|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface ProvisioningService
ProvisioningService
application programming interface provides utilities needed to provision and manage user's Account
and Entitlement
for both connected and disconnected ApplicationInstance
. We are introducing this new provisioning API because: - Old provisioning APIs were scattered across the various services, namely, tcUserOperationsIntf, tcProvisioningOperationsIntf, tcFormInstanceOperationsIntf. There is no functional integrity in these provisioning APIs as completing a single action may need invocation of APIs across different interfaces. - Also, in 11.1.2.0.0, Authorization model is changed and we wanted to up-take new security model.
Account
, ApplicationInstance
, Entitlement
, EntitlementInstance
Method Summary | |
---|---|
void |
changeAccountPassword(long accountId, char[] newPassword) This API method is used to change user's account password. |
void |
changeAccountType(long accountId, Account.ACCOUNT_TYPE accountType) This API is used to change the account type of the account. |
boolean |
confirmAccountPassword(long accountId, char[] existingAccountPassword) This API method is used to verify and confirm account password. |
void |
disable(long accountId) This API method disables an account provisioned to a user. |
void |
enable(long accountId) This API method enables an existing disabled account provisioned to a user. |
java.util.List |
findEntitlementsForRole(java.lang.String roleKey) This API method returns the list of entitlements for the given role key. |
Account |
getAccountDetails(long accountId) This API method returns an Account value object which contains detailed information about the account corresponding to the specified account ID. |
java.util.List |
getAccountDetails(long[] accountIds) This API method returns a list of Account value object given the accountIds.The account object contains detailed information about the account corresponding to the specified account ID. |
java.util.List |
getAccountsProvisionedToUser(java.lang.String userId) This API method returns a list of all the accounts provisioned to the user. |
java.util.List |
getAccountsProvisionedToUser(java.lang.String userId, boolean populateAccountData) This API method returns a list of all the accounts provisioned to the user |
java.util.List |
getAccountsProvisionedToUser(java.lang.String userId, SearchCriteria criteria, java.util.HashMap configParams) This API method returns a list of all the accounts provisioned to the user. |
java.util.List |
getAccountsProvisionedToUser(java.lang.String userId, SearchCriteria criteria, java.util.HashMap configParams, boolean populateAccountData) This API method returns a list of all the accounts provisioned to the user. |
EntitlementInstance |
getEntitlementInstance(long entitlementInstanceKey) This API method returns an entitlement instance provisioned to the user corresponding to the edlntitlement key |
EntitlementInstance |
getEntitlementInstance(long accountId, long entitlemenkey) This API method returns an entitlement instance provisioned to the user corresponding to the entitlement key and account id |
java.util.List |
getEntitlementInstanceForEntitlement(Entitlement entitlement, SearchCriteria searchcriteria, java.util.HashMap configParams) This API method returns the entitlement instances for the given entitlement. |
java.util.List |
getEntitlementInstances(long[] entitlementInstanceKeys) This API method returns a list of entitlement instances provisioned to the user corresponding to the list of entitlement instances key. |
java.util.List |
getEntitlementsForAccessPolicies(java.util.List policyKeys, java.util.Map configParams) This API method returns the list of Entitlements for the given access policy Keys. |
java.util.List |
getEntitlementsForUser(java.lang.String userId) This API method returns a list of all the entitlements provisioned to the user. |
java.util.List |
getEntitlementsForUser(java.lang.String userId, SearchCriteria criteria, java.util.HashMap configParams) This API method searches for entitlement instances provisioned to a user matching the specified SearchCriteria |
Account |
getMinimalAccountDetails(long accountId) This API method returns an Account value object corresponding to the specified account ID. |
java.util.List |
getPasswordResettableAccountsForUser(java.lang.String userID) This API method returns a list of accounts provisioned to the user for which password can be reset. |
java.util.List |
getProvisionedAccountsForAppInstance(java.lang.String appInstance, SearchCriteria crit, java.util.HashMap configParams) This API method rethrns the list of accounts for a given application instance name. |
java.util.List |
