|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface RoleManager
The RoleManager
API exposes the methods to manage Roles.
The Role
VO can be prepared for Create Role APIs as follows -
Use it with following APIs
create(Role)
createRequest(Role)
Role role = new Role();
To populate Catalog
into the Role
Catalog catalogAttributes = new Catalog();
catalogAttributes.setCertifiable(true);
role.setAttribute(RoleManagerConstants.CATALOG_ATTRIBUTES, catalogAttributes);
To add one or more parent roles
List<String> roleParents = new ArrayList<String>();
roleParents.add(roleParentKey1);
roleParents.add(roleParentKey2);
role.setAttribute(RoleManagerConstants.ROLE_PARENTS, roleParents);
To add static user memberships
listOfMembers = new ArrayList<RoleGrant>();
RoleGrant member = new RoleGrant(null, userKey);
Calendar c = Calendar.getInstance();
c.add(Calendar.DAY_OF_MONTH, 15);
Date startDate1 = c.getTime();
c.add(Calendar.DAY_OF_MONTH, 25);
Date endDate1 = c.getTime();
member.setAttribute(RoleManagerConstants.ROLE_GRANT_START_DATE, startDate1);
member.setAttribute(RoleManagerConstants.ROLE_GRANT_END_DATE, endDate1);
listOfMembers.add(member);
role.setAttribute(RoleManagerConstants.ROLE_MEMBERSHIPS, listOfMembers);
start/end date can be null. Any future start date will result in a pending grant which will happen when the start date arrives.
To add access policies for the role
List<String> accessPolicies = new ArrayList<String>();
accessPolicies.add(accessPolicyKey1);
accessPolicies.add(accessPolicyKey2);
role.setAttribute(RoleManagerConstants.ACCESS_POLICIES, accessPolicies);
To add organizations, you must create EntityPublication
objects
List<EntityPublication> entityPubs = new ArrayList<EntityPublication>();
entityPubs.add(new EntityPublication(null, PolicyConstants.Resources.ROLE, Long.valueOf(orgKey1), true)) ;
entityPubs.add(new EntityPublication(null, PolicyConstants.Resources.ROLE, Long.valueOf(orgKey2), true)) ;
role.setAttribute(RoleManagerConstants.ORGANIZATIONS_PUBLISHED_TO, entityPubs);
For role create, the roleKey will be null in EntityPublication. During role modify, the role key must be passed.
To pass a user membership rule
SearchRule searchRule = new SearchRule(UserManagerConstants.AttributeName.LASTNAME.getId(), "saini", SearchRule.Operator.EQUAL);
role.setAttribute(RoleManagerConstants.ROLE_USER_MEMBERSHIP_RULE.getId(), userMembershipRule);
The Role
VO can be prepared for Modify Role APIs similarly to Create Role, except for the following differences -
Use it with following APIs
modify(Role)
modify(Set, Role)
modify(String, Object, Role)
modifyRequest(Role)
modifyRequest(Set, Role)
modifyRequest(String, Object, Role)
To modify catalog
details
CatalogService catalogService = getService(CatalogService.class);
Catalog catalogAttributes = catalogService.getCatalogItemDetails(null, roleKey, OIMType.Role, null);
// Modify the catalog VO as required
catalogAttributes.setApproverUser("5");
catalogAttributes.setCertifiable(true);
attributes.put(RoleManagerConstants.CATALOG_ATTRIBUTES, catalogAttributes);
To update the organizations published to
//To delete existing publication, it must first be fetched
oracle.iam.platformservice.api.EntityPublicationService entityPubService = getService(oracle.iam.platformservice.api.EntityPublicationService.class);
List<EntityPublication> entityPubsAssigned = entityPubService.listEntityPublications(PolicyConstants.Resources.ROLE, roleKey, null);
Map<String, List<EntityPublication>> entityPubsMap = new HashMap<String, List<EntityPublication>>();
List<EntityPublication> entityPubsAddList = new ArrayList<EntityPublication> ();
List<EntityPublication> entityPubsUpdateList = new ArrayList<EntityPublication> ();
List<EntityPublication> entityPubsDeleteList = new ArrayList<EntityPublication> ();
entityPubsAddList.add(new EntityPublication(roleKey, PolicyConstants.Resources.ROLE, Long.valueOf(orgKey3), true));
entityPubsUpdateList.add(entityPubsAssigned.get(2));
entityPubsDeleteList.add(entityPubsAssigned.get(0));
entityPubsMap.put("ADD", entityPubsAddList);
entityPubsMap.put("UPDATE", entityPubsUpdateList);
entityPubsMap.put("DELETE", entityPubsDeleteList);
attributes.put(RoleManagerConstants.ORGANIZATIONS_PUBLISHED_TO,entityPubsMap);
UPDATE and DELETE must have entity publications fetched from backend with publicationID populated
To update parent roles. You can add Parents roles & remove existing parent roles .
Map<String, List<String>> roleParentsUpdate = new HashMap<String, List<String>> ();
List<String> deleteRoleParents = new ArrayList<String>();
deleteRoleParents.add(role1);
deleteRoleParents.add(role2);
List<String> addRoleParents = new ArrayList<String>();
addRoleParents.add(role3);
roleParentsUpdate.put(RoleManagerConstants.ADD, addRoleParents);
roleParentsUpdate.put(RoleManagerConstants.DELETE, deleteRoleParents);
role.setAttribute(RoleManagerConstants.ROLE_PARENTS, roleParentsUpdate);
To update static user memberships
addListOfMembers = new ArrayList<RoleGrant>();
updateListOfMembers = new ArrayList<RoleGrant>();
deleteListOfMembers = new ArrayList<RoleGrant>();
RoleGrant member = new RoleGrant(null, userKey);
Calendar c = Calendar.getInstance();
c.add(Calendar.DAY_OF_MONTH, 15);
Date startDate1 = c.getTime();
c.add(Calendar.DAY_OF_MONTH, 25);
Date endDate1 = c.getTime();
member.setAttribute(RoleManagerConstants.ROLE_GRANT_START_DATE, startDate1);
member.setAttribute(RoleManagerConstants.ROLE_GRANT_END_DATE, endDate1);
addListOfMembers.add(member);
Similarly prepare the updateListOfMembers and deleteListOfMembers. RoleGrant member = new RoleGrant(null, userKey);
updateListOfMembers.add(member);
RoleGrant member = new RoleGrant(null, userKey);
deleteListOfMembers.add(member);
Map<String, List<RoleGrant>> userMemberships = new HashMap<String, List<RoleGrant>>();
userMemberships.put(RoleManagerConstants.ADD, addListOfMembers);
userMemberships.put(RoleManagerConstants.UPDATE, updateListOfMembers);
userMemberships.put(RoleManagerConstants.DELETE, deleteListOfMembers);
role.setAttribute(RoleManagerConstants.ROLE_MEMBERSHIPS, userMemberships);
start/end date can be null. Any future start date will result in a pending grant which will happen when the start date arrives.
To update the access policies for the role
Map<String, List<String>> accessPoliciesMap = new HashMap<String, List<String>>();
List<String> accessPoliciesAddList = new ArrayList<String>();
List<String> accessPoliciesDeleteList = new ArrayList<String>();
accessPoliciesAddList.add(accessPolicy3);
accessPoliciesDeleteList.add(accessPolicy2);
accessPoliciesMap.put("ADD", accessPoliciesAddList);
accessPoliciesMap.put("DELETE", accessPoliciesDeleteList);
attributes.put(RoleManagerConstants.ACCESS_POLICIES, accessPoliciesMap);
To get all the details of the role, use the following APIs
getDetails(String, Object, Set)
getDetails(String, Set)
getDirectRoleParents(String, Set, Map)
getRoleParents(String, boolean)
Method Summary | |
---|---|
RoleManagerResult |
addRoleRelationship(java.lang.String parentAttrName, java.lang.Object parentAttrValue, java.lang.String childAttrName, java.lang.Object childAttrValue) Add a direct relationship between two roles, where the parent role is uniquely identified by the search criteria parentAttrName=parentAttrValue and the child role is uniquely identified by the search criteria childAttrName=childAttrValue . |
RoleManagerResult |
addRoleRelationship(java.lang.String roleParentKey, java.lang.String roleChildKey) Add a direct relationship between two roles. |
RoleManagerResult |
create(Role role) This method creates a role. |
java.lang.String |
createRequest(Role role) This method raises a request to create the role in the back end data store |
RoleManagerResult |
delete(java.util.Set roleKeys) Bulk delete operation. |
RoleManagerResult |
delete(java.lang.String roleKey) Delete the role. |
RoleManagerResult |
delete(java.lang.String attributeName, java.lang.Object attributeValue) This method deletes a role based on the search criteria attributeName=attributeValue . |
java.lang.String |
deleteRequest(java.util.Set roleKeys) Raises a request to delete all the specified roles. |
java.lang.String |
deleteRequest(java.lang.String roleKey) Raises a request to delete the role. |
java.lang.String |
deleteRequest(java.lang.String attributeName, java.lang.Object attributeValue) This method raises a request to delete a role based on the search criteria attributeName=attributeValue . |
Role |
getDetails(java.lang.String attributeName, java.lang.Object attributeValue, java.util.Set retAttrs) This method return the role details for a role based on the search criteria attributeName=attributeValue . |
Role |
getDetails(java.lang.String roleKey, java.util.Set retAttrs) Returns the profile details of the specified role. |
Role |
getDetails(java.lang.String roleKey, java.util.Set retAttrs, OperationContext opContext) Returns the profile details of the specified role. |
java.util.List |
getDirectRoleChildren(java.lang.String roleParentKey, java.util.Set retAttrs, java.util.Map configParams) Retrieve the roles direct children of the given role. |
java.util.List |
getDirectRoleParents(java.lang.String roleChildKey, java.util.Set retAttrs, java.util.Map configParams) Retrieve the roles who are the direct parents of the given role. |
java.util.List |
getDynamicRoleMembers(java.lang.String roleKey) Retrieve all the dynamic users members of the given role. |
java.util.List |
getDynamicRoleMembers(java.lang.String roleKey, java.util.Set retAttrs, java.util.Map configParams) Retrieve all the dynamic users members of the given role. |
java.util.List |
getPendingRoleGrants(java.lang.String roleKey, java.util.Set retAttrs, java.util.Map configParams) Retrieve the pending role grants of the given role. |
Relationship |
getPendingRoleUserRelationshipAttributes(java.lang.String roleKey, java.lang.String userKey, java.util.Set retAttrs) Lookup the attributes of a pending role grant. |
java.util.List |
getPendingUserGrants(java.lang.String userKey, java.util.Set retAttrs, java.util.Map configParams) Retrieve the pending role grants of the given user. |
java.util.List |
getRoleChildren(java.lang.String roleParentKey, boolean directAndIndirect) Retrieve the roles children of the given role. |
Relationship |
getRoleGrantDetails(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue, java.util.Set retAttrs) Lookup the attributes of a role grant, where the role is identified uniquely by the search criteria roleAttributeName=roleAttributeValue and the user is uniquely identified by the search criteria userAttributeName=userAttributeValue . |
Relationship |
getRoleGrantDetails(java.lang.String roleKey, java.lang.String userKey, java.util.Set retAttrs) Lookup the attributes of a role grant, associated between roleKey and userKey . |
java.util.List |
getRoleIndirectMembers(java.lang.String roleKey, SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams) Retrieve the indirect members (users) of the given role matching the specified SearchCriteria . |
java.util.List |
getRoleMembers(java.lang.String roleKey, boolean directAndIndirect) Retrieve all the users members of the given role. |
java.util.List |
getRoleMembers(java.lang.String roleKey, SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams, boolean directAndIndirect) Retrieve the users members of the given role matching the specified SearchCriteria . |
java.util.List |
getRoleParents(java.lang.String roleChildKey, boolean directAndIndirect) Retrieve the roles who are the parents of the given role. |
Relationship |
getRoleRelationshipDetails(java.lang.String parentAttrName, java.lang.Object parentAttrValue, java.lang.String childAttrName, java.lang.Object childAttrValue, java.util.Set retAttrs) Lookup the attributes of a role relationship, where the parent role is uniquely identified by the search criteria parentAttrName=parentAttrValue and the child role is uniquely identified by the search criteria childAttrName=childAttrValue . |
Relationship |
getRoleRelationshipDetails(java.lang.String roleParentKey, java.lang.String roleChildKey, java.util.Set retAttrs) Lookup the attributes of a role relationship. |
java.util.List |
getSimilarRoles(Role role) Finds similar roles based on entitlements. |
java.util.List |
getUnassignedRoleMembers(java.lang.String roleKey) Retrieve all the users that are not direct members of the given role. |
java.util.List |
getUnassignedRoleMembers(java.lang.String roleKey, SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams) Retrieve all the users that are not direct members of the given role matching the specified SearchCriteria . |
java.util.List |
getUnassignedUserMemberships(java.lang.String userKey, SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams) Retrieve all the roles that are not direct memberships of the given user matching the specified SearchCriteria . |
SearchRule |
getUserMembershipRule(java.lang.String roleKey) Returns the user membership rule for the specified Role |
java.util.List |
getUserMemberships(java.lang.String userKey, boolean directAndIndirect) Retrieve all the roles that the user is a member of. |
java.util.List |
getUserMemberships(java.lang.String userKey, SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams, boolean directAndIndirect) Retrieve the roles of the given user matching the specified SearchCriteria . |
java.util.List |
getUserRoleGrants(java.lang.String userKey, SearchCriteria criteria, java.util.Map configParams, boolean directAndIndirect, java.util.Set roleGrantRetAttrs, java.util.Set roleRetAttrs, java.util.Set userRetAttrs) Retrieve the role grants of the given user matching the specified SearchCriteria . |
RoleManagerResult |
grantRole(java.lang.String roleKey, java.util.List userKeys, java.util.List relationshipAttrs) Grant the role identified by roleKey to the specified user/s. |
RoleManagerResult |
grantRole(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue) Grant the role(s) are identified by the search criteria roleAttributeName=roleAttributeValue to the specified user(s) identified by the search criteria userAttributeName=userAttributeValue . |
RoleManagerResult |
grantRole(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue, java.util.Map relationshipAttrs) Grant the role uniquely identified by the search criteria roleAttributeName=roleAttributeValue to the specified user uniquely identified by the search criteria userAttributeName=userAttributeValue . |
RoleManagerResult |
grantRole(java.lang.String roleKey, java.util.Set userKeys) Grant the role identified by roleKey to the specified user(s). |
RoleManagerResult |
grantRole(java.lang.String roleKey, java.util.Set userKeys, boolean evaluatePolicies) Deprecated. |
RoleManagerResult |
grantRole(java.lang.String roleKey, java.util.Set userKeys, java.util.Map relationshipAttrs) Grant the role identified by roleKey to the specified user/s. |
RoleManagerResult |
grantRole(java.lang.String roleKey, java.util.Set userKeys, java.util.Map relationshipAttrs, boolean evaluatePolicies) Grant the role identified by roleKey to the specified user/s. |
java.lang.String |
grantRoleRequest(java.lang.String roleKey, java.util.List userKeys, java.util.List relationshipAttrs) Raises a request to grant the role identified by roleKey to the specified user/s. |
java.lang.String |
grantRoleRequest(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue) Raises a request to grant the role(s) are identified by the search criteria roleAttributeName=roleAttributeValue to the specified user(s) identified by the search criteria userAttributeName=userAttributeValue . |
java.lang.String |
grantRoleRequest(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue, java.util.Map relationshipAttrs) Raises a request to grant the role uniquely identified by the search criteria roleAttributeName=roleAttributeValue to the specified user uniquely identified by the search criteria userAttributeName=userAttributeValue . |
java.lang.String |
grantRoleRequest(java.lang.String roleKey, java.util.Set userKeys) Raises a request to grant the role identified by roleKey to the specified user/s. |
java.lang.String |
grantRoleRequest(java.lang.String roleKey, java.util.Set userKeys, java.util.Map relationshipAttrs) Raises a request to grant the role identified by roleKey to the specified user/s. |
RoleManagerResult |
grantRoles(java.lang.String userKey, java.util.Set roleKeys) Grant the roles identified by roleKeys to the user identified by userKey . |
RoleManagerResult |
grantRoles(java.lang.String userKey, java.util.Set roleKeys, java.util.Map relationshipAttrs) Grant the roles identified by roleKeys to the specified user. |
java.lang.String |
grantRolesRequest(java.lang.String userKey, java.util.Set roleKeys) Raises a request to grant the roles identified by roleKeys to the user identified by userKey . |
java.lang.String |
grantRolesRequest(java.lang.String userKey, java.util.Set roleKeys, java.util.Map relationshipAttrs) Raises a request to grant the roles identified by roleKeys to the specified user. |
boolean |
isPendingRoleGrant(java.lang.String roleKey, java.lang.String userKey) Return true if the user has the role granted in pending state. |
boolean |
isRoleDynamicallyGranted(java.lang.String roleKey, java.lang.String userKey) Return true if the user has the role dynamically granted. |
boolean |
isRoleGranted(java.lang.String roleKey, java.lang.String userKey, boolean directAndIndirect) Return true if the user has the role granted. |
boolean |
isRoleParent(java.lang.String parentRoleKey, java.lang.String roleChildKey, boolean directAndIndirect) Return true if the role has the given parent. |
RoleManagerResult |
modify(Role role) This method updates the existing role with the values specified. |
RoleManagerResult |
modify(java.util.Set roleKeys, Role role) Modifies roles in bulk. |
RoleManagerResult |
modify(java.lang.String attributeName, java.lang.Object attributeValue, Role role) This method modifies the role details for a role based on the search criteria attributeName=attributeValue . |
java.lang.String |
modifyRequest(Role role) This method raises a request to modify the existing role with the values specified. |
java.lang.String |
modifyRequest(java.util.Set roleKeys, Role role) Raises a request to modify roles in bulk. |
java.lang.String |
modifyRequest(java.lang.String attributeName, java.lang.Object attributeValue, Role role) This method raies a request to modify the role details for a role based on the search criteria attributeName=attributeValue . |
java.util.List |
previewDynamicUserMembership(java.lang.String roleKey, SearchRule userMembershipRule, java.util.Set retAttrs, java.util.Map configParams) Preview the user membership rule |
RoleManagerResult |
removeRoleRelationship(java.lang.String parentAttrName, java.lang.Object parentAttrValue, java.lang.String childAttrName, java.lang.Object childAttrValue) Remove a direct relationship between two roles, where the parent role is uniquely identified by the search criteria parentAttrName=parentAttrValue and the child role is uniquely identified by the search criteria childAttrName=childAttrValue . |
RoleManagerResult |
removeRoleRelationship(java.lang.String roleParentKey, java.lang.String roleChildKey) Remove a direct relationship between two roles. |
RoleManagerResult |
revokeRoleGrant(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue) Revoke the role uniquely identified by the search criteria roleAttributeName=roleAttributeValue for the specified user uniquely identified by the search criteria userAttributeName=userAttributeValue . |
RoleManagerResult |
revokeRoleGrant(java.lang.String roleKey, java.util.Set userKeys) Revoke the role identified by roleKey to the specified user(s). |
RoleManagerResult |
revokeRoleGrant(java.lang.String roleKey, java.util.Set userKeys, boolean evaluatePolicies) Deprecated. |
java.lang.String |
revokeRoleGrantRequest(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue) Raises a request to revoke the role uniquely identified by the search criteria roleAttributeName=roleAttributeValue for the specified user uniquely identified by the search criteria userAttributeName=userAttributeValue . |
java.lang.String |
revokeRoleGrantRequest(java.lang.String roleKey, java.util.Set userKeys) Raises a request to revoke the role identified by roleKey to the specified user(s). |
RoleManagerResult |
revokeRoleGrants(java.lang.String userKey, java.util.Set roleKeys) Revoke the roles identified by roleKeys to the user identified by userKey . |
java.lang.String |
revokeRoleGrantsRequest(java.lang.String userKey, java.util.Set roleKeys) Raises a request to revoke the roles identified by roleKeys to the user identified by userKey . |
java.util.List |
search(SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams) Searches for roles matching the specified SearchCriteria . |
java.util.List |
searchRoleHistory(java.lang.String roleKey, RoleManagerConstants.RoleHistoryType type, SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams) Search the role history for specific audit events/types of audit events. |
RoleManagerResult |
setPendingRoleUserRelationshipAttributes(java.lang.String roleKey, java.lang.String userKey, java.util.Map relationshipAttrs) Update the attributes of a pending role grant. |
java.lang.String |
setPendingRoleUserRelationshipAttributesRequest(java.lang.String roleKey, java.lang.String userKey, java.util.Map relationshipAttrs) Submits a request to update the attributes of a pending role grant. |
RoleManagerResult |
setUserMembershipRule(java.lang.String roleKey, SearchRule userMembershipRule) Sets the user membership rule on the specified Role |
RoleManagerResult |
setUserMembershipRule(java.lang.String roleKey, SearchRule userMembershipRule, boolean evaluateMembershipLater) Sets the user membership rule on the specified Role and membership is evaluated later if evaluateMembershipLater is passed as TRUE |
void |
updateEntityDefinition() This method updates UDF entry in Role.xml in MDS repository. |
RoleManagerResult |
updateRoleGrant(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue, java.util.Map args) Update a role grant, where the role is identified uniquely by the search criteria roleAttributeName=roleAttributeValue and the user is uniquely identified by the search criteria userAttributeName=userAttributeValue . |
RoleManagerResult |
updateRoleGrant(java.lang.String roleKey, java.lang.String userKey, java.util.Map args) Update a role grant. |
RoleManagerResult |
updateRoleRelationship(java.lang.String parentAttrName, java.lang.Object parentAttrValue, java.lang.String childAttrName, java.lang.Object childAttrValue, java.util.Map args) Update a relationship between two roles, where the parent role is uniquely identified by the search criteria parentAttrName=parentAttrValue and the child role is uniquely identified by the search criteria childAttrName=childAttrValue . |
RoleManagerResult |
updateRoleRelationship(java.lang.String roleKey, java.lang.String roleChildKey, java.util.Map args) Update a relationship between two roles. |
Method Detail |
---|
RoleManagerResult create(Role role) throws ValidationFailedException, AccessDeniedException, RoleAlreadyExistsException, RoleCreateException
role
- The attributes and values for this role. The id field of the role
should be null
, please see Role.Role(java.util.HashMap)
In addition to the setter methods, the following parameters can be passed:
List<String> which has the access policy keys
role.setAttribute(RoleManagerConstants.ACCESS_POLICIES, accessPolicies)
List<EntityPublication> to which the role needs to be published to
role.setAttribute(RoleManagerConstants.ORGANIZATIONS_PUBLISHED_TO, entityPubs);
List<HashMap<String, Serializable>> which has the user memberships
role.setAttribute(RoleManagerConstants.ROLE_MEMBERSHIPS, roleGrants);
List<String> which has the role parents
role.setAttribute(RoleManagerConstants.ROLE_PARENTS, roleParents);
catalogAttributes is a oracle.iam.catalog.vo.Catalog object
role.setAttribute(RoleManagerConstants.CATALOG_ATTRIBUTES, catalogAttributes);
userMembershipRule is a oracle.iam.platform.entitymgr.vo.SearchRule
role.setAttribute( RoleManagerConstants.RoleAttributeName.USER_MEMBERSHIP_RULE.getId(), userMembershipRule);
Detailed example in the javadoc at class level
ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleAlreadyExistsException
- if the role already exists.RoleCreateException
- if the orchestration fails for the create operation.java.lang.String createRequest(Role role) throws ValidationFailedException, AccessDeniedException, RoleAlreadyExistsException, RoleCreateException
role
- The attributes and values for this role. The id field of the role
should be null
, please see Role.Role(java.util.HashMap)
ValidationFailedException
- if validation fails during the request creation.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleAlreadyExistsException
- if the role already exists.RoleCreateException
- if the request creation fails for the create role operation.RoleManagerResult modify(Role role) throws ValidationFailedException, AccessDeniedException, RoleModifyException, NoSuchRoleException
role
- The attributes and values to update the role with. A non null
value is must for the role role
to identify the entity to be modified, Please see Role.Role(java.lang.String, java.util.HashMap)
. In addition to the setter methods, the following parameters can be passed:
Map<String, List<String>> accessPoliciesMap which contains the access policies to add and remove.
role.setAttribute(RoleManagerConstants.ACCESS_POLICIES, accessPoliciesMap)
Map<String, List<EntityPublication>> entityPubs of publications which needs to be added/updated/removed
role.setAttribute(RoleManagerConstants.ORGANIZATIONS_PUBLISHED_TO, entityPubs);
Map<String, List<RoleGrant>> roleGrants which has user memberships to be added/updated/removed.
role.setAttribute(RoleManagerConstants.ROLE_MEMBERSHIPS, roleGrants);
Map<String, List<String>> roleParents which has the role parents to be added/removed.
role.setAttribute(RoleManagerConstants.ROLE_PARENTS, roleParents);
catalogAttributes is a oracle.iam.catalog.vo.Catalog object
role.setAttribute(RoleManagerConstants.CATALOG_ATTRIBUTES, catalogAttributes);
userMembershipRule is a oracle.iam.platform.entitymgr.vo.SearchRule
role.setAttribute( RoleManagerConstants.RoleAttributeName.USER_MEMBERSHIP_RULE.getId(), userMembershipRule);
Detailed example in the javadoc at class level
ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleModifyException
- if the orchestration fails for modify operation.NoSuchRoleException
- if the role with given key is not found.java.lang.String modifyRequest(Role role) throws ValidationFailedException, AccessDeniedException, RoleModifyException, NoSuchRoleException
role
- The attributes and values to update the role with. A non null
value is must for the role role
to identify the entity to be modified, Please see Role.Role(java.lang.String, java.util.HashMap)
.ValidationFailedException
- if the validation fails during the request creation.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleModifyException
- if the request creation fails for modify role operation.NoSuchRoleException
- if the role with given key is not found.RoleManagerResult modify(java.lang.String attributeName, java.lang.Object attributeValue, Role role) throws ValidationFailedException, AccessDeniedException, RoleModifyException, NoSuchRoleException, SearchKeyNotUniqueException, RoleLookupException
attributeName=attributeValue
.attributeName
- The attribute name for the search criteriaattributeValue
- The attribute value for the search criteriarole
- The attributes and values to update the role with. The id field of the role
should be null
, please see Role.Role(java.util.HashMap)
.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleModifyException
- if the orchestration fails for modify operation.NoSuchRoleException
- if the role with given search criteria is not found.SearchKeyNotUniqueException
- if there is more than one role of the search criteriaRoleLookupException
- if there is an exception while doing the search.java.lang.String modifyRequest(java.lang.String attributeName, java.lang.Object attributeValue, Role role) throws ValidationFailedException, AccessDeniedException, RoleModifyException, NoSuchRoleException, SearchKeyNotUniqueException
attributeName=attributeValue
.attributeName
- The attribute name for the search criteriaattributeValue
- The attribute value for the search criteriarole
- The attributes and values to update the role with. The id field of the role
should be null
, please see Role.Role(java.util.HashMap)
.ValidationFailedException
- if the validation fails during the request creation.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleModifyException
- if the request creation fails for modify role operation.NoSuchRoleException
- if the role with given search criteria is not found.SearchKeyNotUniqueException
- if there is more than one role of the search criteriaRoleLookupException
- if there is an exception while doing the search.RoleManagerResult delete(java.lang.String attributeName, java.lang.Object attributeValue) throws SearchKeyNotUniqueException, ValidationFailedException, AccessDeniedException, RoleDeleteException, NoSuchRoleException, RoleLookupException
attributeName=attributeValue
.attributeName
- The attribute name for the search criteriaattributeValue
- The attribute value for the search criteriaSearchKeyNotUniqueException
- if there is more than one role of the search criteriaValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleDeleteException
- if the orchestration fails for delete operation.NoSuchRoleException
- if the role with given search criteria is not found.RoleLookupException
- if there is an exception while doing the search.java.lang.String deleteRequest(java.lang.String attributeName, java.lang.Object attributeValue) throws SearchKeyNotUniqueException, ValidationFailedException, AccessDeniedException, RoleDeleteException, NoSuchRoleException
attributeName=attributeValue
.attributeName
- The attribute name for the search criteriaattributeValue
- The attribute value for the search criteriaSearchKeyNotUniqueException
- if there is more than one role of the search criteriaValidationFailedException
- if the validation fails during the request creation.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleDeleteException
- if the request creation fails for delete role operation.NoSuchRoleException
- if the role with given search criteria is not found.RoleLookupException
- if there is an exception while doing the search.RoleManagerResult modify(java.util.Set roleKeys, Role role) throws ValidationFailedException, AccessDeniedException, RoleModifyException, NoSuchRoleException
roleKeys
set are updated with value of all bulk modifiable attribute specified in the map.roleKeys
- The keys of the roles whose profiles are to be updated.role
- The common set of attributes and values to update the roles with. The id field of the role
should be null
, please see Role.Role(java.util.HashMap)
.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleModifyException
- if the orchestration fails for modify operation.NoSuchRoleException
- if the role with given key is not found.java.lang.String modifyRequest(java.util.Set roleKeys, Role role) throws ValidationFailedException, AccessDeniedException, RoleModifyException, NoSuchRoleException
roleKeys
set are updated with value of all bulk modifiable attribute specified in the role object if the request is approved & completes successfully.roleKeys
- The keys of the roles whose profiles are to be updated.role
- The common set of attributes and values to update the roles with. The id field of the role
should be null
, please see Role.Role(java.util.HashMap)
.ValidationFailedException
- if the validation fails during the request creations.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleModifyException
- if the request creation fails for modify role operation.NoSuchRoleException
- if the role with given key is not found.RoleManagerResult delete(java.lang.String roleKey) throws ValidationFailedException, AccessDeniedException, RoleDeleteException, NoSuchRoleException
roleKey
- The key of the role to be deleted.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleDeleteException
- if the orchestration fails for delete operation.NoSuchRoleException
- if the role with given key is not found.java.lang.String deleteRequest(java.lang.String roleKey) throws ValidationFailedException, AccessDeniedException, RoleDeleteException, NoSuchRoleException
roleKey
- The key of the role to be deleted.ValidationFailedException
- if the validation fails during the request creation.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleDeleteException
- if the request creation fails for delete role operation.NoSuchRoleException
- if the role with given key is not found.RoleManagerResult delete(java.util.Set roleKeys) throws ValidationFailedException, AccessDeniedException, RoleDeleteException, NoSuchRoleException
roleKeys
- The keys of the roles to be deleted.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleDeleteException
- if the orchestration fails for delete operation.NoSuchRoleException
- if the role with given key is not found.java.lang.String deleteRequest(java.util.Set roleKeys) throws ValidationFailedException, AccessDeniedException, RoleDeleteException, NoSuchRoleException
roleKeys
- The keys of the roles to be deleted.ValidationFailedException
- if the validation fails during the request creation.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleDeleteException
- if the request creation fails for delete role operation.NoSuchRoleException
- if the role with given key is not found.Role getDetails(java.lang.String roleKey, java.util.Set retAttrs) throws AccessDeniedException, NoSuchRoleException, RoleLookupException
roleKey
- The key of the role who's details are required.retAttrs
- The set of attributes which are to be returned for each role. In addition to standard role attributes, the following can be passed RoleManagerConstants.ACCESS_POLICIES RoleManagerConstants.ORGANIZATIONS_PUBLISHED_TO RoleManagerConstants.CATALOG_ATTRIBUTES RoleManagerConstants.ROLE_USER_MEMBERSHIP_RULEretAttrs
of the role are returned otherwise NoSuchRoleException
exception is thrown.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleLookupException
- if there is an exception while doing the search.NoSuchRoleException
- if the role with given key is not found.Role getDetails(java.lang.String roleKey, java.util.Set retAttrs, OperationContext opContext) throws AccessDeniedException, NoSuchRoleException, RoleLookupException
roleKey
- The key of the role who's details are required.retAttrs
- The set of attributes which are to be returned for each role. In addition to standard role attributes, the following can be passed RoleManagerConstants.ACCESS_POLICIES RoleManagerConstants.ORGANIZATIONS_PUBLISHED_TO RoleManagerConstants.CATALOG_ATTRIBUTES RoleManagerConstants.ROLE_USER_MEMBERSHIP_RULEopContext
- Context of a request.retAttrs
of the role are returned otherwise NoSuchRoleException
exception is thrown.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleLookupException
- if there is an exception while doing the search.NoSuchRoleException
- if the role with given key is not found.java.util.List getSimilarRoles(Role role) throws RoleManagerException, AccessDeniedException
Note that since this API can be used during create and modify, the role
will not exist during create operation. Hence, it is expected it to be populated with the access policies for both create and modify scenario. Role key need not be available. However, for modify operation, if the role
vo doesn't have ALL its access policies and members populated, then the role key must be populated so the API can fetch the data. Role Name must be passed for modify, to filter out the passed role from the result.
role
- The role for whome similar roles are requiredValidationFailedException
AccessDeniedException
RoleManagerException
java.util.List search(SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams) throws AccessDeniedException, RoleSearchException
SearchCriteria
.criteria
- The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL, NOT_EQUAL and CONTAINS.retAttrs
- The set of attributes which are to be returned for each role.configParams
- Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.
The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.
The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to Role Name
by default.
The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.
AccessDeniedException
- if the logged-in user does not have the required authorization.RoleSearchException
- if there is an exception while doing the searchRole getDetails(java.lang.String attributeName, java.lang.Object attributeValue, java.util.Set retAttrs) throws SearchKeyNotUniqueException, AccessDeniedException, NoSuchRoleException, RoleLookupException
attributeName=attributeValue
.attributeName
- - The attribute name for the search criteriaattributeValue
- - The attribute value for the search criteriaretAttrs
- - The attributes to be returned for the role. In addition to standard role attributes, the following can be passed RoleManagerConstants.ACCESS_POLICIES RoleManagerConstants.ORGANIZATIONS_PUBLISHED_TO RoleManagerConstants.CATALOG_ATTRIBUTES RoleManagerConstants.ROLE_USER_MEMBERSHIP_RULESearchKeyNotUniqueException
- if there is more than one role of the search criteriaAccessDeniedException
- if the logged-in user does not have the required authorization.RoleSearchException
- if there is an exception while doing the searchNoSuchRoleException
- if the role with given search criteria is not foundRoleLookupException
- if there is an exception while doing the search.RoleManagerResult grantRole(java.lang.String roleKey, java.util.Set userKeys) throws ValidationFailedException, AccessDeniedException, RoleGrantException
roleKey
to the specified user(s).roleKey
- The id of the role to be granted.userKeys
- The id(s) of the user to whom to grant the role.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantException
- If operation fails.java.lang.String grantRoleRequest(java.lang.String roleKey, java.util.Set userKeys) throws ValidationFailedException, AccessDeniedException, RoleGrantException
roleKey
to the specified user/s.roleKey
- The id of the role to be granted.userKeys
- The id(s) of the user to whom to grant the role.ValidationFailedException
- if the validation fails during the request creation.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantException
- If request creation fails.
@Deprecated
RoleManagerResult grantRole(java.lang.String roleKey,
java.util.Set userKeys,
boolean evaluatePolicies)
throws ValidationFailedException,
AccessDeniedException,
RoleGrantException
roleKey
to the specified user(s).roleKey
- The id of the role to be granted.userKeys
- The id(s) of the user to whom to grant the role.evaluatePolicies
- Boolean to indicate whether to evaluate policies or not when user is granted to the roleValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantException
- If operation fails.RoleManagerResult revokeRoleGrant(java.lang.String roleKey, java.util.Set userKeys) throws ValidationFailedException, AccessDeniedException, RoleGrantRevokeException
roleKey
to the specified user(s).roleKey
- The id of the role to be revoked.userKeys
- The id(s) of the user to whom to revoke the role.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantRevokeException
- If operation fails.java.lang.String revokeRoleGrantRequest(java.lang.String roleKey, java.util.Set userKeys) throws ValidationFailedException, AccessDeniedException, RoleGrantRevokeException
roleKey
to the specified user(s).roleKey
- The id of the role to be revoked.userKeys
- The id(s) of the user to whom to revoke the role.ValidationFailedException
- if the validation fails during the request creation.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantRevokeException
- If request creation fails.
@Deprecated
RoleManagerResult revokeRoleGrant(java.lang.String roleKey,
java.util.Set userKeys,
boolean evaluatePolicies)
throws ValidationFailedException,
AccessDeniedException,
RoleGrantRevokeException
roleKey
- The id of the role to be revoked.userKeys
- The id(s) of the user to whom to revoke the role.evaluatePolicies
- Boolean to indicate whether to evaluate policies or not when user is revoked from the roleValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantRevokeException
- If operation fails.Relationship getRoleGrantDetails(java.lang.String roleKey, java.lang.String userKey, java.util.Set retAttrs) throws AccessDeniedException, NoSuchRoleGrantException, RoleGrantLookupException
roleKey
and userKey
.roleKey
- The id of the role whose grant we are looking up.userKey
- The id of the user whose grant we are looking up.retAttrs
- The attributes to lookup.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantLookupException
- If operation fails.NoSuchRoleGrantException
- If the grant doesn't existRoleManagerResult grantRoles(java.lang.String userKey, java.util.Set roleKeys) throws ValidationFailedException, AccessDeniedException, RoleGrantException
roleKeys
to the user identified by userKey
.userKey
- The key of the user to whom to grant the roles.roleKeys
- The keys of roles to be granted.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantException
- If operation fails.java.lang.String grantRolesRequest(java.lang.String userKey, java.util.Set roleKeys) throws ValidationFailedException, AccessDeniedException, RoleGrantException
roleKeys
to the user identified by userKey
.userKey
- The key of the user to whom to grant the roles.roleKeys
- The keys of roles to be granted.ValidationFailedException
- if the validation fails during the request creation.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantException
- If request creation fails.RoleManagerResult revokeRoleGrants(java.lang.String userKey, java.util.Set roleKeys) throws ValidationFailedException, AccessDeniedException, RoleGrantRevokeException
roleKeys
to the user identified by userKey
.userKey
- The key of the user to whom to revoke the roles.roleKeys
- The keys of the roles to be revoked.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantRevokeException
- If operation fails.java.lang.String revokeRoleGrantsRequest(java.lang.String userKey, java.util.Set roleKeys) throws ValidationFailedException, AccessDeniedException, RoleGrantRevokeException
roleKeys
to the user identified by userKey
.userKey
- The key of the user to whom to revoke the roles.roleKeys
- The keys of the roles to be revoked.ValidationFailedException
- if the validation during the request creation.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantRevokeException
- If request creation fails.RoleManagerResult updateRoleGrant(java.lang.String roleKey, java.lang.String userKey, java.util.Map args) throws ValidationFailedException, AccessDeniedException, RoleGrantUpdateException, NoSuchRoleGrantException
roleKey
- The key of the role whose grant we are updating.userKey
- The key of the user whose grant we are updating.args
- The attributes and values to update the role grant with.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantUpdateException
- If operation fails.NoSuchRoleGrantException
- If the role grant doesn't existjava.util.List getRoleMembers(java.lang.String roleKey, boolean directAndIndirect) throws AccessDeniedException, RoleMemberException
roleKey
- The key of the role whose members we are looking up.directAndIndirect
- The flag used to lookup the role members either directly or indirectly. If the directAndIndirect is false, returns only direct assigned members to role. If the directAndIndirect is true, returns both direct and indirect assigned members of given role.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleMemberException
- If operation fails.java.util.List getDynamicRoleMembers(java.lang.String roleKey) throws AccessDeniedException, RoleMemberException
roleKey
- The key of the role whose members we are looking up.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleMemberException
- If operation fails.java.util.List getDynamicRoleMembers(java.lang.String roleKey, java.util.Set retAttrs, java.util.Map configParams) throws AccessDeniedException, RoleMemberException
roleKey
- The key of the role whose members we are looking up.retAttrs
- The set of attributes which are to be returned for each user.configParams
- Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.
The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.
The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to User Key
by default.
The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.
AccessDeniedException
- if the logged-in user does not have the required authorization.RoleMemberException
- If operation fails.java.util.List getRoleMembers(java.lang.String roleKey, SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams, boolean directAndIndirect) throws AccessDeniedException, RoleMemberException
SearchCriteria
. This method returns both static as well as dynamic members.roleKey
- The key of the role whose members we are looking up.criteria
- The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL, NOT_EQUAL and CONTAINS.retAttrs
- The set of attributes which are to be returned for each user.configParams
- Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.
The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.
The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to User Key
by default.
The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.
directAndIndirect
- if the directAndIndirect is false returns only direct assigned members to role which are matched with search criteria.if the directAndIndirect is true returns both direct and indirect assigned members of given role which are matched with search criteria.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleMemberException
- If operation fails.java.util.List getPendingUserGrants(java.lang.String userKey, java.util.Set retAttrs, java.util.Map configParams) throws AccessDeniedException, RoleMemberException
userKey
- The key of the user whose pending role grants we are looking up.retAttrs
- The set of attributes which are to be returned for each role.configParams
- Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.
The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.
The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to User Key
by default.
The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.
List<RoleGrant>
which matched the search criteria. This list is filtered based on the attribute and entity permissions of the logged-in user.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleMemberException
- If operation fails.java.util.List getPendingRoleGrants(java.lang.String roleKey, java.util.Set retAttrs, java.util.Map configParams) throws AccessDeniedException, RoleMemberException
roleKey
- The key of the role whose pending members we are looking up.retAttrs
- The set of attributes which are to be returned for each user.configParams
- Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.
The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.
The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to User Key
by default.
The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.
List<RoleGrant>
which matched the search criteria. This list is filtered based on the attribute and entity permissions of the logged-in user.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleMemberException
- If operation fails.java.util.List getRoleIndirectMembers(java.lang.String roleKey, SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams) throws AccessDeniedException, RoleMemberException
SearchCriteria
.roleKey
- The key of the role whose indirect members we are looking up.criteria
- The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL, NOT_EQUAL and CONTAINS.retAttrs
- The set of attributes which are to be returned for each user.configParams
- Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.
The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.
The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to User Key
by default.
The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.
AccessDeniedException
- if the logged-in user does not have the required authorization.RoleMemberException
- If operation fails.java.util.List getUnassignedRoleMembers(java.lang.String roleKey) throws AccessDeniedException, RoleMemberException
roleKey
- The key of the role whose not direct members we are looking up.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleMemberException
- If operation fails.java.util.List getUnassignedRoleMembers(java.lang.String roleKey, SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams) throws AccessDeniedException, RoleMemberException
SearchCriteria
.roleKey
- The key of the role whose not direct members we are looking up.criteria
- The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL, NOT_EQUAL and CONTAINS.retAttrs
- The set of attributes which are to be returned for each user.configParams
- Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.
The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.
The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to User Key
by default.
The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.
AccessDeniedException
- if the logged-in user does not have the required authorization.RoleMemberException
- If operation fails.boolean isRoleGranted(java.lang.String roleKey, java.lang.String userKey, boolean directAndIndirect) throws AccessDeniedException, UserMembershipException
roleKey
- The key of the role whose memberships we are looking up.userKey
- The key of the user whose memberships we are looking up.directAndIndirect
- if true, checks for both direct and indirect memberships. if false, checks for only direct memberships.AccessDeniedException
- if the logged-in user does not have the required authorization.UserMembershipException
- If operation fails.boolean isRoleDynamicallyGranted(java.lang.String roleKey, java.lang.String userKey) throws AccessDeniedException, UserMembershipException
roleKey
- The key of the role whose memberships we are looking up.userKey
- The key of the user whose memberships we are looking up.AccessDeniedException
- if the logged-in user does not have the required authorization.UserMembershipException
- If operation fails.java.util.List getUserMemberships(java.lang.String userKey, boolean directAndIndirect) throws AccessDeniedException, UserMembershipException
userKey
- The key of the user whose memberships we are looking up.directAndIndirect
- The flag used to lookup the user memberships either directly or indirectly. If true, checks for both direct and indirect memberships. If false, checks for only direct memberships.AccessDeniedException
- if the logged-in user does not have the required authorization.UserMembershipException
- If operation fails.java.util.List getUserMemberships(java.lang.String userKey, SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams, boolean directAndIndirect) throws AccessDeniedException, UserMembershipException
SearchCriteria
. This method works for both static as well as dynamically granted roles. Note that this API only checks for direct and indirect memberships based on the directAndIndirect flag.userKey
- The key of the user whose memberships we are looking up.criteria
- The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL, NOT_EQUAL and CONTAINS.retAttrs
- The set of attributes which are to be returned for each role.configParams
- Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.
The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.
The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to User Key
by default.
The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.
directAndIndirect
- The flag used to lookup the user memberships either directly or indirectly. If true, checks for both direct and indirect memberships. If false, checks for only direct memberships.AccessDeniedException
- if the logged-in user does not have the required authorization.UserMembershipException
- If operation fails.java.util.List getUserRoleGrants(java.lang.String userKey, SearchCriteria criteria, java.util.Map configParams, boolean directAndIndirect, java.util.Set roleGrantRetAttrs, java.util.Set roleRetAttrs, java.util.Set userRetAttrs) throws AccessDeniedException, UserMembershipException, NoSuchRoleGrantException, RoleGrantLookupException, NoSuchUserException, UserLookupException
SearchCriteria
. This method works for both static as well as dynamically granted roles. Note that this API only checks for direct and indirect memberships based on the directAndIndirect flag.userKey
- The key of the user whose memberships we are looking up. Required.criteria
- The search criteria based on which roles will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL, NOT_EQUAL and CONTAINS.configParams
- Parameters to further configure the search operation. These parameters apply to the role entities. If configParams argument is null, defaults are all rows, in ascending order by role key. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.
The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.
The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to Role Key
by default.
The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.
directAndIndirect
- The flag used to lookup the user memberships either directly or indirectly. If true, checks for direct and indirect memberships. If false, only direct memberships are returned.roleGrantRetAttrs
- The set of attributes which are to be returned for each role grant. If null, all attributes are returned.roleRetAttrs
- The set of attributes which are to be returned for each role. If null, the role object is not returned.userRetAttrs
- The set of attributes which are to be returned for each user. If null, the user object is not returned.AccessDeniedException
- If the logged-in user does not have the required authorization.UserMembershipException
- If operation fails.RoleGrantLookupException
- If role grant lookup fails.NoSuchRoleGrantException
- If the grant doesn't existNoSuchUserException
- If the user does not exist.UserLookupException
- If the user lookup operation fails.java.util.List getUnassignedUserMemberships(java.lang.String userKey, SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams) throws AccessDeniedException, UserMembershipException
SearchCriteria
.userKey
- The key of the user whose not direct memberships we are looking up.criteria
- The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL, NOT_EQUAL and CONTAINS.retAttrs
- The set of attributes which are to be returned for each role.configParams
- Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.
The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.
The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to User Key
by default.
The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.
AccessDeniedException
- if the logged-in user does not have the required authorization.UserMembershipException
- If operation fails.RoleManagerResult addRoleRelationship(java.lang.String roleParentKey, java.lang.String roleChildKey) throws ValidationFailedException, AccessDeniedException, RoleRelationshipException
roleParentKey
- The key of the parent role in the relationship that we are creating.roleChildKey
- The key of the child role in the relationship that we are creating.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleRelationshipException
- If operation fails.RoleManagerResult removeRoleRelationship(java.lang.String roleParentKey, java.lang.String roleChildKey) throws ValidationFailedException, AccessDeniedException, RoleRelationshipRemoveException
roleParentKey
- The key of the parent role in the relationship that we are deleting.roleChildKey
- The key of the child role in the relationship that we are deleting.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleRelationshipRemoveException
- If operation fails.Relationship getRoleRelationshipDetails(java.lang.String roleParentKey, java.lang.String roleChildKey, java.util.Set retAttrs) throws AccessDeniedException, NoSuchRoleRelationshipException, RoleRelationshipLookupException
roleParentKey
- The key of the parent role in the relationship we are looking up.roleChildKey
- The key of the child role in the relationship we are looking up.retAttrs
- The attributes to lookup.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleRelationshipLookupException
- If operation fails.NoSuchRoleRelationshipException
- If the role relationship doesn't existRoleManagerResult updateRoleRelationship(java.lang.String roleKey, java.lang.String roleChildKey, java.util.Map args) throws ValidationFailedException, AccessDeniedException, RoleRelationshipUpdateException, NoSuchRoleRelationshipException
roleKey
- The key of the parent role in the relationship that we are updating.roleChildKey
- The key of the child role in the relationship that we are updating.args
- The attributes and values to update the role relationship with.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleRelationshipUpdateException
- If operation fails.NoSuchRoleRelationshipException
- If the relationship doesn't existjava.util.List getRoleChildren(java.lang.String roleParentKey, boolean directAndIndirect) throws AccessDeniedException, RoleMemberException
roleParentKey
- The key of the role whose relationships are looking up.directAndIndirect
- The flag used to lookup the role relationships either directly or indirectly. If true, returns all the children, including both direct and indirect. If false, returns only direct children.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleMemberException
- If operation fails.java.util.List getDirectRoleChildren(java.lang.String roleParentKey, java.util.Set retAttrs, java.util.Map configParams) throws AccessDeniedException, RoleMemberException
roleParentKey
- The key of the role whose children are looking up.retAttrs
- The set of attributes which are to be returned for each role.configParams
- Parameters to further configure the search operation. There are two configuration parameters. STARTROW, and ENDROW The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleMemberException
- If operation fails.boolean isRoleParent(java.lang.String parentRoleKey, java.lang.String roleChildKey, boolean directAndIndirect) throws AccessDeniedException, RoleMemberException
parentRoleKey
- The key of the role whose relationship we are looking up.directAndIndirect
- if true, checks for direct and indirect relationships. If false, checks for only direct relationships.roleChildKey
- The key of the role whose relationship we are looking up.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleMemberException
- If operation fails.java.util.List getRoleParents(java.lang.String roleChildKey, boolean directAndIndirect) throws AccessDeniedException, RoleMemberException
roleChildKey
- The key of the role whose parent we are looking up.directAndIndirect
- When set to false, will only return direct parents. When set to true, will return direct and indirect parents.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleMemberException
- If operation fails.java.util.List getDirectRoleParents(java.lang.String roleChildKey, java.util.Set retAttrs, java.util.Map configParams) throws AccessDeniedException, RoleMemberException
roleChildKey
- the key of the role whose parents are looking up.retAttrs
- The set of attributes which are to be returned for each role.configParams
- Parameters to further configure the search operation. There are two configuration parameters. STARTROW, and ENDROW The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleMemberException
- If operation fails.void updateEntityDefinition()
RoleManagerResult grantRole(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue) throws ValidationFailedException, AccessDeniedException, RoleGrantException, SearchKeyNotUniqueException, NoSuchRoleException, NoSuchUserException
roleAttributeName=roleAttributeValue
to the specified user(s) identified by the search criteria userAttributeName=userAttributeValue
.roleAttributeName
- The role attribute name for the search criteria.roleAttributeValue
- The role attribute value for the search criteria.userAttributeName
- The user attribute name for the search criteria.userAttributeValue
- The user attribute value for the search criteria.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required. authorization.RoleGrantException
- If operation fails.SearchKeyNotUniqueException
- if there is more than one roles or users for the given search criteria.NoSuchRoleException
- if the role with given search criteria is not found.NoSuchUserException
- if the user with given search criteria is not found.java.lang.String grantRoleRequest(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue) throws ValidationFailedException, AccessDeniedException, RoleGrantException, SearchKeyNotUniqueException, NoSuchRoleException, NoSuchUserException
roleAttributeName=roleAttributeValue
to the specified user(s) identified by the search criteria userAttributeName=userAttributeValue
.roleAttributeName
- The role attribute name for the search criteria.roleAttributeValue
- The role attribute value for the search criteria.userAttributeName
- The user attribute name for the search criteria.userAttributeValue
- The user attribute value for the search criteria.ValidationFailedException
- if the validation fails during the request creation.AccessDeniedException
- if the logged-in user does not have the required. authorization.RoleGrantException
- If request creation fails.SearchKeyNotUniqueException
- if there is more than one roles or users for the given search criteria.NoSuchRoleException
- if the role with given search criteria is not found.NoSuchUserException
- if the user with given search criteria is not found.Relationship getRoleGrantDetails(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue, java.util.Set retAttrs) throws AccessDeniedException, NoSuchRoleGrantException, RoleGrantLookupException, SearchKeyNotUniqueException, NoSuchRoleException, NoSuchUserException
roleAttributeName=roleAttributeValue
and the user is uniquely identified by the search criteria userAttributeName=userAttributeValue
.roleAttributeName
- The role attribute name for the search criteria.roleAttributeValue
- The role attribute value for the search criteria.userAttributeName
- The user attribute name for the search criteria.userAttributeValue
- The user attribute value for the search criteria.retAttrs
- The attributes to lookup.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantLookupException
- If operation fails.NoSuchRoleGrantException
- If the grant doesn't exist.SearchKeyNotUniqueException
- if there is more than one roles or users for the given search criteria.NoSuchRoleException
- if the role with given search criteria is not found.NoSuchUserException
- if the user with given search criteria is not found.RoleManagerResult updateRoleGrant(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue, java.util.Map args) throws ValidationFailedException, AccessDeniedException, RoleGrantUpdateException, NoSuchRoleGrantException, SearchKeyNotUniqueException, NoSuchRoleException, NoSuchUserException
roleAttributeName=roleAttributeValue
and the user is uniquely identified by the search criteria userAttributeName=userAttributeValue
.roleAttributeName
- The role attribute name for the search criteria.roleAttributeValue
- The role attribute value for the search criteria.userAttributeName
- The user attribute name for the search criteria.userAttributeValue
- The user attribute value for the search criteria.args
- The attributes and values to update the role grant with.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantUpdateException
- If operation fails.NoSuchRoleGrantException
- If the role grant doesn't exist.SearchKeyNotUniqueException
- if there is more than one roles or users for the given search criteria.NoSuchRoleException
- if the role with given search criteria is not found.NoSuchUserException
- if the user with given search criteria is not found.RoleManagerResult revokeRoleGrant(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue) throws ValidationFailedException, AccessDeniedException, RoleGrantRevokeException, SearchKeyNotUniqueException, NoSuchRoleException, NoSuchUserException
roleAttributeName=roleAttributeValue
for the specified user uniquely identified by the search criteria userAttributeName=userAttributeValue
.roleAttributeName
- The role attribute name for the search criteria.roleAttributeValue
- The role attribute value for the search criteria.userAttributeName
- The user attribute name for the search criteria.userAttributeValue
- The user attribute value for the search criteria.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantRevokeException
- If operation fails.SearchKeyNotUniqueException
- if there is more than one roles or users for the given search criteria.NoSuchRoleException
- if the role with given search criteria is not found.NoSuchUserException
- if the user with given search criteria is not found.java.lang.String revokeRoleGrantRequest(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue) throws ValidationFailedException, AccessDeniedException, RoleGrantRevokeException, SearchKeyNotUniqueException, NoSuchRoleException, NoSuchUserException
roleAttributeName=roleAttributeValue
for the specified user uniquely identified by the search criteria userAttributeName=userAttributeValue
.roleAttributeName
- The role attribute name for the search criteria.roleAttributeValue
- The role attribute value for the search criteria.userAttributeName
- The user attribute name for the search criteria.userAttributeValue
- The user attribute value for the search criteria.ValidationFailedException
- if the validation fails during the request creation.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantRevokeException
- If request creation fails.SearchKeyNotUniqueException
- if there is more than one roles or users for the given search criteria.NoSuchRoleException
- if the role with given search criteria is not found.NoSuchUserException
- if the user with given search criteria is not found.Relationship getRoleRelationshipDetails(java.lang.String parentAttrName, java.lang.Object parentAttrValue, java.lang.String childAttrName, java.lang.Object childAttrValue, java.util.Set retAttrs) throws AccessDeniedException, NoSuchRoleRelationshipException, RoleRelationshipLookupException, SearchKeyNotUniqueException, NoSuchRoleException
parentAttrName=parentAttrValue
and the child role is uniquely identified by the search criteria childAttrName=childAttrValue
.parentAttrName
- The parent role attribute name for the search criteria.parentAttrValue
- The parent role attribute value for the search criteria.childAttrName
- The child role attribute name for the search criteria.childAttrValue
- The child role attribute value for the search criteria.retAttrs
- The attributes to lookup.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleRelationshipLookupException
- If operation fails.NoSuchRoleRelationshipException
- If the role relationship doesn't exist.SearchKeyNotUniqueException
- if there is more than one roles for the given search criteria.NoSuchRoleException
- if the role with given search criteria is not found.RoleManagerResult addRoleRelationship(java.lang.String parentAttrName, java.lang.Object parentAttrValue, java.lang.String childAttrName, java.lang.Object childAttrValue) throws ValidationFailedException, AccessDeniedException, RoleRelationshipException, SearchKeyNotUniqueException, NoSuchRoleException
parentAttrName=parentAttrValue
and the child role is uniquely identified by the search criteria childAttrName=childAttrValue
.parentAttrName
- The parent role attribute name for the search criteria.parentAttrValue
- The parent role attribute value for the search criteria.childAttrName
- The child role attribute name for the search criteria.childAttrValue
- The child role attribute value for the search criteria.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleRelationshipException
- If operation fails.SearchKeyNotUniqueException
- if there is more than one roles for the given search criteria.NoSuchRoleException
- if the role with given search criteria is not found.RoleManagerResult removeRoleRelationship(java.lang.String parentAttrName, java.lang.Object parentAttrValue, java.lang.String childAttrName, java.lang.Object childAttrValue) throws ValidationFailedException, AccessDeniedException, RoleRelationshipRemoveException, SearchKeyNotUniqueException, NoSuchRoleException
parentAttrName=parentAttrValue
and the child role is uniquely identified by the search criteria childAttrName=childAttrValue
.parentAttrName
- The parent role attribute name for the search criteria.parentAttrValue
- The parent role attribute value for the search criteria.childAttrName
- The child role attribute name for the search criteria.childAttrValue
- The child role attribute value for the search criteria.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleRelationshipRemoveException
- If operation fails.SearchKeyNotUniqueException
- if there is more than one roles for the given search criteria.NoSuchRoleException
- if the role with given search criteria is not found.RoleManagerResult updateRoleRelationship(java.lang.String parentAttrName, java.lang.Object parentAttrValue, java.lang.String childAttrName, java.lang.Object childAttrValue, java.util.Map args) throws ValidationFailedException, AccessDeniedException, RoleRelationshipUpdateException, NoSuchRoleRelationshipException, SearchKeyNotUniqueException, NoSuchRoleException
parentAttrName=parentAttrValue
and the child role is uniquely identified by the search criteria childAttrName=childAttrValue
.parentAttrName
- The parent role attribute name for the search criteria.parentAttrValue
- The parent role attribute value for the search criteria.childAttrName
- The child role attribute name for the search criteria.childAttrValue
- The child role attribute value for the search criteria.args
- The attributes and values to update the role relationship with.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleRelationshipUpdateException
- If operation fails.NoSuchRoleRelationshipException
- If the relationship doesn't exist.SearchKeyNotUniqueException
- if there is more than one roles for the given search criteria.NoSuchRoleException
- if the role with given search criteria is not found.SearchRule getUserMembershipRule(java.lang.String roleKey) throws AccessDeniedException, NoSuchRoleException, RoleLookupException
roleKey
- The id of the role whose details are required.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleLookupException
- if there is an exception while doing the search.NoSuchRoleException
- if the role with given key is not found.RoleManagerResult setUserMembershipRule(java.lang.String roleKey, SearchRule userMembershipRule) throws ValidationFailedException, AccessDeniedException, RoleModifyException, NoSuchRoleException
roleKey
- The key of the role who's details are required.userMembershipRule
- User membership rule to set for this roleValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleModifyException
- if the orchestration fails for modify operation.NoSuchRoleException
- if the role with given key is not found.RoleManagerResult setUserMembershipRule(java.lang.String roleKey, SearchRule userMembershipRule, boolean evaluateMembershipLater) throws ValidationFailedException, AccessDeniedException, RoleModifyException, NoSuchRoleException
roleKey
- The key of the role who's details are required.userMembershipRule
- User membership rule to set for this roleevaluateMembershipLater
- if TRUE Membership is evaluated later. FALSE it is evaluated immediately in post process handler.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleModifyException
- if the orchestration fails for modify operation.NoSuchRoleException
- if the role with given key is not found.java.util.List previewDynamicUserMembership(java.lang.String roleKey, SearchRule userMembershipRule, java.util.Set retAttrs, java.util.Map configParams) throws ValidationFailedException, AccessDeniedException, RoleMemberException
roleKey
- the key of the role for which we want to preview the membersuserMembershipRule
- User membership rule to previewretAttrs
- The attributes to lookup.configParams
- Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.
The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.
The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional and is set to Display Name
by default.
The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING. This parameter is optional and is set to SortOrder.ASCENDING by default.
ValidationFailedException
- if the rule is syntactically incorrect.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleMemberException
- If operation fails.RoleManagerResult grantRole(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue, java.util.Map relationshipAttrs) throws ValidationFailedException, AccessDeniedException, RoleGrantException, SearchKeyNotUniqueException, NoSuchRoleException, NoSuchUserException
roleAttributeName=roleAttributeValue
to the specified user uniquely identified by the search criteria userAttributeName=userAttributeValue
.roleAttributeName
- The role attribute name for the search criteria.roleAttributeValue
- The role attribute value for the search criteria.userAttributeName
- The user attribute name for the search criteria.userAttributeValue
- The user attribute value for the search criteria.relationshipAttrs
- Map containing following keys: startDate
- Date on which Role should be auto-granted to User. If null
role is granted immediately. endDate
- Date on which Role should be auto-revoked from User. if null
role is never revoked. The dates are assumed to be in server timezone.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required. authorization.RoleGrantException
- If operation fails.SearchKeyNotUniqueException
- if there is more than one roles or users for the given search criteria.NoSuchRoleException
- if the role with given search criteria is not found.NoSuchUserException
- if the user with given search criteria is not found.RoleManagerResult grantRole(java.lang.String roleKey, java.util.Set userKeys, java.util.Map relationshipAttrs) throws ValidationFailedException, AccessDeniedException, RoleGrantException
roleKey
- The key of the role to be granted.userKeys
- The keys of the user to whom to grant the role.relationshipAttrs
- Map containing following keys: startDate
- Date on which Role should be auto-granted to User. If null
role is granted immediately. endDate
- Date on which Role should be auto-revoked from User. if null
role is never revoked. The dates are assumed to be in server timezone.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantException
- If operation fails.RoleManagerResult grantRole(java.lang.String roleKey, java.util.List userKeys, java.util.List relationshipAttrs) throws ValidationFailedException, AccessDeniedException, RoleGrantException
roleKey
- The key of the role to be granted.userKeys
- The keys of the user to whom to grant the role.relationshipAttrsList
- List of map - one for each user. Map containing following keys: startDate
- Date on which Role should be auto-granted to User. If null
role is granted immediately. endDate
- Date on which Role should be auto-revoked from User. if null
role is never revoked. The dates are assumed to be in server timezone.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantException
- If operation fails.RoleManagerResult grantRole(java.lang.String roleKey, java.util.Set userKeys, java.util.Map relationshipAttrs, boolean evaluatePolicies) throws ValidationFailedException, AccessDeniedException, RoleGrantException
roleKey
- The key of the role to be granted.userKeys
- The keys of the user to whom to grant the role.relationshipAttrs
- Map containing following keys: startDate
- Date on which Role should be auto-granted to User. If null
role is granted immediately. endDate
- Date on which Role should be auto-revoked from User. if null
role is never revoked. The dates are assumed to be in server timezone.evaluatePolicies
- Boolean to indicate whether to evaluate policies or not when user is granted to the roleValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantException
- If operation fails.java.lang.String grantRoleRequest(java.lang.String roleAttributeName, java.lang.Object roleAttributeValue, java.lang.String userAttributeName, java.lang.Object userAttributeValue, java.util.Map relationshipAttrs) throws ValidationFailedException, AccessDeniedException, RoleGrantException, SearchKeyNotUniqueException, NoSuchRoleException, NoSuchUserException
roleAttributeName=roleAttributeValue
to the specified user uniquely identified by the search criteria userAttributeName=userAttributeValue
.roleAttributeName
- The role attribute name for the search criteria.roleAttributeValue
- The role attribute value for the search criteria.userAttributeName
- The user attribute name for the search criteria.userAttributeValue
- The user attribute value for the search criteria.relationshipAttrs
- Map containing following keys: startDate
- Date on which Role should be auto-granted to User. If null
role is granted immediately. endDate
- Date on which Role should be auto-revoked from User. if null
role is never revoked. The dates are assumed to be in server timezone.ValidationFailedException
- if the validation fails during the request creation.AccessDeniedException
- if the logged-in user does not have the required. authorization.RoleGrantException
- If request creation fails.SearchKeyNotUniqueException
- if there is more than one roles or users for the given search criteria.NoSuchRoleException
- if the role with given search criteria is not found.NoSuchUserException
- if the user with given search criteria is not found.java.lang.String grantRoleRequest(java.lang.String roleKey, java.util.Set userKeys, java.util.Map relationshipAttrs) throws ValidationFailedException, AccessDeniedException, RoleGrantException
roleKey
- The key of the role to be granted.userKeys
- The keys of the user to whom to grant the role.relationshipAttrs
- Map containing following keys: startDate
- Date on which Role should be auto-granted to User. If null
role is granted immediately. endDate
- Date on which Role should be auto-revoked from User. if null
role is never revoked. The dates are assumed to be in server timezone.ValidationFailedException
- if the validation fails during the request creation.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantException
- If request creation fails.java.lang.String grantRoleRequest(java.lang.String roleKey, java.util.List userKeys, java.util.List relationshipAttrs) throws ValidationFailedException, AccessDeniedException, RoleGrantException
roleKey
- The key of the role to be granted.userKeys
- The keys of the user to whom to grant the role.relationshipAttrs
- Map containing following keys: startDate
- Date on which Role should be auto-granted to User. If null
role is granted immediately. endDate
- Date on which Role should be auto-revoked from User. if null
role is never revoked. The dates are assumed to be in server timezone. The list is assumed to contain one map entry for each user in userKeys. If the map entries do not match the number of users, then dates will be assumed null for them.ValidationFailedException
- if the validation fails during the request creation.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantException
- If request creation fails.RoleManagerResult grantRoles(java.lang.String userKey, java.util.Set roleKeys, java.util.Map relationshipAttrs) throws ValidationFailedException, AccessDeniedException, RoleGrantException
userKey
- The key of the user to whom to grant the roles.roleKeys
- The keys of roles to be granted.relationshipAttrs
- Map containing following keys: startDate
- Date on which Role should be auto-granted to User. If null
role is granted immediately. endDate
- Date on which Role should be auto-revoked from User. if null
role is never revoked. The dates are assumed to be in server timezone.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantException
- If operation fails.java.lang.String grantRolesRequest(java.lang.String userKey, java.util.Set roleKeys, java.util.Map relationshipAttrs) throws ValidationFailedException, AccessDeniedException, RoleGrantException
userKey
- The key of the user to whom to grant the roles.roleKeys
- The keys of roles to be granted.relationshipAttrs
- Map containing following keys: startDate
- Date on which Role should be auto-granted to User. If null
role is granted immediately. endDate
- Date on which Role should be auto-revoked from User. if null
role is never revoked. The dates are assumed to be in server timezone.ValidationFailedException
- if the validation fails during the request creation.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantException
- If request creation fails.Relationship getPendingRoleUserRelationshipAttributes(java.lang.String roleKey, java.lang.String userKey, java.util.Set retAttrs) throws AccessDeniedException, NoSuchRoleGrantException, RoleGrantLookupException
roleKey
- The key of the role whose grant we are looking up.userKey
- The key of the user whose grant we are looking up.retAttrs
- The attributes to lookup.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantLookupException
- If operation fails.NoSuchRoleGrantException
- If the grant doesn't existRoleManagerResult setPendingRoleUserRelationshipAttributes(java.lang.String roleKey, java.lang.String userKey, java.util.Map relationshipAttrs) throws ValidationFailedException, AccessDeniedException, RoleGrantUpdateException, NoSuchRoleGrantException
roleKey
- The key of the role whose grant we are updating.userKey
- The key of the user whose grant we are updating.relationshipAttrs
- The attributes and values to update the pending role grant relationship with.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantUpdateException
- If operation fails.NoSuchRoleGrantException
- If the role grant doesn't existjava.lang.String setPendingRoleUserRelationshipAttributesRequest(java.lang.String roleKey, java.lang.String userKey, java.util.Map relationshipAttrs) throws ValidationFailedException, AccessDeniedException, RoleGrantException, NoSuchRoleGrantException
roleKey
- The key of the role whose grant we are updating.userKey
- The key of the user whose grant we are updating.relationshipAttrs
- The attributes and values to update the pending role grant relationship with.ValidationFailedException
- if the validation during the orchestration process fails.AccessDeniedException
- if the logged-in user does not have the required authorization.RoleGrantUpdateException
- If operation fails.NoSuchRoleGrantException
- If the role grant doesn't existRoleGrantException
boolean isPendingRoleGrant(java.lang.String roleKey, java.lang.String userKey) throws AccessDeniedException, UserMembershipException
roleKey
- The key of the role whose memberships we are looking up.userKey
- The key of the user whose memberships we are looking up.AccessDeniedException
- if the logged-in user does not have the required authorization.UserMembershipException
- If operation fails.java.util.List searchRoleHistory(java.lang.String roleKey, RoleManagerConstants.RoleHistoryType type, SearchCriteria criteria, java.util.Set retAttrs, java.util.Map configParams) throws AccessDeniedException, RoleManagerException
roleKey
- Role keytype
- Type of History to be fetchedcriteria
- The criteria can be used to filter the type of history you wantretAttrs
- List of attribute the search should return.configParams
- Parameters to further configure the search operation. There are two configuration parameters. STARTROW, and ENDROW The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.AuditEvents
matching the search criteria.AccessDeniedException
RoleManagerException
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |