeOfAccess, java.lang.String applicationId) Deprecated. - Use getAllProvisionedGroupsInApp(Map, CSSPrincipalIF, String, String, String) This is an EPM mode only API.
CSSGroupIF[]	getGroupsWithRoleInApplication(java.util.Map context, CSSPrincipalIF principal, java.lang.String groupNameFilter, java.lang.String roleIdentity, java.lang.String applicationId, java.lang.String typeOfAccess) Deprecated. - Use getAllProvisionedGroupsInApps(Map, CSSPrincipalIF, GroupSearchFilter, CSSRoleInfo[], String) This is an EPM mode only API.
java.lang.String	getProjectForApplication(java.util.Map context, CSSPrincipalIF principal, java.lang.String applicationId) This is an EPM mode only API.
CSSApplicationInfoIF[]	getProvisionedApplications(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity, java.lang.String[] productCodes) This is an EPM mode only API.
java.lang.String[]	getProvisionedApps(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity) Deprecated. - Use getProvisionedApplications(Map, CSSPrincipalIF, String, String[]) This is an EPM mode only API.
java.lang.String[]	getProvisionedApps(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity, java.lang.String productCode) Deprecated. - Use getProvisionedApplications(Map, CSSPrincipalIF, String, String[]) This is an EPM mode only API.
CSSProvisioningInfoIF	getProvisioningInfoForEntries(java.util.Map context, CSSPrincipalIF principal, java.lang.String[] entryIdentities, java.lang.String[] appIds, boolean indirect) This is an EPM mode only API.
CSSProvisionedGroupIF	getProvisioningInfoForGroup(java.util.Map context, CSSPrincipalIF principal, CSSGroupIF group, java.lang.String[] appIds) This is an EPM mode only API.
CSSProvisionedUserIF	getProvisioningInfoForUser(java.util.Map context, CSSPrincipalIF principal, CSSUserIF user, java.lang.String[] appIds) This is an EPM mode only API.
CSSRoleIF	getRoleByIdentity(java.util.Map context, CSSPrincipalIF principal, java.lang.String roleIdentity) This is an EPM mode only API.
CSSRoleIF	getRoleByIdentity(java.util.Map context, CSSPrincipalIF principal, java.lang.String roleIdentity, java.lang.String typeOfAccess) Deprecated.
CSSRoleIF[]	getRoles(java.util.Map context, CSSPrincipalIF principal, com.hyperion.css.common.RoleSearchFilter roleSrchFilter) This is an EPM mode only API.
CSSRoleIF[]	getRoles(java.util.Map context, CSSPrincipalIF principal, java.lang.String roleName, java.lang.String typeOfAccess, java.lang.String applicationId) This is an EPM mode only API.
CSSRoleIF[]	getRolesByApplication(java.util.Map context, CSSPrincipalIF principal, java.lang.String applicationId, java.lang.String roleName, java.lang.String typeOfAccess) This is an EPM mode only API.
CSSRoleIF[]	getRolesByProductType(java.util.Map context, CSSPrincipalIF principal, java.lang.String productTypeIdentity, java.lang.String roleNameFilter, java.lang.String typeOfAccess) This is an EPM mode only API.
java.util.Set<java.lang.String>	getRolesForEntries(java.util.Map context, CSSPrincipalIF principal, java.util.Set<java.lang.String> entryIdentities, java.lang.String applicationId) This will return both direct and indirect roles provisioned for the specified application.
java.lang.String[]	getRolesForGroupInApplication(java.util.Map context, CSSPrincipalIF principal, java.lang.String groupIdentity, java.lang.String applicationId, boolean indirect) This is an EPM mode only API.
java.lang.String[]	getRolesForUserInApplication(java.util.Map context, CSSPrincipalIF principal, java.lang.String userIdentity, java.lang.String applicationId, boolean indirect) This is an EPM mode only API.
CSSAppEntryIF[]	getRolesListForEntries(java.util.Map context, CSSPrincipalIF principal, java.lang.String[] entryIdentities, java.lang.String[] appIds, boolean indirect) This is an EPM mode only API.
CSSAppEntryIF[]	getRolesListForEntry(java.util.Map context, CSSPrincipalIF principal, java.lang.String entryIdentity, java.lang.String[] appIds, boolean indirect) This is an EPM mode only API.
CSSUserIF	getUserByIdentity(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity, java.lang.String applicationId) This is an EPM mode only API.
CSSUserIF	getUserByIdentity(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity, java.lang.String applicationId, java.lang.String typeOfAccess) Deprecated. - Use getUserByIdentity(Map, CSSPrincipalIF, String, String) instead. This is an EPM mode only API.
CSSUserIF[]	getUsers(java.util.Map context, CSSPrincipalIF principal, java.lang.String userName, java.lang.String typeOfAccess, java.lang.String applicationId) This is an EPM mode only API.
java.util.List	getUsersByIdentity(java.util.Map context, CSSPrincipalIF principal, java.util.List identities, java.lang.String applicationId) This is an EPM mode only API.
java.util.List	getUsersByIdentity(java.util.Map context, CSSPrincipalIF principal, java.util.List identities, java.lang.String applicationId, java.lang.String typeOfAccess) Deprecated. - Use getUsersByIdentity(Map, CSSPrincipalIF, List, String) instead. This is an EPM mode only API.
CSSUserIF[]	getUsersWithRoleInApplication(java.util.Map context, CSSPrincipalIF principal, java.lang.String userNameFilter, java.lang.String roleIdentity, java.lang.String applicationId, java.lang.String typeOfAccess) Deprecated. - Use {@link CSSUserProvisioningAPIIF#getAllProvisionedUsersInApp(Map, CSSPrincipalIF, UserSearchFilter, String, String) or {@link CSSUserProvisioningAPIIF#getAllProvisionedUsersInApps(Map, CSSPrincipalIF, UserSearchFilter, CSSRoleInfo[], String) This is an EPM mode only API.
boolean	isProvisioned(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity, java.lang.String applicationId) This is an EPM mode only API.
void	setRolesList(java.util.Map context, CSSPrincipalIF principal, java.lang.String identity, java.lang.String[] roles, java.lang.String applicationId, boolean add) This is an EPM mode only API.

Method Detail

isProvisioned

boolean isProvisioned(java.util.Map context,
                      CSSPrincipalIF principal,
                      java.lang.String identity,
                      java.lang.String applicationId)
                      throws CSSAuthorizationException,
                             CSSInvalidUserException,
                             CSSInvalidGroupException,
                             CSSInvalidIdentityException,
                             CSSCommunicationException,
                             CSSException

This is an EPM mode only API.

Checks to see if a user/group has been provisioned. A user/group is provisioned if it has been assigned to an Application through a role association. The principal needs to be at least a CSSAPIIF.ROLE_PROVISIONING_MANAGER_IDENTITYand should also have view access on the user or group for invoking this method, otherwise an CSSAuthorizationException is thrown. If the principal does not have CSSPermissionIF.VIEWon the applicationId then a CSSAuthorizationException is thrown. On the other hand if an applicationId is not specified and the principal does not have visibility on any applications, false is returned. The applicationId will specify one of the following:

1. applicationId
2. CSSAPIIF.SPECIFY_ALL: All applications that this principal has at least CSSPermissionIF.VIEWon would be searched.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller

identity - - the identity of the user or group.

applicationId - - the id of the application.

Returns:

- true if the user or group is provisioned either directly or indirectly to a application or the list of applications that are viewable by the principal. Also returns true if the user or group is assigned any global roles. False is returned if the user does not have any roles assigned on the applications viewable by the principal.

Throws:

CSSAuthorizationException - - if the principal is not authorized to perform this operation. The principal does not have view access on the user/group specified or the application if specified.

CSSInvalidUserException - - if the user with the identity does not exist anymore.

CSSInvalidGroupException - - if the group with the identity does not exist anymore.

CSSInvalidIdentityException - - If the user or group with the specified identity does not exist.

CSSException - - any other abnormality.

CSSCommunicationException

getApplicationsForPrincipal

CSSApplicationInstance[] getApplicationsForPrincipal(java.util.Map context,
                                                     CSSPrincipalIF principal,
                                                     java.lang.String roleIdentity)
                                                     throws CSSInvalidIdentityException,
                                                            CSSCommunicationException,
                                                            CSSException

This is an EPM mode only API.

Gets the applications that this principal is associated with. A principal is associated with an application through a role. If the principal is not authorized for the application with the specified role then it is not returned. A principal also needs to have at least the CSSAPIIF.ROLE_PROVISIONING_MANAGER_IDENTITY role to see the application.

If the principal has the CSSAPIIF.ROLE_LCM_ADMINISTRATOR_IDENTITY role, all applications are returned. The roleIdentity is ignored in this case.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

roleIdentity - - the identity for the role. For instance, CSSAPIIF.ROLE_PROVISIONING_MANAGER_IDENTITY. Can be null if the principal has the CSSAPIIF.ROLE_LCM_ADMINISTRATOR_IDENTITY role.

Returns:

- an array of Application Instances. Empty if the conditions are not met.

Throws:

CSSInvalidIdentityException - if the identity argument is not valid or is malformed.

CSSException - any other abnormality.

CSSCommunicationException

getRolesForUserInApplication

java.lang.String[] getRolesForUserInApplication(java.util.Map context,
                                                CSSPrincipalIF principal,
                                                java.lang.String userIdentity,
                                                java.lang.String applicationId,
                                                boolean indirect)
                                                throws CSSAuthorizationException,
                                                       CSSInvalidIdentityException,
                                                       CSSInvalidUserException,
                                                       CSSCommunicationException,
                                                       CSSException

This is an EPM mode only API.

Gets the roles assigned to a user for an application. All the roles that are assigned to this user for this application are returned. A CSSAuthorizationException will be thrown if the specified principal does not have access to the user.

The aggregated roles are also returned along with their constituents.

If the user has any Hub Roles (like Administrator), then these are also returned.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

userIdentity - - the identity for the user

applicationId - - the id for the Application.

indirect - - if true then returns the roles assigned to this user through indirect associations such as through parent groups.

Returns:

String[] - the array of role identities. Empty if there are no roles to be returned.

Throws:

CSSAuthorizationException - - if the principal does not have VIEW access on the application or the user.

CSSInvalidUserException - - if the user with the identity does not exist anymore.

CSSInvalidIdentityException - - If the user with the specified identity does not exist

CSSException - - any other abnormality.

CSSCommunicationException

getRolesForGroupInApplication

java.lang.String[] getRolesForGroupInApplication(java.util.Map context,
                                                 CSSPrincipalIF principal,
                                                 java.lang.String groupIdentity,
                                                 java.lang.String applicationId,
                                                 boolean indirect)
                                                 throws CSSAuthorizationException,
                                                        CSSInvalidIdentityException,
                                                        CSSInvalidGroupException,
                                                        CSSCommunicationException,
                                                        CSSException

This is an EPM mode only API.

All the roles that are assigned to this group for this application are returned. A CSSAuthorizationException will be thrown if the specified principal does not have access to this group. The aggregated roles are also returned along with their constituents. If the group has any Hub Roles (like Administrator), then please pass in the hub application id to retrieve those..

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

groupIdentity - - the identity for the group

applicationId - - the id for the Application

indirect - - if true then returns the roles assigned to this group through indirect associations such as through parent groups.

Returns:

String[] - the array of role identities. Empty if there are no roles.

Throws:

CSSAuthorizationException - - if the principal does not have VIEW access on the application or the group.

CSSInvalidGroupException - - if the group with the identity does not exist anymore.

CSSInvalidIdentityException - - If the group with the specified identity does not exist

CSSException - - any other abnormality.

CSSCommunicationException

getRolesByProductType

CSSRoleIF[] getRolesByProductType(java.util.Map context,
                                  CSSPrincipalIF principal,
                                  java.lang.String productTypeIdentity,
                                  java.lang.String roleNameFilter,
                                  java.lang.String typeOfAccess)
                                  throws CSSIllegalArgumentException,
                                         CSSCommunicationException,
                                         CSSException

This is an EPM mode only API.

Gets the roles for this productType (both preconfigured as well as aggregated) that this principal has Provisioning Manager Role to. The productType could be "HFM-3.0.0" etc.

The roleName could contain a wildcard such as "*". This implies that all the matching roles in the directory need to be returned.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

productTypeIdentity - - specifies the identity of the product type. For instance: HFM-3.0.0.

roleNameFilter - - the filter for the role name.

typeOfAccess - - reserved for future use. Can be null.

Returns:

CSSRoleIF[] - the role instances. Empty if there are no roles.

Throws:

CSSIllegalArgumentException - - if the parameters are not valid. For instance: the productTypeIdentity is not valid.

CSSException - - any other abnormality.

CSSCommunicationException

getRolesByApplication

CSSRoleIF[] getRolesByApplication(java.util.Map context,
                                  CSSPrincipalIF principal,
                                  java.lang.String applicationId,
                                  java.lang.String roleName,
                                  java.lang.String typeOfAccess)
                                  throws CSSAuthorizationException,
                                         CSSCommunicationException,
                                         CSSException

This is an EPM mode only API.

Gets the roles registered by the Application that this principal has the Provisioning Manager role to.

The roleName could contain a wildcard such as "*". This implies that all the matching roles in the directory need to be returned.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

applicationId - - specifies the id for the application.

roleName - - the filter for the role name. Empty if the principal does not have the specified access on any of the roles.

typeOfAccess - - reserved for future use. Can be null.

Returns:

CSSRoleIF[] - the role instances. Empty if there are no roles to return.

Throws:

CSSAuthorizationException - - if the principal does not have at least VIEW access on the application.

CSSException - - any other abnormality.

CSSCommunicationException

getRoles

CSSRoleIF[] getRoles(java.util.Map context,
                     CSSPrincipalIF principal,
                     java.lang.String roleName,
                     java.lang.String typeOfAccess,
                     java.lang.String applicationId)
                     throws CSSAuthorizationException,
                            CSSCommunicationException,
                            CSSException

This is an EPM mode only API.

Gets the roles associated with this application. This method would be primarily useful when working with ACLS in terms of their creation or modification. The applicationId will specify one of the following:

1. applicationId
2. CSSAPIIF.SPECIFY_NONE: Roles across applications would be returned.

Role instances, and not identities are returned, as the search is on the name of the role.

The roleName could contain a wildcard such as "*". This implies that all the matching roles in the directory need to be returned.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

roleName - - the filter for the role name.

typeOfAccess - - reserved for future use. Can be null.

applicationId - - the id for the application. The roles are returned for the product that this application associated with.

Returns:

CSSRoleIF[] - the array of role instances. Empty if there are no entries to return.

Throws:

CSSAuthorizationException - - if the principal does not have at least VIEW access on the application

CSSException - - any other abnormality.

CSSCommunicationException

getRoles

CSSRoleIF[] getRoles(java.util.Map context,
                     CSSPrincipalIF principal,
                     com.hyperion.css.common.RoleSearchFilter roleSrchFilter)
                     throws CSSAuthorizationException,
                            CSSCommunicationException,
                            CSSException

This is an EPM mode only API.

Gets the roles associated with the query attributes like ROLENAME, PRODUCTNAME, and DESCRIPTION. These are obtained from role search filter passed as argument to this API. Role instances, and not identities are returned, as the search is on the name of the role.

The attribute could contain a wildcard such as "*". This implies that all the matching roles in the directory need to be returned.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

roleSrchFilter - - which contains the filter attributes and values.

Returns:

CSSRoleIF[] - the array of role instances. Empty if there are no entries to return.

Throws:

CSSAuthorizationException - - if the principal does not have at least VIEW access on the application

CSSException - - any other abnormality.

CSSCommunicationException

getRoleByIdentity

CSSRoleIF getRoleByIdentity(java.util.Map context,
                            CSSPrincipalIF principal,
                            java.lang.String roleIdentity)
                            throws CSSInvalidRoleException,
                                   CSSInvalidIdentityException,
                                   CSSCommunicationException,
                                   CSSException

This is an EPM mode only API.

Return the role with the specified identity.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

roleIdentity - - the identity of the role.

Returns:

CSSRoleIF - The role object for the specified identity.

Throws:

CSSInvalidRoleException - - the role specified by the identity does not exist.

CSSInvalidIdentityException - - If the identity specified is not valid.

CSSException - - Any other reasons.

CSSCommunicationException

getRoleByIdentity

@Deprecated
CSSRoleIF getRoleByIdentity(java.util.Map context,
                                       CSSPrincipalIF principal,
                                       java.lang.String roleIdentity,
                                       java.lang.String typeOfAccess)
                            throws CSSInvalidRoleException,
                                   CSSInvalidIdentityException,
                                   CSSCommunicationException,
                                   CSSException

Deprecated.

Use getRoleByIdentity(Map, CSSPrincipalIF, String) instead. This is an EPM mode only API.

Throws:

CSSInvalidRoleException

CSSInvalidIdentityException

CSSCommunicationException

CSSException

getUsers

CSSUserIF[] getUsers(java.util.Map context,
                     CSSPrincipalIF principal,
                     java.lang.String userName,
                     java.lang.String typeOfAccess,
                     java.lang.String applicationId)
                     throws CSSCommunicationException,
                            CSSException

This is an EPM mode only API.

Returns the users that the principal can view from across the providers. If an application ID is specified then the users returned are associated with the application. In order to be associated with an application, the user has to have a role for this application.

The context can specify the following:

1. CSSAPIIF.LOCALE
2. CSSAPIIF.ENTITY_DEACTIVATE - Deactivated users would be returned as well.

The applicationId will specify one of the following:

1. applicationId
2. CSSAPIIF.SPECIFY_NONE: if the user list required is not application specific. This will return a list of users from across directories.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

userName - - the userName. A filter can be specified here.

typeOfAccess - - the typeOfAccess can be CSSAPIIF.ACCESS_TYPE_VIEW or CSSAPIIF.ACCESS_TYPE_MANAGE.

applicationId - - the id for the application.

Returns:

if empty is returned then a user with the name specified does not exist.

Throws:

CSSCommunicationException - - if provider is specified with the name of the user viz. in the userName argument but is not reachable. For instance: "userName@providerName".

CSSException

getUserByIdentity

@Deprecated
CSSUserIF getUserByIdentity(java.util.Map context,
                                       CSSPrincipalIF principal,
                                       java.lang.String identity,
                                       java.lang.String applicationId,
                                       java.lang.String typeOfAccess)
                            throws CSSCommunicationException,
                                   CSSInvalidIdentityException,
                                   CSSInvalidUserException,
                                   CSSAuthorizationException,
                                   CSSUserNotProvisionedException,
                                   CSSException

Deprecated. - Use getUserByIdentity(Map, CSSPrincipalIF, String, String) instead. This is an EPM mode only API.

Throws:

CSSCommunicationException

CSSInvalidIdentityException

CSSInvalidUserException

CSSAuthorizationException

CSSUserNotProvisionedException

CSSException

getUserByIdentity

CSSUserIF getUserByIdentity(java.util.Map context,
                            CSSPrincipalIF principal,
                            java.lang.String identity,
                            java.lang.String applicationId)
                            throws CSSCommunicationException,
                                   CSSInvalidIdentityException,
                                   CSSInvalidUserException,
                                   CSSAuthorizationException,
                                   CSSUserNotProvisionedException,
                                   CSSException

This is an EPM mode only API. Returns the user with the specified identity provisioned to the specified application id. A CSSAuthorizationException will be thrown if the principal does not have access to this application.

The applicationId will specify one of the following:

1. applicationId: If the user is not associated with the application CSSUserNotProvisionedException will be thrown.
2. CSSAPIIF.SPECIFY_NONE: This will return the CSSUserIF irrespective of the users association with the application.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

identity - - the identity of the user.

applicationId - - the application Id.

Returns:

CSSUserIF - The user object for the specified identity.

Throws:

CSSCommunicationException - - If the provider is not reachable.

CSSInvalidIdentityException - - If the identity specified is not valid.

CSSUserNotProvisionedException - - If the user identity specified is not provisioned to the application specified.

CSSAuthorizationException - - If the principal does not have access to the application.

CSSInvalidUserException - - this implies that the user does not exist but must have existed at some time in the past.

CSSException - Any other reasons.

getUsersByIdentity

@Deprecated
java.util.List getUsersByIdentity(java.util.Map context,
                                             CSSPrincipalIF principal,
                                             java.util.List identities,
                                             java.lang.String applicationId,
                                             java.lang.String typeOfAccess)
                                  throws CSSCommunicationException,
                                         CSSInvalidIdentityException,
                                         CSSInvalidUserException,
                                         CSSAuthorizationException,
                                         CSSUserNotProvisionedException,
                                         CSSException

Deprecated. - Use getUsersByIdentity(Map, CSSPrincipalIF, List, String) instead. This is an EPM mode only API.

Throws:

CSSCommunicationException

CSSInvalidIdentityException

CSSInvalidUserException

CSSAuthorizationException

CSSUserNotProvisionedException

CSSException

getUsersByIdentity

java.util.List getUsersByIdentity(java.util.Map context,
                                  CSSPrincipalIF principal,
                                  java.util.List identities,
                                  java.lang.String applicationId)
                                  throws CSSCommunicationException,
                                         CSSInvalidIdentityException,
                                         CSSInvalidUserException,
                                         CSSAuthorizationException,
                                         CSSUserNotProvisionedException,
                                         CSSException

This is an EPM mode only API.

Returns users with specified identities provisioned to the specified application id. A CSSAuthorizationException will be thrown if the specified principal does not have access to the application.

The applicationId will specify one of the following:

1. applicationId: If the user is not associated with the application CSSUserNotProvisionedException will be thrown.
2. CSSAPIIF.SPECIFY_NONE: This will return the CSSUserIF irrespective of the users association with the application.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

identities - - A list of identities of users.

applicationId - - the application ID.

Returns:

List - A list of CSSUserIF objects if lookup for all identities is successful.

Throws:

CSSCommunicationException - - If the provider is not reachable.

CSSInvalidIdentityException - - If any one of the identities specified is not valid.

CSSUserNotProvisionedException - - If any of the user identitities specified is not provisioned to the application specified.

CSSAuthorizationException - If the principal is not authorized to view this application.

CSSInvalidUserException - - this implies that the user does not exist but must have existed at some time in the past.

CSSException - Any other reasons.

getAllProvisionedUsersInApp

CSSUserIF[] getAllProvisionedUsersInApp(java.util.Map context,
                                        CSSPrincipalIF principal,
                                        java.lang.String userName,
                                        java.lang.String typeOfAccess,
                                        java.lang.String applicationId)
                                        throws CSSCommunicationException,
                                               CSSException

Returns the users that the specified principal can view from across the providers that are associated with the application specified. Interest in a provider cannot be specified for this method. Please note that this returns all users that are provisioned to this app either directly or indirectly through group membership. In order to be associated with an application, the user has to have a role for this application.

The context can specify the following:

1. CSSAPIIF.LOCALE
2. CSSAPIIF.ENTITY_DEACTIVATE - (EPM Mode only) if specified, then the deactivated users will be returned as well.

The applicationId will specify the applicationId.

In Fusion Mode: This method will return all the users in the Identity Store matching the search criteria of userName parameter passed to the method. Any provisioning check will not be performed using typeOfAccess and fusion applicationId. This means that returned users may or may not have any application role for the given applicationId

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

userName - - the userName. A filter can be specified here.

typeOfAccess - - the typeOfAccess can be CSSAPIIF.ACCESS_TYPE_VIEW or CSSAPIIF.ACCESS_TYPE_MANAGE.

applicationId - - the id for the application.

Returns:

if empty is returned then a user with the name specified does not exist.

Throws:

CSSCommunicationException - - if any of the configured providers is not reachable.

CSSException

getAllProvisionedUsersInApp

CSSUserIF[] getAllProvisionedUsersInApp(java.util.Map context,
                                        CSSPrincipalIF principal,
                                        UserSearchFilter userSrchFilter,
                                        java.lang.String typeOfAccess,
                                        java.lang.String applicationId)
                                        throws CSSCommunicationException,
                                               CSSException

This is an EPM mode only API.

Returns the users that the specified principal can view from across the providers that are associated with the specified application and search filter passed in. Interest in a provider cannot be specified for this method. Please note that this returns all users that are provisioned to this app either directly or indirectly through group membership. In order to be associated with an application, the user has to have a role for this application.

UserSearchFilter contains user filter attributes and values like USERNAME, FIRSTNAME, LASTNAME, EMAIL, and DESCRIPTION. This supports wild card search, eg. the search for users based on *userName* should return all users matching this pattern.

when the attribute value is specified as "*" This implies that all the users in the directory need to be returned. The query can be based on any one of the above attributes.

Sample use of the application:

 <code>
 UserSearchFilter userSrchFilter = new UserSearchFilter(UserFilterAttribute.FIRSTNAME, "*j*");
 CSSUserIF[] users = upAPI.getAllProvisionedUsersInApp(context, principal, userSrchFilter, CSSAPIIF.ACCESS_TYPE_MANAGE, "HP1:HPLOCAL");
 </code>
 

The context can specify the following:

1. CSSAPIIF.LOCALE
2. CSSAPIIF.ENTITY_DEACTIVATE - if specified, then the deactivated users will be returned as well.

In Joyce, this method returns both active and inactive users and the CSSAPIIF.ENTITY_DEACTIVATE is not implemented.

The applicationId will specify the applicationId.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

userSrchFilter - - contains the search filter attribute and value.

typeOfAccess - - the typeOfAccess can be CSSAPIIF.ACCESS_TYPE_VIEW or CSSAPIIF.ACCESS_TYPE_MANAGE.

applicationId - - the id for the application.

Returns:

if empty list is returned then a user with the specified filter does not exist.

Throws:

CSSCommunicationException - - if any of the configured providers is not reachable.

CSSException

getGroups

@Deprecated
CSSGroupIF[] getGroups(java.util.Map context,
                                  CSSPrincipalIF principal,
                                  java.lang.String groupName,
                                  java.lang.String typeOfAccess,
                                  java.lang.String applicationId)
                       throws CSSCommunicationException,
                              CSSException

Deprecated. - Use getAllProvisionedGroupsInApp(Map, CSSPrincipalIF, String, String, String) This is an EPM mode only API.

Throws:

CSSCommunicationException

CSSException

getGroupByIdentity

@Deprecated
CSSGroupIF getGroupByIdentity(java.util.Map context,
                                         CSSPrincipalIF principal,
                                         java.lang.String identity,
                                         java.lang.String applicationId,
                                         java.lang.String typeOfAccess)
                              throws CSSCommunicationException,
                                     CSSInvalidIdentityException,
                                     CSSInvalidGroupException,
                                     CSSGroupNotProvisionedException,
                                     CSSAuthorizationException,
                                     CSSException

Deprecated. - Use getGroupByIdentity(Map, CSSPrincipalIF, String, String) instead. This is an EPM mode only API.

Throws:

CSSCommunicationException

CSSInvalidIdentityException

CSSInvalidGroupException

CSSGroupNotProvisionedException

CSSAuthorizationException

CSSException

getGroupByIdentity

CSSGroupIF getGroupByIdentity(java.util.Map context,
                              CSSPrincipalIF principal,
                              java.lang.String identity,
                              java.lang.String applicationId)
                              throws CSSCommunicationException,
                                     CSSInvalidIdentityException,
                                     CSSInvalidGroupException,
                                     CSSGroupNotProvisionedException,
                                     CSSAuthorizationException,
                                     CSSException

This is an EPM mode only API.

Returns the group with the specified identity provisioned to the specified application id. A CSSAuthorizationException will be thrown if the specified principal does have access to the application.

The applicationId will specify one of the following:

1. applicationId: If the group is not associated with the application CSSGroupNotProvisionedException will be thrown.
2. CSSAPIIF.SPECIFY_NONE: This will return the CSSGroupIF irrespective of the groups association with the application.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

identity - - the identity of the group.

applicationId - - the application Id.

Returns:

CSSGroupIF - The group object for the specified identity.

Throws:

CSSCommunicationException - - If the provider is not reachable.

CSSInvalidIdentityException - - If the identity specified is not valid.

CSSInvalidGroupException - - this implies that the group does not exist but must have existed at some time in the past.

CSSAuthorizationException - If the principal is not authorized to view this application.

CSSGroupNotProvisionedException - - If the group identity specified is not provisioned to the application specified.

CSSException - Any other reasons.

getAllProvisionedGroupsInApp

CSSGroupIF[] getAllProvisionedGroupsInApp(java.util.Map context,
                                          CSSPrincipalIF principal,
                                          java.lang.String groupName,
                                          java.lang.String typeOfAccess,
                                          java.lang.String applicationId)
                                          throws CSSCommunicationException,
                                                 CSSException

This is an EPM mode only API.

Returns the groups that the specified principal can view from across the providers that are associated with the application specified. Interest in a provider cannot be specified for this method. Please note that this returns all groups that are provisioned to this app either directly or indirectly through group membership. In order to be associated with an application, the group has to have a role for this application.

The context can specify the following:

1. CSSAPIIF.LOCALE

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

groupName - - the group Name. A filter can be specified here.

typeOfAccess - - the typeOfAccess can be CSSAPIIF.ACCESS_TYPE_VIEW or CSSAPIIF.ACCESS_TYPE_MANAGE.

applicationId - - the id for the application.

Returns:

if empty list is returned then a group with the name specified does not exist.

Throws:

CSSCommunicationException - - if any of the configured providers is not reachable.

CSSException

getAllProvisionedGroupsInApp

CSSGroupIF[] getAllProvisionedGroupsInApp(java.util.Map context,
                                          CSSPrincipalIF principal,
                                          GroupSearchFilter groupSrchFilter,
                                          java.lang.String typeOfAccess,
                                          java.lang.String applicationId)
                                          throws CSSCommunicationException,
                                                 CSSException

This is an EPM mode only API. Returns the groups that the specified principal can view from across the providers that are associated with the specified application and search filter passed in. Interest in a provider cannot be specified for this method. Please note that this returns all groups that are provisioned to this app either directly or indirectly through group membership.

GroupSearchFilter stores the search criteria for searching groups. Search is based on GroupFilterAttribute representing group filter attributes such as GROUPNAME / DESCRIPTION, groupFilter accepting wildcards In order to be associated with an application, the group has to have a role for this application.

Sample use of the application:

 <code>
 GroupSearchFilter groupSrchFilter = new GroupSearchFilter(GroupFilterAttribute.DESCRIPTION, "*v*");
 CSSGroupIF[] groups = upAPI.getAllProvisionedGroupsInApp(context, principal, groupSrchFilter, CSSAPIIF.ACCESS_TYPE_MANAGE, "HP1:HPLOCAL");
 </code>
 

The context can specify the following:

1. CSSAPIIF.LOCALE

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

groupSrchFilter - - contains the search filter attribute and value.

typeOfAccess - - the typeOfAccess can be CSSAPIIF.ACCESS_TYPE_VIEW or CSSAPIIF.ACCESS_TYPE_MANAGE.

applicationId - - the id for the application.

Returns:

if Empty List is returned then a group with the specified filter does not exist.

Throws:

CSSCommunicationException - - if any of the configured providers is not reachable.

CSSException

setRolesList

void setRolesList(java.util.Map context,
                  CSSPrincipalIF principal,
                  java.lang.String identity,
                  java.lang.String[] roles,
                  java.lang.String applicationId,
                  boolean add)
                  throws CSSCommunicationException,
                         CSSAuthorizationException,
                         CSSInvalidIdentityException,
                         CSSException

This is an EPM mode only API.

Sets the roles for this user or group. Check to make sure that the caller has the appropriate privileges on this application. A CSSAuthorizationException will be thrown if the principal does not have access to the identity specified. For assigning users and groups to Hub Global roles, please use the CSSAPIIF.HUB_APPLICATION_IDas the application id. For the roles that are specific to applications, please pass in the product's application id.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller

identity - - the identity of the user or group

roles - - the identities of the roles.

applicationId - - the id of the Application

add - - if true, then the roles are added to the existing roles. Otherwise, the existing roles are replaced.

Throws:

CSSCommunicationException

CSSAuthorizationException - - If the principal does not have access to the idenitity specified.

CSSInvalidIdentityException

CSSException

getProjectForApplication

java.lang.String getProjectForApplication(java.util.Map context,
                                          CSSPrincipalIF principal,
                                          java.lang.String applicationId)
                                          throws CSSCommunicationException,
                                                 CSSException

This is an EPM mode only API.

Gets the Project for the Application specified.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

applicationId - - the id of the Application.

Returns:

String

Throws:

CSSException

CSSCommunicationException

getUsersWithRoleInApplication

@Deprecated
CSSUserIF[] getUsersWithRoleInApplication(java.util.Map context,
                                                     CSSPrincipalIF principal,
                                                     java.lang.String userNameFilter,
                                                     java.lang.String roleIdentity,
                                                     java.lang.String applicationId,
                                                     java.lang.String typeOfAccess)
                                          throws CSSCommunicationException,
                                                 CSSException

Deprecated. - Use {@link CSSUserProvisioningAPIIF#getAllProvisionedUsersInApp(Map, CSSPrincipalIF, UserSearchFilter, String, String) or {@link CSSUserProvisioningAPIIF#getAllProvisionedUsersInApps(Map, CSSPrincipalIF, UserSearchFilter, CSSRoleInfo[], String) This is an EPM mode only API.

Throws:

CSSCommunicationException

CSSException

getGroupsWithRoleInApplication

@Deprecated
CSSGroupIF[] getGroupsWithRoleInApplication(java.util.Map context,
                                                       CSSPrincipalIF principal,
                                                       java.lang.String groupNameFilter,
                                                       java.lang.String roleIdentity,
                                                       java.lang.String applicationId,
                                                       java.lang.String typeOfAccess)
                                            throws CSSException

Deprecated. - Use getAllProvisionedGroupsInApps(Map, CSSPrincipalIF, GroupSearchFilter, CSSRoleInfo[], String) This is an EPM mode only API.

Throws:

CSSException

getRolesListForEntry

CSSAppEntryIF[] getRolesListForEntry(java.util.Map context,
                                     CSSPrincipalIF principal,
                                     java.lang.String entryIdentity,
                                     java.lang.String[] appIds,
                                     boolean indirect)
                                     throws CSSCommunicationException,
                                            CSSException

This is an EPM mode only API.

Returns the roles that this entry is assigned to within the context of the specified applications. A CSSAuthorizationException will be thrown if the entry identity is not accessible by the specified principal. Indirect would not be supported for Joyce and London.

The context can specify the following:

1. CSSAPIIF.LOCALE
2. CSSAPIIF.QUERY_LIMIT- If true, it limits the scope of the operations and would not return the name, email etc. of the user or group entries. If true, then the impact in terms of faster execution of the method would be seen especially when utilized with the indirect=false settings. In this case the query would not extend to any corporate directories.
3. CSSAPIIF.IGNORE_COMMUNICATION_EXCEPTIONflag required to ignore CSSCommunicationException to the caller, if this flag is not specified, it will abort the operation and throw CSSCommunicationException even if one or more providers are not reachable.

The entryIdentity will specify one of the following:

1. entryIdentity
2. CSSAPIIF.SPECIFY_ALL: Returns all the provisioned entries. Basically returns all entries that are provisoned to the applications specified.

This method will return CSSAppEntryIF[] for only valid App ID

If there are no user or group entries provisioned to an app then the corresponding CSSAppEntryIF returned would not have any associations with any users or groups - CSSAppEntryIF.getEntries() would be an empty array.
Please note that this method would not set any limits on the number of entries returned. All entries would be returned.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

entryIdentity - - the identity of the entry whose roles assignments are requested.

appIds - - the application ids array

indirect - - if true then returns the roles assigned to this entry through indirect associations such as through parent groups.

Returns:

- the array of CSSAppEntry[] that depicts the relationship between the entries and the applications through the roles. A CSSAppEntryIF object for each app would be returned even if there are no users or groups provisioned for that app.

Throws:

CSSCommunicationException - - if there is issue communicating to the corporate or Hyperion User Directory.

CSSException - - any other abonormality

getRolesListForEntries

CSSAppEntryIF[] getRolesListForEntries(java.util.Map context,
                                       CSSPrincipalIF principal,
                                       java.lang.String[] entryIdentities,
                                       java.lang.String[] appIds,
                                       boolean indirect)
                                       throws CSSCommunicationException,
                                              CSSAuthorizationException,
                                              CSSException

This is an EPM mode only API.

Returns the roles that these array of entries are assigned to within the context of the specified applications. A CSSAuthorizationException will be thrown if the entry identities is not accessible by the specified principal. Indirect would not be supported for Joyce.

The context can specify the following:

1. CSSAPIIF.LOCALE
2. CSSAPIIF.QUERY_LIMIT- If true, it limits the scope of the operations and would not return the name, email etc. of the user or group entries. If true, then the impact in terms of faster execution of the method would be seen especially when utilized with the indirect=false settings. In this case the query would not extend to any corporate directories.
3. CSSAPIIF.IGNORE_COMMUNICATION_EXCEPTIONflag that required to ignore CSSCommunicationException to the caller, if this flag is not specified, it will abort the operation and throw CSSCommunicationException even if one or more providers are not reachable.

If even one of the apps do not exist then an exception will be thrown.

If there are no user or group entries provisioned to an app then the corresponding CSSAppEntryIF returned would not have any associations with any users or groups - CSSAppEntryIF.getEntries() would be an empty array.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

entryIdentities - - the identities of the entries whose roles assignments are requested.

appIds - - the application ids array

indirect - - if true then returns the roles assigned to this entry through indirect associations such as through parent groups.

Returns:

- the array of CSSAppEntry[] that depicts the relationship between the entries and the applications through the roles. A CSSAppEntryIF object for each app would be returned even if there are no users or groups provisioned for that app.

Throws:

CSSCommunicationException - - if there is issue communicating to the corporate or Hyperion User Directory.

CSSAuthorizationException - - if the principal does not have access to the specified entry identities.

CSSException - - any other abonormality

getProvisionedApps

@Deprecated
java.lang.String[] getProvisionedApps(java.util.Map context,
                                                 CSSPrincipalIF principal,
                                                 java.lang.String identity)
                                      throws CSSException

Deprecated. - Use getProvisionedApplications(Map, CSSPrincipalIF, String, String[]) This is an EPM mode only API.

Throws:

CSSException

getProvisionedApps

@Deprecated
java.lang.String[] getProvisionedApps(java.util.Map context,
                                                 CSSPrincipalIF principal,
                                                 java.lang.String identity,
                                                 java.lang.String productCode)
                                      throws CSSException

Deprecated. - Use getProvisionedApplications(Map, CSSPrincipalIF, String, String[]) This is an EPM mode only API.

Throws:

CSSException

getProvisionedApplications

CSSApplicationInfoIF[] getProvisionedApplications(java.util.Map context,
                                                  CSSPrincipalIF principal,
                                                  java.lang.String identity,
                                                  java.lang.String[] productCodes)
                                                  throws CSSException

This is an EPM mode only API.

Returns an array containing CSSApplicationInfoIF objects for all applications in given products for which this user/group has been provisioned.

The context can specify the following:

1. CSSAPIIF.LOCALE

   Parameters:

   context - - Map structure holding key-value information about locale.

   principal - - the identity of the caller. Cannot be null.

   identity - - the identity of the user/group

   productCodes - - The product codes (such as HP, HFM) for which the provisioned applications are looked for - null to get for all applications.

   Returns:

   - An empty array if no applications are provisioned, else an array of CSSApplicationInfoIF objects.

   Throws:

   CSSException - -thrown when the operation is not successful.

getDelegatedEntries

java.lang.String[] getDelegatedEntries(java.util.Map context,
                                       CSSPrincipalIF principal,
                                       java.lang.String[] identities)
                                       throws CSSException

This is an EPM mode only API.

Returns the css identities that the principal has access to from the specified list of CSS identities. The identities can be either USER or GROUP identities. If an invalid identity is specified, it will be ignored and no invalid identity exception will be thrown.

CSSException will be thrown in case there is any problem getting the delegated lists for this principal.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

identities - - the identities of the users/groups

Returns:

- String array of identities that the principal can access. If the principal does not have access to any identities, it will return an empty array. It will return null if identities parameter is null.

Throws:

CSSIllegalArgumentException - - when principal is null

CSSException

getAllProvisionedUsersInApps

CSSUserIF[] getAllProvisionedUsersInApps(java.util.Map context,
                                         CSSPrincipalIF principal,
                                         UserSearchFilter userSrchFilter,
                                         com.hyperion.css.common.CSSRoleInfo[] rolesInfo,
                                         java.lang.String typeOfAccess)
                                         throws CSSException

This is an EPM mode only API.

Returns all the provisioned users in specified applications across providers. Note that the user will be returned if provisioned to any of the specified role in any specified application and matching the search filter passed in. Interest in a provider cannot be specified for this method. Please note that this returns all users that are provisioned to the specifed roles for these apps either directly or indirectly through group membership. In order to be associated with an application, the user has to have a role for this application.

UserSearchFilter contains user filter attributes and values like USERNAME, FIRSTNAME, LASTNAME, EMAIL, DESCRIPTION. This supports wild card search. Eg. The search for users based on *userName* should return all users matching this pattern.

When the attribute value is specified as "*" this implies that all the users in the directory need to be returned. The query can be based on any one of the above attributes.

Sample use of the application:

 <code>
 UserSearchFilter userSrchFilter = new UserSearchFilter(UserFilterAttribute.FIRSTNAME, "*j*");
 String[] hubRoles = new String[]{
                "native://DN=cn=HUB:15,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE", 
                CSSAPIIF.ROLE_CREATE_INTEGRATIONS_IDENTITY,
                CSSAPIIF.ROLE_PLANNING_APPLICATION_CREATOR_IDENTITY,
                CSSAPIIF.ROLE_PLANNING_CALCULATION_MANAGER_ADMINISTRATOR_IDENTITY,
                CSSAPIIF.ROLE_RUN_INTEGRATIONS_IDENTITY
        };
 String[] planningRoles = new String[]{
                "native://DN=cn=HP:0002,ou=HP,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE",
                "native://DN=cn=HP:0003,ou=HP,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE",
                "native://DN=cn=HP:0001,ou=HP,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE"
        };
 CSSRoleInfo[] rolesInfo = new CSSRoleInfo[]{
                new CSSRoleInfo("HUB:1111", hubRoles), 
                new CSSRoleInfo("HP:HPAPP",planningRoles)
        };
      
 CSSUserIF[] users = CSSSystem.getManager().getNativeProvider().getUsersForRolesInApps(context, 
                principal, userSrchFilter, rolesInfo, CSSAPIIF.ACCESS_TYPE_VIEW);
 </code>
 

The context can specify the following:

1. CSSAPIIF.LOCALE
2. CSSAPIIF.ENTITY_DEACTIVATE - if specified, then the deactivated users will be returned as well.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

userSrchFilter - - contains the search filter attribute and value.

typeOfAccess - - the typeOfAccess can be CSSAPIIF.ACCESS_TYPE_VIEW or CSSAPIIF.ACCESS_TYPE_MANAGE.

rolesInfo - - array of data structures which takes appId and roles array. Every rolesInfo element should specify at least one role in the roles array.

Returns:

Users that are provisioned to specified apps and any of the specified roles either directly or indirectly through group membership. Empty array is returned when a user with the specified filter does not exist.

Throws:

CSSCommunicationException - - if any of the configured providers is not reachable.

CSSException

getAllProvisionedGroupsInApps

CSSGroupIF[] getAllProvisionedGroupsInApps(java.util.Map context,
                                           CSSPrincipalIF principal,
                                           GroupSearchFilter groupSrchFilter,
                                           com.hyperion.css.common.CSSRoleInfo[] rolesInfo,
                                           java.lang.String typeOfAccess)
                                           throws CSSException

This is an EPM mode only API.

Returns all the provisioned groups in specified applications across providers. Note that the group will be returned if provisioned to any of the specified role in any specified application and matching the search filter passed in. Interest in a provider cannot be specified for this method. Please note that this returns all groups that are provisioned to these apps and any of the specified roles either directly or indirectly through group membership.

GroupSearchFilter stores the search criteria for searching groups. Search is based on GroupFilterAttribute representing group filter attributes such as GROUPNAME / DESCRIPTION, groupFilter accepting wildcards. In order to be associated with an application, the group has to have a role for this application.

Sample use of the application:

 <code>
 GroupSearchFilter groupSrchFilter = new GroupSearchFilter(GroupFilterAttribute.DESCRIPTION, "*v*");
 String[] hubRoles = new String[]{
                "native://DN=cn=HUB:15,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE", 
                CSSAPIIF.ROLE_CREATE_INTEGRATIONS_IDENTITY,
                CSSAPIIF.ROLE_PLANNING_APPLICATION_CREATOR_IDENTITY,
                CSSAPIIF.ROLE_PLANNING_CALCULATION_MANAGER_ADMINISTRATOR_IDENTITY,
                CSSAPIIF.ROLE_RUN_INTEGRATIONS_IDENTITY
       };
       String[] planningRoles = new String[]{
                "native://DN=cn=HP:0002,ou=HP,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE",
                "native://DN=cn=HP:0003,ou=HP,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE",
                "native://DN=cn=HP:0001,ou=HP,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE"
       };
       CSSRoleInfo[] rolesInfo = new CSSRoleInfo[]{
                new CSSRoleInfo("HUB:1111", hubRoles), 
                new CSSRoleInfo("HP:HPAPP",planningRoles)
       };
 
 CSSGroupIF[] groups = upAPI.getGroupsForRolesInApps(context, principal, groupSrchFilter, rolesInfo, CSSAPIIF.ACCESS_TYPE_VIEW);
 </code>
 

The context can specify the following:

1. CSSAPIIF.LOCALE

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

groupSrchFilter - - contains the search filter attribute and value.

typeOfAccess - - the typeOfAccess can be CSSAPIIF.ACCESS_TYPE_VIEW or CSSAPIIF.ACCESS_TYPE_MANAGE.

rolesInfo - - array of data structures which takes appId and roles array. Every rolesInfo element should specify at least one role in the roles array.

Returns:

Groups that are provisioned to specified apps and any of the specified roles either directly or indirectly through group membership. Empty array is returned when a group with the specified filter does not exist.

Throws:

CSSCommunicationException - - if any of the configured providers is not reachable.

CSSException

getProvisioningInfoForEntries

CSSProvisioningInfoIF getProvisioningInfoForEntries(java.util.Map context,
                                                    CSSPrincipalIF principal,
                                                    java.lang.String[] entryIdentities,
                                                    java.lang.String[] appIds,
                                                    boolean indirect)
                                                    throws CSSCommunicationException,
                                                           CSSException

This is an EPM mode only API. Returns provisioning info for the given entries within the context of the specified applications.

The context can specify the following:

1. CSSAPIIF.LOCALE
2. CSSAPIIF.SORT_RESULTS - Include this key to sort the users and groups.

   Note:- Adding this key will impact the performance based on size of the results.

If none of the user/group entries are provisioned to the specified applications, CSSProvisioningInfoIF returned would not have any users or groups - CSSProvisioningInfoIF.getProvisionedUsers() and CSSProvisioningInfoIF.getProvisionedGroups() would return an empty array.

Parameters:

context - - Map structure holding key-value information about locale and sort-results key.

principal - - Identity of the caller. Cannot be null.

entryIdentities - - Identities of the entries whose provisioning info are requested. Pass CSSAPIIF.SPECIFY_ALL to get provisioning info for all entries.

appIds - - An array of application ids.

indirect - - If true, return the provisioning info for the specified entries through indirect associations via parent groups. If false, return directly provisioned info for the specified entries.

Returns:

CSSProvisioningInfoIF - Holds provisioning info of users and groups.

Throws:

CSSCommunicationException - If there is an issue communicating with the Native Directory.

CSSException - If there is any other abonormality.

getProvisioningInfoForGroup

CSSProvisionedGroupIF getProvisioningInfoForGroup(java.util.Map context,
                                                  CSSPrincipalIF principal,
                                                  CSSGroupIF group,
                                                  java.lang.String[] appIds)
                                                  throws CSSCommunicationException,
                                                         CSSException

This is an EPM mode only API.

Returns provisioning information for the specified group within the context of specified applications.

NOTE:-

CSSProvisionedGroupIF.getParentGroupObjects() will not be supported.

Parameters:

context - - Map structure holding key-value information about locale and sort results key.

principal - - principal of the caller.

group - - group object of which provisioning info has to be queried.

appIds - - An array of application ids.

Returns:

CSSProvisionedGroupIF - Holds provisioning info of the group.

Throws:

CSSCommunicationException - - If there is an issue communicating to the Directory Server.

CSSException - - If there is any other abnormality.

Since:

9.3.1.0.13

getProvisioningInfoForUser

CSSProvisionedUserIF getProvisioningInfoForUser(java.util.Map context,
                                                CSSPrincipalIF principal,
                                                CSSUserIF user,
                                                java.lang.String[] appIds)
                                                throws CSSCommunicationException,
                                                       CSSException

This is an EPM mode only API.

Returns provisioning information for the specified user within the context of specified applications.

NOTE:-

CSSProvisionedUserIF.getGroupObjects() will not be supported.

Parameters:

context - - Map structure holding key-value information about locale and sort results key.

principal - - principal of the caller.

user - - user object to which provisioning info has to be queried.

appIds - - An array of application ids.

Returns:

CSSProvisionedUserIF - Holds provisioning info of the user.

Throws:

CSSCommunicationException - - If there is an issue communicating with the Directory Server.

CSSException - - If there is any other abnormality.

Since:

9.3.1.0.13

getRolesForEntries

java.util.Set<java.lang.String> getRolesForEntries(java.util.Map context,
                                                   CSSPrincipalIF principal,
                                                   java.util.Set<java.lang.String> entryIdentities,
                                                   java.lang.String applicationId)
                                                   throws CSSException

This will return both direct and indirect roles provisioned for the specified application.

Parameters:

context- - Map containing locale information

principal- - principal of the caller.

entryIdentities - - user or group entries for which to get the roles

applicationIds - - application identities for which to get the roles

Returns:

a set of role identities for the entries specified

Throws:

CSSException - - If there is an issue communicating with the Directory Server, or there is any other abnormality.

getApplicationsForProductType

java.util.Set<CSSApplicationInstance> getApplicationsForProductType(java.util.Map context,
                                                                    CSSPrincipalIF principal,
                                                                    java.lang.String productType)
                                                                    throws CSSException

Gets the application instances for the specified product type.

Parameters:

context- - Map containing locale information

principal- - principal of the caller.

productType- - product type for which to get the instances

Returns:

instance of applications having properties like name, owner, project, etc.

Throws:

CSSException - - If there is an issue communicating with the Directory Server, or there is any other abnormality.

getApplicationInstance

CSSApplicationInstance getApplicationInstance(java.util.Map context,
                                              CSSPrincipalIF principal,
                                              java.lang.String applicationID)
                                              throws CSSException

Gets the application instance from the specified application id.

Parameters:

context- - Map containing locale information

principal- - principal of the caller.

applicationID - - application identity for which to get the instance

Returns:

an instance of the application having properties like name, owner, project, etc.

Throws:

CSSException - - If there is an issue communicating with the Directory Server, or there is any other abnormality.

deleteApplication

void deleteApplication(java.util.Map context,
                       CSSPrincipalIF principal,
                       java.lang.String applicationID)
                       throws CSSException

This API is responsible to de-provision all the users and groups related to the applciation id. This will be called when ever application is de-registered from the CMS.

Parameters:

context - - Map containing locale information

principal - - principal of the caller.

applicationID - - applciation id, for which users and groups to be de-provisioned.

Throws:

CSSException

copyProvisioning

void copyProvisioning(java.util.Map context,
                      CSSPrincipalIF principal,
                      java.lang.String fromAppId,
                      java.lang.String toAppId)
                      throws CSSException

Copies the provisioning information from a source application to the destination application.

This is an EPM mode only API. These are some of the checks and behavior:

1. The applications are of the same product code and version.
2. The principal is a provisioning manager for the destination application.
3. The copy leads to the elimination of existing provisoining information of the destination appplication
4. The principal is associated as a provisioning manager of the destination application.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller

fromAppId - - the id of the source application

toAppId - - the id of the destination application

Throws:

CSSAuthorizationException - - if the principal is not the provisioning manager of the destination application

CSSException - - any other abnormality

deleteProduct

void deleteProduct(java.util.Map context,
                   CSSPrincipalIF principal,
                   java.lang.String productType)
                   throws CSSException

This is an EPM mode only API.

For internal use only. Invoked when a product is deleted. This call will ensure all roles for the product is clean in the Native Directory.

The context can specify the following:

1. locale

These properties are discussed in the field description for CSSAPIIF. Please note that if the locale is not specified, the default locale set for the system is used.

Parameters:

context - - Map structure holding key-value information about locale.

principal - - the identity of the caller. Cannot be null.

productType - - the productType value. Ex: HFM-4.0.0.

Throws:

CSSCommunicationException - - Thrown on communication problems.

CSSException - - any other abnormality.