getUserAccountDetailsInApplicationInstance(java.lang.String userId, long appInstanceKey) This API method checks if the user has an account in the specified application instance. |
java.util.List |
getUserAccountDetailsInApplicationInstance(java.lang.String userId, long appInstanceKey, boolean populateAccountData) This API method checks if the user has an account in the specified application instance. |
void |
grantEntitlement(EntitlementInstance entitlementInstance) This API method grants the specified EntitlementInstance to the specified account |
void |
grantEntitlement(long accountId, Entitlement entitlement) Deprecated. |
void |
grantEntitlements(java.util.List entitlementInstances) This API method grants the list of specified EntitlementInstance to the specified account This is a bulk operation that grants multiple EntitlementInstance to user's account. |
void |
grantEntitlements(long accountId, java.util.List entitlements) Deprecated. |
boolean |
isApplicationInstanceProvisionedToUser(java.lang.String userId, ApplicationInstance appInstance) This API method returns a boolean indicating weather the specified user has an account in the specified application instance. |
boolean |
isEntitlementProvisionedToUser(java.lang.String userId, Entitlement entitlement) This API method returns a boolean indicating whether the specified user has been granted the specific entitlement. |
void |
modify(Account account) This API method modifies an existing provisioned account. |
long |
provision(java.lang.String userId, Account account) This API method provisions an account to a user. |
void |
revoke(long accountId) This API method revokes an account provisioned to a user. |
void |
revokeEntitlement(EntitlementInstance entitlementInstance) This API method revokes already granted EntitlementInstance from the specified accounts |
void |
revokeEntitlements(java.util.List entitlementInstances) This API method revokes the list of specified EntitlementInstance from the specified accounts |
void |
updateEntitlement(EntitlementInstance entitlementInstance) This API method updates the attributes (child table data) of the specified EntitlementInstance . |
void |
updateEntitlements(java.util.List entitlementInstances) This API method updates the attributes of the specified entitlement instances |
Method Detail |
---|
long provision(java.lang.String userId, Account account) throws UserNotFoundException, ApplicationInstanceNotFoundException, AccessDeniedException, GenericProvisioningException
userId
- The target user to whom the account will be provisioned to.account
- This Account
value object holds the information about ApplicationInstance
and AccountData
.UserNotFoundException
- if the target user does not exist (i.e deleted) in the system.ApplicationInstanceNotFoundException
- if the application instance contained in the Account
value object does not exist in the system.AccessDeniedException
- if there is any authorization failure while provisioning the account to the target user. To avoid this exception, the logged in user should at least have ApplicationInstance
Authorizer Admin Role on Organization to which this ApplicationInstance
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to provision account.GenericProvisioningException
- if any other error, connector failures occur.Account
, AuthorizationService
, oracle.iam.platform.authopss.api.PolicyConstants.ApplicationInstanceActions.PROVISION
void enable(long accountId) throws AccountNotFoundException, ImproperAccountStateException, AccessDeniedException, GenericProvisioningException
accountId
- The accountId of the account that needs to be enabled.AccountNotFoundException
- if the account with the specified accountId does not exist.AccessDeniedException
- if there is any authorization failure while enabling the account provisioned to target user. To avoid this exception, the logged in user should at least have ApplicationInstance
Authorizer Admin Role on Organization to which this ApplicationInstance
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to enable account.ImproperAccountStateException
- if the account is not in disabled state when the enable operation is attemptedGenericProvisioningException
- if any other error, connector failures occur.AuthorizationService
, oracle.iam.platform.authopss.api.PolicyConstants.ApplicationInstanceActions.ENABLE_ACCOUNT
void disable(long accountId) throws AccountNotFoundException, ImproperAccountStateException, AccessDeniedException, GenericProvisioningException
accountId
- The accountId of the account under considerationAccountNotFoundException
- if the account with the specified accountId does not exist.AccessDeniedException
- if there is any authorization failure while disabling the account provisioned to target user. To avoid this exception, the logged in user should at least have ApplicationInstance
Authorizer Admin Role on Organization to which this ApplicationInstance
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to disable account.ImproperAccountStateException
- if the account is not in provisioned/enabled state when the disabled operation is attemptedGenericProvisioningException
- thrown if any other error, connector failures occur.AuthorizationService
, oracle.iam.platform.authopss.api.PolicyConstants.ApplicationInstanceActions.DISABLE_ACCOUNT
void modify(Account account) throws AccountNotFoundException, AccessDeniedException, GenericProvisioningException
Account
value object should contain the modified account profile.account
- This Account
value object holds the information about ApplicationInstance
and modified AccountData
.AccountNotFoundException
- if the account with the specified accountId does not exist.AccessDeniedException
- if there is any authorization failure while modifying the account provisioned to target user. To avoid this exception, the logged in user should at least have ApplicationInstance
Authorizer Admin Role on Organization to which this ApplicationInstance
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to modify account.GenericProvisioningException
- if any other error, connector failures occur.Account
, AuthorizationService
, oracle.iam.platform.authopss.api.PolicyConstants.ApplicationInstanceActions.MODIFY_ACCOUNT
void revoke(long accountId) throws AccountNotFoundException, AccessDeniedException, GenericProvisioningException
accountId
- The accountId of the account under considerationAccountNotFoundException
- if the account with the specified accountId does not exist.AccessDeniedException
- if there is any authorization failure while modifying the account provisioned to target user. To avoid this exception, the logged in user should at least have ApplicationInstance
Authorizer Admin Role on Organization to which this ApplicationInstance
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to revoke account.GenericProvisioningException
- if any other error, connector failures occur.AuthorizationService
, oracle.iam.platform.authopss.api.PolicyConstants.ApplicationInstanceActions.REVOKE_ACCOUNT
@Deprecated
void grantEntitlement(long accountId,
Entitlement entitlement)
throws AccountNotFoundException,
ImproperAccountStateException,
EntitlementNotFoundException,
EntitlementAlreadyProvisionedException,
AccessDeniedException,
GenericProvisioningException
Entitlement
to the specified accountaccountId
- the accountId of the account to which the Entitlement
is granted to.entitlement
- the Entitlement
which should be granted to the account.AccountNotFoundException
- if the account with the specified accountId does not exist.ImproperAccountStateException
- if the account is already revokedEntitlementNotFoundException
- if the Entitlement
definition does not existEntitlementAlreadyProvisionedException
- if the Entitlement
has already provisioned to the specified accountAccessDeniedException
- if there is any authorization failure while granting the Entitlement
to target user. To avoid this exception, the logged in user should at least have Entitlement
Authorizer Admin Role on Organization to which this Entitlement
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to grant entitlement.GenericProvisioningException
- if any other errors occurEntitlement
, AuthorizationService
, oracle.iam.platform.authopss.api.PolicyConstants.EntitlementActions.GRANT_ENTITLEMENT
void grantEntitlement(EntitlementInstance entitlementInstance) throws AccountNotFoundException, ImproperAccountStateException, EntitlementNotFoundException, EntitlementAlreadyProvisionedException, AccessDeniedException, GenericProvisioningException
EntitlementInstance
to the specified accountentitlementInstance
- the EntitlementInstance
which should be granted to the account.AccountNotFoundException
- if the account with the specified accountId does not exist.ImproperAccountStateException
- if the account is already revokedEntitlementNotFoundException
- if the Entitlement
definition does not existEntitlementAlreadyProvisionedException
- if the Entitlement
has already provisioned to the specified accountAccessDeniedException
- if there is any authorization failure while granting the Entitlement
to target user. To avoid this exception, the logged in user should at least have Entitlement
Authorizer Admin Role on Organization to which this Entitlement
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to grant entitlement.GenericProvisioningException
- if any other errors occurEntitlementInstance
, AuthorizationService
, oracle.iam.platform.authopss.api.PolicyConstants.EntitlementActions.GRANT_ENTITLEMENT
void revokeEntitlement(EntitlementInstance entitlementInstance) throws AccountNotFoundException, EntitlementNotProvisionedException, AccessDeniedException, GenericProvisioningException
EntitlementInstance
from the specified accountsentitlementInstance
- the EntitlementInstance
that needs to be revoked. EntitlementInstance
is an instance of Entitlement
that is granted to a user and is associated to a specific Account
.AccountNotFoundException
- if the specified accountId is not foundEntitlementNotProvisionedException
- if the specified EntitlementInstance
is not found as it is not already granted.AccessDeniedException
- if there is any authorization failure while revoking the EntitlementInstance
. To avoid this exception, the logged in user should at least have Entitlement
Authorizer Admin Role on Organization to which this Entitlement
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to revoke entitlement instance.GenericProvisioningException
- if any other errors occurEntitlement
, EntitlementInstance
, AuthorizationService
, oracle.iam.platform.authopss.api.PolicyConstants.EntitlementActions.REVOKE_ENTITLEMENT
void updateEntitlement(EntitlementInstance entitlementInstance) throws AccountNotFoundException, EntitlementNotFoundException, AccessDeniedException, GenericProvisioningException
EntitlementInstance
.entitlementInstance
- the modified EntitlementInstance
AccountNotFoundException
- if the specified accountId is not foundEntitlementNotFoundException
- if the specified entitlement instance is not found in the systemAccessDeniedException
- if there is any authorization failure while updating the EntitlementInstance
. To avoid this exception, the logged in user should at least have Entitlement
Authorizer Admin Role on Organization to which this Entitlement
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to update entitlement instance.GenericProvisioningException
- if any other errors occur while performing entitlement updateEntitlement
, EntitlementInstance
, AuthorizationService
, oracle.iam.platform.authopss.api.PolicyConstants.EntitlementActions.MODIFY_ENTITLEMENT
@Deprecated
void grantEntitlements(long accountId,
java.util.List entitlements)
throws BulkProvisioningException
Entitlement
to the specified account This is a bulk operation that grants multiple Entitlement
to user's account.accountId
- the accountId of the account to which the entitlements should be granted.entitlements
- the list of entitlements that need to be granted to the accountBulkProvisioningException
- if errors occur during bulk operationsvoid revokeEntitlements(java.util.List entitlementInstances) throws BulkProvisioningException
EntitlementInstance
from the specified accountsentitlementInstances
- the list of entitlement instances that need to be revokedBulkProvisioningException
- if errors occur during bulk operationsvoid updateEntitlements(java.util.List entitlementInstances) throws BulkProvisioningException
entitlementInstances
- the list of modified entitlement instancesBulkProvisioningException
- if errors occur during bulk operationsjava.util.List getAccountsProvisionedToUser(java.lang.String userId) throws UserNotFoundException, GenericProvisioningException
getAccountsProvisionedToUser(String userId, boolean populateAccountData)
userId
- The target user for whom the list of account is returned.UserNotFoundException
- if the target user does not exist (i.e deleted) in the system.GenericProvisioningException
- if any other errors occur while fetching the accounts provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation.Account
, AccountData
, ApplicationInstance
, EntitlementInstance
java.util.List getAccountsProvisionedToUser(java.lang.String userId, SearchCriteria criteria, java.util.HashMap configParams, boolean populateAccountData) throws UserNotFoundException, GenericProvisioningException
userId
- The target user for whom the list of account is returned.criteria
- The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL and NOT_EQUAL. For additional comparisons like contains the SearchCriteria Operator will be EQUAL with value to be searched will be '*<value>*'
The following is a list of attributes supported: ProvisioningConstants.AppInstanceSearchAttribute.DISPLAY_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.OBJ_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.ACCOUNT_STATUS.getId()
configParams
- Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.
The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched. These parameters are mandatory.
The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional
The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING.
The following is a list of attributes supported: ProvisioningConstants.AppInstanceSearchAttribute.DISPLAY_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.OBJ_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.ACCOUNT_STATUS.getId() ProvisioningConstants.AppInstanceSearchAttribute.PROVISIONED_ON.getId()
populateAccountData
- A boolean to indicate whether account data should be populated in the returned list of Account VO. If set to false, account data will not be populated.UserNotFoundException
- if the target user does not exist (i.e deleted) in the system.GenericProvisioningException
- if any other errors occur while fetching the accounts provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation.java.util.List getAccountsProvisionedToUser(java.lang.String userId, SearchCriteria criteria, java.util.HashMap configParams) throws UserNotFoundException, GenericProvisioningException
getAccountsProvisionedToUser(String userId, SearchCriteria criteria, HashMap<String, Object> configParams, boolean populateAccountData)
userId
- The target user for whom the list of account is returned.criteria
- The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL and NOT_EQUAL. For additional comparisons like contains the SearchCriteria Operator will be EQUAL with value to be searched will be '*<value>*'
The following is a list of attributes supported: ProvisioningConstants.AppInstanceSearchAttribute.DISPLAY_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.OBJ_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.ACCOUNT_STATUS.getId()
configParams
- Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.
The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched. These parameters are mandatory.
The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional
The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING.
The following is a list of attributes supported: ProvisioningConstants.AppInstanceSearchAttribute.DISPLAY_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.OBJ_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.ACCOUNT_STATUS.getId() ProvisioningConstants.AppInstanceSearchAttribute.PROVISIONED_ON.getId()
UserNotFoundException
- if the target user does not exist (i.e deleted) in the system.GenericProvisioningException
- if any other errors occur while fetching the accounts provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation.java.util.List getAccountsProvisionedToUser(java.lang.String userId, boolean populateAccountData) throws UserNotFoundException, GenericProvisioningException
userId
- The target user for whom the list of account is returned.populateAccountData
- boolean to indicate if account data should be populated in the returned Account VO. If set to false, account data will not be populated.UserNotFoundException
- if the target user does not exist (i.e deleted) in the system.GenericProvisioningException
- if any other errors occur while fetching the accounts provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation.Account
, AccountData
, ApplicationInstance
, EntitlementInstance
java.util.List getEntitlementInstanceForEntitlement(Entitlement entitlement, SearchCriteria searchcriteria, java.util.HashMap configParams) throws GenericProvisioningException, AccessDeniedException, EntitlementNotFoundException, GenericEntitlementServiceException
entitlement
- Entitlement object for which entitlement instances has to be returned.searchcriteria
- The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operator supported is EQUAL
Following is the attribute supported: ProvisioningConstants.EntitlementInstanceSearchAttribute.ENT_ASSIGN_STATUS.getId() Following are the list of possible values supported for status ProvisioningConstants.ENT_PROVISIONED_STATUS ProvisioningConstants.ENT_PROV_IN_PROGRESS_STATUS ProvisioningConstants.ENT_FUTURE_GRANT_STATUS
configParams
- Parameters to further configure the search operation. There are two configuration parameters. STARTROW and ENDROW.
The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.
GenericProvisioningException
- if any other errors occur while fetching the entitlement instances for the given entitlement.AccessDeniedException
- if there is any authorization failure while getting the EntitlementInstance
. To avoid this exception, the logged in user should at least have Entitlement
Authorizer Admin Role on Organization to which this Entitlement
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view entitlement.EntitlementNotFoundException
- if the entitlement instance does not exist.GenericEntitlementServiceException
- if any failure while finding the entitlement.EntitlementInstance getEntitlementInstance(long entitlementInstanceKey) throws AccessDeniedException, EntitlementInstanceNotFoundException, GenericProvisioningException
entitlementInstanceKey
- The entitlement instance key.EntitlementInstanceNotFoundException
- if the entitlement instance does not exist.AccessDeniedException
- if there is any authorization failure while getting the EntitlementInstance
. To avoid this exception, the logged in user should at least have Entitlement
Authorizer Admin Role on Organization to which this Entitlement
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view entitlement.GenericProvisioningException
- if any other errors occur while fetching entitlement details.Entitlement
, EntitlementInstance
, AuthorizationService
, oracle.iam.platform.authopss.api.PolicyConstants.EntitlementActions.VIEW_SEARCH
java.util.List getEntitlementInstances(long[] entitlementInstanceKeys) throws GenericProvisioningException
userId
- The target user for whom the entitlement instance is returned.GenericProvisioningException
- if any other errors occur while fetching the entitlement instances provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation. Logged in user can have permission to view few entitlements out of the specified list. Only those entitlement instance are returned in the list.java.util.List getEntitlementsForUser(java.lang.String userId) throws UserNotFoundException, GenericProvisioningException
userId
- The target user for whom the entitlement instances are returned.UserNotFoundException
- if the target user does not exist (i.e deleted) in the system.GenericProvisioningException
- if any other errors occur while fetching the entitlement instances provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation. Logged in user can have permission to view few entitlements out of the specified list. Only those entitlement instance are returned in the list.java.util.List getEntitlementsForUser(java.lang.String userId, SearchCriteria criteria, java.util.HashMap configParams) throws UserNotFoundException, GenericProvisioningException
SearchCriteria
userId
- The target user for whom the entitlement instances are returned.criteria
- The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL and NOT_EQUAL. For additional comparisons like contains the SearchCriteria Operator will be EQUAL with value to be searched will be '*<value>*'
The following is a list of search attributes supported: ProvisioningConstants.EntitlementSearchAttribute.ENTITLEMENT_DISPLAYNAME.getId() ProvisioningConstants.EntitlementSearchAttribute.ENT_ASSIGN_STATUS.getId();
configParams
- Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.
The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched. These parameters are mandatory.
The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional
The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING.
The following is a list of search attributes supported: ProvisioningConstants.EntitlementSearchAttribute.ENTITLEMENT_DISPLAYNAME.getId()
UserNotFoundException
- if the target user does not exist (i.e deleted) in the system.GenericProvisioningException
- if any other errors occur while fetching the entitlement instances provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation. Logged in user can have permission to view few entitlements out of the specified list. Only those entitlement instance are returned in the list.boolean isApplicationInstanceProvisionedToUser(java.lang.String userId, ApplicationInstance appInstance) throws UserNotFoundException, ApplicationInstanceNotFoundException, GenericProvisioningException, AccessDeniedException
userId
- The target user for whom operation is performed.appInstance
- The ApplicationInstance
which needs to be checked if it is provisioned to user.UserNotFoundException
- if a user with the specified userId is not found in the systemApplicationInstanceNotFoundException
- if the specified Application instance is not found in the system.AccessDeniedException
- if there is any authorization failure while checking if the ApplicationInstance
is provisioned to user. To avoid this exception, the logged in user should at least have ApplicationInstance
Viewer Admin Role on Organization to which this ApplicationInstance
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view ApplicationInstance
.GenericProvisioningException
- if any other errors occur while checking if the ApplicationInstance is provisioned to user.boolean isEntitlementProvisionedToUser(java.lang.String userId, Entitlement entitlement) throws UserNotFoundException, EntitlementNotFoundException, AccessDeniedException, GenericProvisioningException
userId
- The target user for whom operation is performed.entitlement
- The Entitlement
which needs to be checked if it is provisioned to user.UserNotFoundException
- if a user with the specified userId is not found in the systemEntitlementNotFoundException
- if the specified Entitlement is not found in the system.AccessDeniedException
- if there is any authorization failure while checking if the Entitlement
is provisioned to user. To avoid this exception, the logged in user should at least have Entitlement
Viewer Admin Role on Organization to which this Entitlement
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view Entitlement
.GenericProvisioningException
- if any other errors occur while checking if the Entitlement is provisioned to user.Account getAccountDetails(long accountId) throws AccountNotFoundException, AccessDeniedException, GenericProvisioningException
accountId
- The account id of account whose details to be fetched.Account
value object.AccountNotFoundException
- if no account is found corresponding to the specified accountId.AccessDeniedException
- if there is any authorization failure fetching account details. To avoid this exception, the logged in user should at least have ApplicationInstance
Viewer Admin Role on Organization to which this ApplicationInstance
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view ApplicationInstance
.GenericProvisioningException
- if any other errors occur while fetching account details.Account getMinimalAccountDetails(long accountId) throws AccountNotFoundException, AccessDeniedException, GenericProvisioningException
getAccountDetails(long accountId)
accountId
- The account id of account whose details to be fetched.Account
value object.AccountNotFoundException
- if no account is found corresponding to the specified accountId.AccessDeniedException
- if there is any authorization failure fetching account details. To avoid this exception, the logged in user should at least have ApplicationInstance
Viewer Admin Role on Organization to which this ApplicationInstance
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view ApplicationInstance
.GenericProvisioningException
- if any other errors occur while fetching account details.java.util.List getAccountDetails(long[] accountIds) throws GenericProvisioningException
accountId
- The list of account id of accounts whose details to be fetched.Account
value objects which have passed the authorization check. If an account is not found for a specified accountId, those accounts are also not returned in the list.GenericProvisioningException
- if any other errors occur while fetching account details.java.util.List getUserAccountDetailsInApplicationInstance(java.lang.String userId, long appInstanceKey) throws UserNotFoundException, ApplicationInstanceNotFoundException, AccessDeniedException, GenericProvisioningException
userId
- The target user for whom operation is performed.appInstanceKey
- ApplicationInstance
key in which accounts are provisioned.Account
value object. User can have multiple accounts in application instance and hence the list of AccountUserNotFoundException
- if no user is found in the system.ApplicationInstanceNotFoundException
- if the specified Application instance is not found in the system.AccessDeniedException
- if there is any authorization failure fetching account details. To avoid this exception, the logged in user should at least have ApplicationInstance
Viewer Admin Role on Organization to which this ApplicationInstance
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view ApplicationInstance
.GenericProvisioningException
- if any other errors occur while fetching account details.java.util.List getUserAccountDetailsInApplicationInstance(java.lang.String userId, long appInstanceKey, boolean populateAccountData) throws UserNotFoundException, ApplicationInstanceNotFoundException, AccessDeniedException, GenericProvisioningException
userId
- The target user for whom operation is performed.appInstanceKey
- ApplicationInstance
key in which accounts are provisioned.populateAccountData
- boolean to indicate if account data should be populated in the returned Account VO. If set to false, account data will not be populated.Account
value object. User can have multiple accounts in application instance and hence the list of AccountUserNotFoundException
- if no user is found in the system.ApplicationInstanceNotFoundException
- if the specified Application instance is not found in the system.AccessDeniedException
- if there is any authorization failure fetching account details. To avoid this exception, the logged in user should at least have ApplicationInstance
Viewer Admin Role on Organization to which this ApplicationInstance
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view ApplicationInstance
.GenericProvisioningException
- if any other errors occur while fetching account details.void changeAccountPassword(long accountId, char[] newPassword) throws AccessDeniedException, AccountNotFoundException, GenericProvisioningException
accountId
- - This is OIU_KEY for the accountnewPassword
- - Character array containing new passwordAccountNotFoundException
- if the account with the specified accountId does not exist.AccessDeniedException
- if there is any authorization failure while changing the account password. To avoid this exception, the logged in user should at least have ApplicationInstance
Authorizer Admin Role on Organization to which this ApplicationInstance
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to modify account password.GenericProvisioningException
- if any other error, connector failures occur.Account
, AuthorizationService
, oracle.iam.platform.authopss.api.PolicyConstants.ApplicationInstanceActions.MODIFY_ACCOUNT_PASSWORD
java.util.List getPasswordResettableAccountsForUser(java.lang.String userID) throws UserNotFoundException, GenericProvisioningException
userId
- The target user id for whom operation is performed.UserNotFoundException
- if no user is found in the system.GenericProvisioningException
- if any other errors occur while fetching account details.void changeAccountType(long accountId, Account.ACCOUNT_TYPE accountType) throws AccessDeniedException, AccountNotFoundException, GenericProvisioningException
accountId
- - This is OIU_KEY for the accountaccountType
- - The values can be Account.ACCOUNT_TYPE.Primary, Account.ACCOUNT_TYPE.Secondery, Account.ACCOUNT_TYPE.Admin, Account.ACCOUNT_TYPE.Other, Account.ACCOUNT_TYPE.ServiceAccount An account can not change from Primary to any other type However, any other type can be changed into primary account.AccountNotFoundException
- thrown if no account is found corresponding to the specified accountId.AccessDeniedException
- if there is any authorization failure while modifying the account type. To avoid this exception, the logged in user should at least have ApplicationInstance
Authorizer Admin Role on Organization to which this ApplicationInstance
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to modify account.GenericProvisioningException
- thrown if any error in db, connector failures occur.EntitlementInstance getEntitlementInstance(long accountId, long entitlemenkey) throws AccessDeniedException, EntitlementInstanceNotFoundException, GenericProvisioningException
accountId
- The accountId of the account to which the Entitlement
is granted to.entitlementKey
- The entitlement keyEntitlementInstanceNotFoundException
- if the entitlement instance does not exist.AccessDeniedException
- if there is any authorization failure while getting the EntitlementInstance
. To avoid this exception, the logged in user should at least have Entitlement
Authorizer Admin Role on Organization to which this Entitlement
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view entitlement.GenericProvisioningException
- if any other errors occur while fetching entitlement details.Entitlement
, EntitlementInstance
, AuthorizationService
, oracle.iam.platform.authopss.api.PolicyConstants.EntitlementActions.VIEW_SEARCH
void grantEntitlements(java.util.List entitlementInstances) throws BulkProvisioningException
EntitlementInstance
to the specified account This is a bulk operation that grants multiple EntitlementInstance
to user's account.entitlementInstances
- the list of entitlementInstances that need to be granted to the accountBulkProvisioningException
- if errors occur during bulk operationsjava.util.List findEntitlementsForRole(java.lang.String roleKey) throws AccessDeniedException, GenericProvisioningException
roleKey
- roleKey for which associated Entitlements need to be fetched.AccessDeniedException
- if there is any authorization failure while getting the Entitlements
. only user with capability "Role-View/Search" which allows user to view and search roles can access this API.GenericProvisioningException
- if any other errors occur while fetching entitlement details.java.util.List getEntitlementsForAccessPolicies(java.util.List policyKeys, java.util.Map configParams) throws AccessDeniedException, GenericProvisioningException
policyKeys
- list of policyKeys for which associated Entitlements (as child access policy default data) need to be fetched.configParams
- Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.
The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.
The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted.
The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING.
AccessDeniedException
- if there is any authorization failure while getting the Entitlements
. only user with the capability "Role-Create" which allowes user to create a role can access this api.GenericProvisioningException
- if any other errors occur while fetching entitlement details.java.util.List getProvisionedAccountsForAppInstance(java.lang.String appInstance, SearchCriteria crit, java.util.HashMap configParams) throws GenericProvisioningException, AccessDeniedException
appInstance
-searchCriteria
- The search criteria based on which entries will be retrieved from the backend. The possible SearchCriteria are ProvisioningConstants.AccountSearchAttribute.ACCOUNT_STATUS ProvisioningConstants.AccountSearchAttribute.ACCOUNT_TYPEconfigParams
- Parameters to further configure the search operation. There are four configuration parameters. ApplicationInstance.STARTROW, Applicationunstance.ENDROW, ApplicationInstance SORTEDBY, ApplicationInstance SORTORDERGenericProvisioningException
AccessDeniedException
boolean confirmAccountPassword(long accountId, char[] existingAccountPassword) throws AccessDeniedException, AccountNotFoundException, GenericProvisioningException
accountId
- - This is OIU_KEY for the accountaccountPassword
- - Character array containing existing password that needs to be verifiedAccountNotFoundException
- if the account with the specified accountId does not exist.AccessDeniedException
- if there is any authorization failure while verifying existing the account password. To avoid this exception, the logged in user should at least have ApplicationInstance
Authorizer Admin Role on Organization to which this ApplicationInstance
is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to modify account password.GenericProvisioningException
- if any other error, connector failures occur.Account
, AuthorizationService
, oracle.iam.platform.authopss.api.PolicyConstants.ApplicationInstanceActions.MODIFY_ACCOUNT_PASSWORD
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |