AdminRoleService (Oracle Fusion Middleware Java API Reference for Oracle Identity Manager)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

oracle.iam.platform.authopss.api
Interface AdminRoleService

All Known Subinterfaces:: AdminRoleServiceInternal

public interface AdminRoleService

Service interface to query admin roles defined in an OIM installation and manage scoped user memberships in these roles.

Since:: OIM R2 (11.1.2.0.0)
See Also:: AdminRoleMembership

Method Summary
`AdminRoleMembership`	`addAdminRoleMembership(AdminRoleMembership membership)` Adds an admin role membership.
`AdminRoleVO`	`createAdminRole(AdminRoleVO compAdminRole)` The API creates the Admin Role based on AdminRoleVO.
`AdminRole`	`getAdminRole(java.lang.String roleName)` Returns a a admin role matching the given name (case-insensitive).
`AdminRole`	`getAdminRoleForID(java.lang.String roleId)` Returns a a admin role matching the given name (case-insensitive).
`java.util.List`	`getAdminRoles()` Returns list of admin roles available in an installation
`java.util.List`	`getAdminRoles(java.lang.String scopeId)` Returns list of admin roles available within the context of the passed scope-id.
`java.util.List`	`getAdminRolesForUser(java.lang.String userId, java.util.Map paramsMap)` Get the list of admin roles for passed userId
`AdminRoleVO`	`getAdminRoleVO(java.lang.String adminRoleId)` Returns the admin-role value object for the given admin role Id.
`java.util.List`	`getCapabilities(PolicyConstants.Resources resourceType, Capability.Type capType)` Returns list of capabilities available in an installation for the given capability-type.
`java.util.List`	`getCapabilities(PolicyConstants.Resources resourceType, java.util.List actions)` Returns the list of capabilities for a given resource-type and actions.
`java.util.List`	`getCapabilitiess(PolicyConstants.Resources resourceType)` Returns list of capabilities available in an installation for a given resource-type.
`java.util.List`	`getCapabilitiess(PolicyConstants.Resources resourceType, PolicyConstants.Actions action)` Returns list of capabilities available in an installation for a given resourceType and action
`java.util.List`	`getCapabilitiess(java.lang.String adminRoleName)` This method will return the associated capability with an admin role.
`Capability`	`getCapability(java.lang.String resourceType, java.lang.String action)` Returns list of capabilities available in an installation for a given resourceType and action
`Capability`	`getCapabilityForID(java.lang.String capabilityId)` Returns list of capabilities available in an installation for a given resourceType and action
`java.util.List`	`getGlobalAdminRoles()` Returns a list of admin roles which can only be assigned in scope of Top organization.
`java.util.List`	`getScopedAdminRoles()` Returns list of admin roles which are usually assigned in the context of non-Top organization.
`java.util.List`	`getUsersAssigned(java.lang.String adminRoleId, java.util.Set retAttrs, java.util.HashMap configParams)` Returns the list of User identities assigned to the admin-role
`java.util.List`	`getUsersAssignedWithScope(java.lang.String adminRoleId, java.util.Set retAttrs, java.util.HashMap configParams, java.lang.String scopeId)` Returns the list of User identities assigned to the admin-role
`boolean`	`isAuthorizationRequired()` Convenience method to check if Authorization checks are required or not.
`java.util.List`	`listMembershipsForUserByRoleName(java.lang.String userId, java.util.List roleName)` Returns a list of user's admin role memberships based on role names..
`java.util.List`	`listMembershipsInScope(java.lang.String scopeId, java.lang.String roleName, boolean includeHierarchy, java.util.Map paramsMap)` Returns a list of admin role membership in the given scope.
`java.util.List`	`listUsersMembership(java.util.List lstUserId, java.lang.String roleName, java.lang.String scopeId, boolean includeHierarchy, java.util.Map paramsMap)` Returns a list of user's admin role memberships based on the parameters.
`java.util.List`	`listUsersMembership(java.lang.String userId, java.lang.String roleName, java.lang.String scopeId, boolean includeHierarchy, java.util.Map paramsMap)` Returns a list of user's admin role memberships based on the parameters.
`java.util.List`	`listUsersMembership(java.lang.String userId, java.lang.String roleName, java.lang.String scopeId, java.util.Map paramsMap)` Returns a list of user's admin role memberships based on the parameters.
`void`	`modifyAdminRole(AdminRoleVO compAdminRole)` The API modifies the adminRole data.
`boolean`	`removeAdminRole(AdminRole adminRole)` Removes a custom admin role from the application.
`boolean`	`removeAdminRoleMembership(AdminRoleMembership membership)` Removes a admin role membership.
`java.util.List`	`search(SearchCriteria sc, java.util.Map controlParams)` Returns a list of admin roles as per the organization scoping based on the parameters.
`boolean`	`updateRoleMemberships(AdminRoleMembership roleMembership)` Method to update the role memberships.

Method Detail

getAdminRoles

java.util.List getAdminRoles()

Returns list of admin roles available in an installation

Returns:: list of admin roles

getScopedAdminRoles

java.util.List getScopedAdminRoles()

Returns list of admin roles which are usually assigned in the context of non-Top organization. Though these admin roles can be assigned with scope of Top, but due to their entity specific administration capabilities it is best to assign them in scope of non-Top organization.

Returns:: list of admin roles which must be asigned within a valid organization scope.

getGlobalAdminRoles

java.util.List getGlobalAdminRoles()

Returns a list of admin roles which can only be assigned in scope of Top organization. These administration roles can control virtually every aspect of OIM. System Administrator, System Configurator are examples of global admin roles. .

Returns:: a list of admin roles which should be assigned within Top organization scope.

getAdminRole

AdminRole getAdminRole(java.lang.String roleName)

Returns a a admin role matching the given name (case-insensitive). Null, if admin role is not found for the given name. Partial match is not supported.

Parameters:: roleName - name of the admin role, required, not-null
Returns:: admin role matching given name, or null

getAdminRoleForID

AdminRole getAdminRoleForID(java.lang.String roleId)

Returns a a admin role matching the given name (case-insensitive). Null, if admin role is not found for the given name. Partial match is not supported.

Parameters:: roleId - id of the admin role, required, not-null
Returns:: admin role matching given name, or null

removeAdminRole

boolean removeAdminRole(AdminRole adminRole)

Removes a custom admin role from the application. The admin role passed should be the object returned by the get/list/search APIs to ensure that proper keys are populated in the object, so that correct checks are performed and relationships correctly resolved.

Parameters:: adminRole - role to be removed from the application
Returns:: true, if role was removed successfuly, otherwise false.

addAdminRoleMembership

AdminRoleMembership addAdminRoleMembership(AdminRoleMembership membership)

Adds an admin role membership.

Parameters:: membership - a valid membership to add, required
Returns:: membership that got added
Throws:: java.lang.IllegalArgumentException - this runtime exception will be thrown if admin role is global scoped and membership is attempted within a non-Top scope.

removeAdminRoleMembership

boolean removeAdminRoleMembership(AdminRoleMembership membership)

Removes a admin role membership. The admin role membership object passed should be the object returned by the get/list/search APIs to ensure that proper keys are populated in the object, so that correct checks are performed and relationships correctly resolved.

Parameters:: membership - a valid membership to be removed, required
Returns:: -true, if delete successful, false otherwise.

listUsersMembership

java.util.List listUsersMembership(java.util.List lstUserId,
                                   java.lang.String roleName,
                                   java.lang.String scopeId,
                                   boolean includeHierarchy,
                                   java.util.Map paramsMap)

Returns a list of user's admin role memberships based on the parameters.

Parameters:: lstUserId - optional, list of valid user-id; roleName - optional, the admin role name.; scopeId - optional, specific scope filter.; includeHierarchy - this parameter is honored only when a valid scope id is passed. if true then include any user's memberships to scope's parent, otherwise include direct scope assignment.; paramsMap - optional, other filters like paging, etc ....
Returns:: a list of user's admin role membership based on parameters.

listUsersMembership

java.util.List listUsersMembership(java.lang.String userId,
                                   java.lang.String roleName,
                                   java.lang.String scopeId,
                                   boolean includeHierarchy,
                                   java.util.Map paramsMap)

Returns a list of user's admin role memberships based on the parameters.

Parameters:: userId - a valid user-id, required; roleName - - optional, the Admin role name filter; scopeId - optional, specific scope filter; includeHierarchy - this parameter is honored only when a valid scope id is passed. If true, then include any user's memberships to scope's parent, otherwise include direct scope assignment.
Returns:: a list of user's admin role membership based on parameters.

listMembershipsInScope

java.util.List listMembershipsInScope(java.lang.String scopeId,
                                      java.lang.String roleName,
                                      boolean includeHierarchy,
                                      java.util.Map paramsMap)

Returns a list of admin role membership in the given scope.

Parameters:: scopeId - a valid scope id, required; roleName - - optional, the Admin role name filter; includeHierarchy - If true, then include any memberships in this scope inherited from the parent of this scope, otherwise include only direct membership to the scope.
Returns:: a list of admin role memberships for a given scope

updateRoleMemberships

boolean updateRoleMemberships(AdminRoleMembership roleMembership)

Method to update the role memberships.

Parameters:: rolemembership - that has updated data
Returns:

getAdminRolesForUser

java.util.List getAdminRolesForUser(java.lang.String userId,
                                    java.util.Map paramsMap)

Get the list of admin roles for passed userId

Parameters:: userId - - The user id for which the Admin-roles need to be determined.; paramsMap - - The additional params for paging, sorting etc ....
Returns:: - List of AdminRoles for the passed user.

listMembershipsForUserByRoleName

java.util.List listMembershipsForUserByRoleName(java.lang.String userId,
                                                java.util.List roleName)

Returns a list of user's admin role memberships based on role names..

Parameters:: userId - a valid user-id, required; roleName - - required, the Admin role name filter
Returns:: a list of user's admin role membership based on parameters.

getAdminRoles

java.util.List getAdminRoles(java.lang.String scopeId)

Returns list of admin roles available within the context of the passed scope-id.

Returns:: list of admin roles

isAuthorizationRequired

boolean isAuthorizationRequired()

Convenience method to check if Authorization checks are required or not.

Returns:

getCapabilitiess

java.util.List getCapabilitiess(PolicyConstants.Resources resourceType,
                                PolicyConstants.Actions action)

Returns list of capabilities available in an installation for a given resourceType and action

Parameters:: resourceType - resource for which the search.; action - the action.
Returns:: list of capabilities

getCapabilitiess

java.util.List getCapabilitiess(PolicyConstants.Resources resourceType)

Returns list of capabilities available in an installation for a given resource-type.

Parameters:: resourceType - the resource name.
Returns:: list of capabilities

getCapabilities

java.util.List getCapabilities(PolicyConstants.Resources resourceType,
                               Capability.Type capType)

Returns list of capabilities available in an installation for the given capability-type.

Parameters:: resourceType - the resource name.; capType - the capability type. Capability type can be admin/self/all.
Returns:: list of capabilities

getCapabilitiess

java.util.List getCapabilitiess(java.lang.String adminRoleName)

This method will return the associated capability with an admin role.

Parameters:: adminRoleName - select admin role name.
Returns:: list of capabilities associated with an admin-role

search

java.util.List search(SearchCriteria sc,
                      java.util.Map controlParams)
                      throws java.lang.Exception

Returns a list of admin roles as per the organization scoping based on the parameters.

Parameters:: sc - optional, search criteria; controlParams - optional, and filters like paging,sorting etc ....
Returns:: a list of admin roles.
Throws:: java.lang.Exception

getCapability

Capability getCapability(java.lang.String resourceType,
                         java.lang.String action)

Returns list of capabilities available in an installation for a given resourceType and action

Returns:: list of capabilities

getCapabilityForID

Capability getCapabilityForID(java.lang.String capabilityId)

Returns list of capabilities available in an installation for a given resourceType and action

Returns:: list of capabilities

createAdminRole

AdminRoleVO createAdminRole(AdminRoleVO compAdminRole)

The API creates the Admin Role based on AdminRoleVO. The AdminRoleVO represents the train based data setup on the UI. The API also sets up Admin Role relationship with user, SoC, publication and capability.

Parameters:: AdminRoleVO - admin role value object
Returns:: adminrole that is successfully created.

getAdminRoleVO

AdminRoleVO getAdminRoleVO(java.lang.String adminRoleId)

Returns the admin-role value object for the given admin role Id.

Parameters:: adminRoleId - admin-role key.
Returns:: adminRoleVO object

modifyAdminRole

void modifyAdminRole(AdminRoleVO compAdminRole)

The API modifies the adminRole data. This API helps in modifying the capability, SOC, users, publications for the admin role.

Parameters:: compAdminRole - - the admin-role details that needs to be modified.

getUsersAssigned

java.util.List getUsersAssigned(java.lang.String adminRoleId,
                                java.util.Set retAttrs,
                                java.util.HashMap configParams)

Returns the list of User identities assigned to the admin-role

Parameters:: adminRoleId - role-key for the admin-role.; retAttrs - the user attributes need to be returned; configParams - the comfigparams.
Returns:: List of Users identity.

getUsersAssignedWithScope

java.util.List getUsersAssignedWithScope(java.lang.String adminRoleId,
                                         java.util.Set retAttrs,
                                         java.util.HashMap configParams,
                                         java.lang.String scopeId)

Returns the list of User identities assigned to the admin-role

Parameters:: adminRoleId - role-key for the admin-role.; retAttrs - the user attributes need to be returned; configParams - the comfigparams.; ScopeId - associated with admin role.
Returns:: List of Users identity.

listUsersMembership

java.util.List listUsersMembership(java.lang.String userId,
                                   java.lang.String roleName,
                                   java.lang.String scopeId,
                                   java.util.Map paramsMap)

Returns a list of user's admin role memberships based on the parameters.

Parameters:: userId - a valid user-id, required; roleName - - optional, the Admin role name filter; scopeId - optional, specific scope filter
Returns:: a list of user's admin role membership based on parameters.

getCapabilities

java.util.List getCapabilities(PolicyConstants.Resources resourceType,
                               java.util.List actions)

Returns the list of capabilities for a given resource-type and actions.

Parameters:: resourceType -; actions -
Returns:

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

oracle.iam.platform.authopss.api Interface AdminRoleService

getAdminRoles

getScopedAdminRoles

getGlobalAdminRoles

getAdminRole

getAdminRoleForID

removeAdminRole

addAdminRoleMembership

removeAdminRoleMembership

listUsersMembership

listUsersMembership

listMembershipsInScope

updateRoleMemberships

getAdminRolesForUser

listMembershipsForUserByRoleName

getAdminRoles

isAuthorizationRequired

getCapabilitiess

getCapabilitiess

getCapabilities

getCapabilitiess

search

getCapability

getCapabilityForID

createAdminRole

getAdminRoleVO

modifyAdminRole

getUsersAssigned

getUsersAssignedWithScope

listUsersMembership

getCapabilities

oracle.iam.platform.authopss.api
Interface AdminRoleService