Skip navigation links

Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

oracle.iam.provisioning.api
Interface ProvisioningService

public interface ProvisioningService

ProvisioningService application programming interface provides utilities needed to provision and manage user's Account and Entitlement for both connected and disconnected ApplicationInstance. We are introducing this new provisioning API because: - Old provisioning APIs were scattered across the various services, namely, tcUserOperationsIntf, tcProvisioningOperationsIntf, tcFormInstanceOperationsIntf. There is no functional integrity in these provisioning APIs as completing a single action may need invocation of APIs across different interfaces. - Also, in 11.1.2.0.0, Authorization model is changed and we wanted to up-take new security model.

Since:
11.1.2.0.0
See Also:
Account, ApplicationInstance, Entitlement, EntitlementInstance

Method Summary
 void changeAccountPassword(long accountId, char[] newPassword)
          This API method is used to change user's account password.
 void changeAccountType(long accountId, Account.ACCOUNT_TYPE accountType)
          This API is used to change the account type of the account.
 boolean confirmAccountPassword(long accountId, char[] existingAccountPassword)
          This API method is used to verify and confirm account password.
 void disable(long accountId)
          This API method disables an account provisioned to a user.
 void enable(long accountId)
          This API method enables an existing disabled account provisioned to a user.
 java.util.List findEntitlementsForRole(java.lang.String roleKey)
          This API method returns the list of entitlements for the given role key.
 Account getAccountDetails(long accountId)
          This API method returns an Account value object which contains detailed information about the account corresponding to the specified account ID.
 java.util.List getAccountDetails(long[] accountIds)
          This API method returns a list of Account value object given the accountIds.The account object contains detailed information about the account corresponding to the specified account ID.
 java.util.List getAccountsProvisionedToUser(java.lang.String userId)
          This API method returns a list of all the accounts provisioned to the user.
 java.util.List getAccountsProvisionedToUser(java.lang.String userId, boolean populateAccountData)
          This API method returns a list of all the accounts provisioned to the user
 java.util.List getAccountsProvisionedToUser(java.lang.String userId, SearchCriteria criteria, java.util.HashMap configParams)
          This API method returns a list of all the accounts provisioned to the user.
 java.util.List getAccountsProvisionedToUser(java.lang.String userId, SearchCriteria criteria, java.util.HashMap configParams, boolean populateAccountData)
          This API method returns a list of all the accounts provisioned to the user.
 EntitlementInstance getEntitlementInstance(long entitlementInstanceKey)
          This API method returns an entitlement instance provisioned to the user corresponding to the edlntitlement key
 EntitlementInstance getEntitlementInstance(long accountId, long entitlemenkey)
          This API method returns an entitlement instance provisioned to the user corresponding to the entitlement key and account id
 java.util.List getEntitlementInstanceForEntitlement(Entitlement entitlement, SearchCriteria searchcriteria, java.util.HashMap configParams)
          This API method returns the entitlement instances for the given entitlement.
 java.util.List getEntitlementInstances(long[] entitlementInstanceKeys)
          This API method returns a list of entitlement instances provisioned to the user corresponding to the list of entitlement instances key.
 java.util.List getEntitlementsForAccessPolicies(java.util.List policyKeys, java.util.Map configParams)
          This API method returns the list of Entitlements for the given access policy Keys.
 java.util.List getEntitlementsForUser(java.lang.String userId)
          This API method returns a list of all the entitlements provisioned to the user.
 java.util.List getEntitlementsForUser(java.lang.String userId, SearchCriteria criteria, java.util.HashMap configParams)
          This API method searches for entitlement instances provisioned to a user matching the specified SearchCriteria
 Account getMinimalAccountDetails(long accountId)
          This API method returns an Account value object corresponding to the specified account ID.
 java.util.List getPasswordResettableAccountsForUser(java.lang.String userID)
          This API method returns a list of accounts provisioned to the user for which password can be reset.
 java.util.List getProvisionedAccountsForAppInstance(java.lang.String appInstance, SearchCriteria crit, java.util.HashMap configParams)
          This API method rethrns the list of accounts for a given application instance name.
 java.util.List getUserAccountDetailsInApplicationInstance(java.lang.String userId, long appInstanceKey)
          This API method checks if the user has an account in the specified application instance.
 java.util.List getUserAccountDetailsInApplicationInstance(java.lang.String userId, long appInstanceKey, boolean populateAccountData)
          This API method checks if the user has an account in the specified application instance.
 void grantEntitlement(EntitlementInstance entitlementInstance)
          This API method grants the specified EntitlementInstance to the specified account
 void grantEntitlement(long accountId, Entitlement entitlement)
          Deprecated. 
 void grantEntitlements(java.util.List entitlementInstances)
          This API method grants the list of specified EntitlementInstance to the specified account This is a bulk operation that grants multiple EntitlementInstance to user's account.
 void grantEntitlements(long accountId, java.util.List entitlements)
          Deprecated. 
 boolean isApplicationInstanceProvisionedToUser(java.lang.String userId, ApplicationInstance appInstance)
          This API method returns a boolean indicating weather the specified user has an account in the specified application instance.
 boolean isEntitlementProvisionedToUser(java.lang.String userId, Entitlement entitlement)
          This API method returns a boolean indicating whether the specified user has been granted the specific entitlement.
 void modify(Account account)
          This API method modifies an existing provisioned account.
 long provision(java.lang.String userId, Account account)
          This API method provisions an account to a user.
 void revoke(long accountId)
          This API method revokes an account provisioned to a user.
 void revokeEntitlement(EntitlementInstance entitlementInstance)
          This API method revokes already granted EntitlementInstance from the specified accounts
 void revokeEntitlements(java.util.List entitlementInstances)
          This API method revokes the list of specified EntitlementInstance from the specified accounts
 void updateEntitlement(EntitlementInstance entitlementInstance)
          This API method updates the attributes (child table data) of the specified EntitlementInstance.
 void updateEntitlements(java.util.List entitlementInstances)
          This API method updates the attributes of the specified entitlement instances

 

Method Detail

provision

long provision(java.lang.String userId,
               Account account)
               throws UserNotFoundException,
                      ApplicationInstanceNotFoundException,
                      AccessDeniedException,
                      GenericProvisioningException
This API method provisions an account to a user.
Parameters:
userId - The target user to whom the account will be provisioned to.
account - This Account value object holds the information about ApplicationInstance and AccountData.
Returns:
The accountId of the account created.
Throws:
UserNotFoundException - if the target user does not exist (i.e deleted) in the system.
ApplicationInstanceNotFoundException - if the application instance contained in the Account value object does not exist in the system.
AccessDeniedException - if there is any authorization failure while provisioning the account to the target user. To avoid this exception, the logged in user should at least have ApplicationInstance Authorizer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to provision account.
GenericProvisioningException - if any other error, connector failures occur.
Since:
11.1.2.0.0
See Also:
Account, AuthorizationService, oracle.iam.platform.authopss.api.PolicyConstants.ApplicationInstanceActions.PROVISION

enable

void enable(long accountId)
            throws AccountNotFoundException,
                   ImproperAccountStateException,
                   AccessDeniedException,
                   GenericProvisioningException
This API method enables an existing disabled account provisioned to a user. The account should be in Disabled state.
Parameters:
accountId - The accountId of the account that needs to be enabled.
Throws:
AccountNotFoundException - if the account with the specified accountId does not exist.
AccessDeniedException - if there is any authorization failure while enabling the account provisioned to target user. To avoid this exception, the logged in user should at least have ApplicationInstance Authorizer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to enable account.
ImproperAccountStateException - if the account is not in disabled state when the enable operation is attempted
GenericProvisioningException - if any other error, connector failures occur.
Since:
11.1.2.0.0
See Also:
AuthorizationService, oracle.iam.platform.authopss.api.PolicyConstants.ApplicationInstanceActions.ENABLE_ACCOUNT

disable

void disable(long accountId)
             throws AccountNotFoundException,
                    ImproperAccountStateException,
                    AccessDeniedException,
                    GenericProvisioningException
This API method disables an account provisioned to a user. The account should be in Enabled or Provisioned state.
Parameters:
accountId - The accountId of the account under consideration
Throws:
AccountNotFoundException - if the account with the specified accountId does not exist.
AccessDeniedException - if there is any authorization failure while disabling the account provisioned to target user. To avoid this exception, the logged in user should at least have ApplicationInstance Authorizer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to disable account.
ImproperAccountStateException - if the account is not in provisioned/enabled state when the disabled operation is attempted
GenericProvisioningException - thrown if any other error, connector failures occur.
Since:
11.1.2.0.0
See Also:
AuthorizationService, oracle.iam.platform.authopss.api.PolicyConstants.ApplicationInstanceActions.DISABLE_ACCOUNT

modify

void modify(Account account)
            throws AccountNotFoundException,
                   AccessDeniedException,
                   GenericProvisioningException
This API method modifies an existing provisioned account. The Account value object should contain the modified account profile.
Parameters:
account - This Account value object holds the information about ApplicationInstance and modified AccountData.
Throws:
AccountNotFoundException - if the account with the specified accountId does not exist.
AccessDeniedException - if there is any authorization failure while modifying the account provisioned to target user. To avoid this exception, the logged in user should at least have ApplicationInstance Authorizer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to modify account.
GenericProvisioningException - if any other error, connector failures occur.
Since:
11.1.2.0.0
See Also:
Account, AuthorizationService, oracle.iam.platform.authopss.api.PolicyConstants.ApplicationInstanceActions.MODIFY_ACCOUNT

revoke

void revoke(long accountId)
            throws AccountNotFoundException,
                   AccessDeniedException,
                   GenericProvisioningException
This API method revokes an account provisioned to a user. The account should be in provisioned, enabled or disabled state state.
Parameters:
accountId - The accountId of the account under consideration
Throws:
AccountNotFoundException - if the account with the specified accountId does not exist.
AccessDeniedException - if there is any authorization failure while modifying the account provisioned to target user. To avoid this exception, the logged in user should at least have ApplicationInstance Authorizer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to revoke account.
GenericProvisioningException - if any other error, connector failures occur.
Since:
11.1.2.0.0
See Also:
AuthorizationService, oracle.iam.platform.authopss.api.PolicyConstants.ApplicationInstanceActions.REVOKE_ACCOUNT

grantEntitlement

@Deprecated
void grantEntitlement(long accountId,
                                 Entitlement entitlement)
                      throws AccountNotFoundException,
                             ImproperAccountStateException,
                             EntitlementNotFoundException,
                             EntitlementAlreadyProvisionedException,
                             AccessDeniedException,
                             GenericProvisioningException
Deprecated. 
This API method grants the specified Entitlement to the specified account
Parameters:
accountId - the accountId of the account to which the Entitlement is granted to.
entitlement - the Entitlement which should be granted to the account.
Throws:
AccountNotFoundException - if the account with the specified accountId does not exist.
ImproperAccountStateException - if the account is already revoked
EntitlementNotFoundException - if the Entitlement definition does not exist
EntitlementAlreadyProvisionedException - if the Entitlement has already provisioned to the specified account
AccessDeniedException - if there is any authorization failure while granting the Entitlement to target user. To avoid this exception, the logged in user should at least have Entitlement Authorizer Admin Role on Organization to which this Entitlement is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to grant entitlement.
GenericProvisioningException - if any other errors occur
Since:
11.1.2.0.0
See Also:
Entitlement, AuthorizationService, oracle.iam.platform.authopss.api.PolicyConstants.EntitlementActions.GRANT_ENTITLEMENT

grantEntitlement

void grantEntitlement(EntitlementInstance entitlementInstance)
                      throws AccountNotFoundException,
                             ImproperAccountStateException,
                             EntitlementNotFoundException,
                             EntitlementAlreadyProvisionedException,
                             AccessDeniedException,
                             GenericProvisioningException
This API method grants the specified EntitlementInstance to the specified account
Parameters:
entitlementInstance - the EntitlementInstance which should be granted to the account.
Throws:
AccountNotFoundException - if the account with the specified accountId does not exist.
ImproperAccountStateException - if the account is already revoked
EntitlementNotFoundException - if the Entitlement definition does not exist
EntitlementAlreadyProvisionedException - if the Entitlement has already provisioned to the specified account
AccessDeniedException - if there is any authorization failure while granting the Entitlement to target user. To avoid this exception, the logged in user should at least have Entitlement Authorizer Admin Role on Organization to which this Entitlement is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to grant entitlement.
GenericProvisioningException - if any other errors occur
Since:
11.1.2.2.0
See Also:
EntitlementInstance, AuthorizationService, oracle.iam.platform.authopss.api.PolicyConstants.EntitlementActions.GRANT_ENTITLEMENT

revokeEntitlement

void revokeEntitlement(EntitlementInstance entitlementInstance)
                       throws AccountNotFoundException,
                              EntitlementNotProvisionedException,
                              AccessDeniedException,
                              GenericProvisioningException
This API method revokes already granted EntitlementInstance from the specified accounts
Parameters:
entitlementInstance - the EntitlementInstance that needs to be revoked. EntitlementInstance is an instance of Entitlement that is granted to a user and is associated to a specific Account.
Throws:
AccountNotFoundException - if the specified accountId is not found
EntitlementNotProvisionedException - if the specified EntitlementInstance is not found as it is not already granted.
AccessDeniedException - if there is any authorization failure while revoking the EntitlementInstance. To avoid this exception, the logged in user should at least have Entitlement Authorizer Admin Role on Organization to which this Entitlement is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to revoke entitlement instance.
GenericProvisioningException - if any other errors occur
Since:
11.1.2.0.0
See Also:
Entitlement, EntitlementInstance, AuthorizationService, oracle.iam.platform.authopss.api.PolicyConstants.EntitlementActions.REVOKE_ENTITLEMENT

updateEntitlement

void updateEntitlement(EntitlementInstance entitlementInstance)
                       throws AccountNotFoundException,
                              EntitlementNotFoundException,
                              AccessDeniedException,
                              GenericProvisioningException
This API method updates the attributes (child table data) of the specified EntitlementInstance.
Parameters:
entitlementInstance - the modified EntitlementInstance
Throws:
AccountNotFoundException - if the specified accountId is not found
EntitlementNotFoundException - if the specified entitlement instance is not found in the system
AccessDeniedException - if there is any authorization failure while updating the EntitlementInstance. To avoid this exception, the logged in user should at least have Entitlement Authorizer Admin Role on Organization to which this Entitlement is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to update entitlement instance.
GenericProvisioningException - if any other errors occur while performing entitlement update
Since:
11.1.2.0.0
See Also:
Entitlement, EntitlementInstance, AuthorizationService, oracle.iam.platform.authopss.api.PolicyConstants.EntitlementActions.MODIFY_ENTITLEMENT

grantEntitlements

@Deprecated
void grantEntitlements(long accountId,
                                  java.util.List entitlements)
                       throws BulkProvisioningException
Deprecated. 
This API method grants the list of specified Entitlement to the specified account This is a bulk operation that grants multiple Entitlement to user's account.
Parameters:
accountId - the accountId of the account to which the entitlements should be granted.
entitlements - the list of entitlements that need to be granted to the account
Throws:
BulkProvisioningException - if errors occur during bulk operations
Since:
11.1.2.0.0

revokeEntitlements

void revokeEntitlements(java.util.List entitlementInstances)
                        throws BulkProvisioningException
This API method revokes the list of specified EntitlementInstance from the specified accounts
Parameters:
entitlementInstances - the list of entitlement instances that need to be revoked
Throws:
BulkProvisioningException - if errors occur during bulk operations
Since:
11.1.2.0.0

updateEntitlements

void updateEntitlements(java.util.List entitlementInstances)
                        throws BulkProvisioningException
This API method updates the attributes of the specified entitlement instances
Parameters:
entitlementInstances - the list of modified entitlement instances
Throws:
BulkProvisioningException - if errors occur during bulk operations
Since:
11.1.2.0.0

getAccountsProvisionedToUser

java.util.List getAccountsProvisionedToUser(java.lang.String userId)
                                            throws UserNotFoundException,
                                                   GenericProvisioningException
This API method returns a list of all the accounts provisioned to the user. By default this method will not return the AccountData in the AccountVO. To get the account data use getAccountsProvisionedToUser(String userId, boolean populateAccountData)
Parameters:
userId - The target user for whom the list of account is returned.
Returns:
A List of Account objects, which contains details about the application instance, the account profile and the entitlements corresponding to the accounts. Logged in user can have permission to view few accounts (i.e ApplicationInstance) out of the specified list. Only those accounts are returned in the list.
Throws:
UserNotFoundException - if the target user does not exist (i.e deleted) in the system.
GenericProvisioningException - if any other errors occur while fetching the accounts provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation.
Since:
11.1.2.0.0
See Also:
Account, AccountData, ApplicationInstance, EntitlementInstance

getAccountsProvisionedToUser

java.util.List getAccountsProvisionedToUser(java.lang.String userId,
                                            SearchCriteria criteria,
                                            java.util.HashMap configParams,
                                            boolean populateAccountData)
                                            throws UserNotFoundException,
                                                   GenericProvisioningException
This API method returns a list of all the accounts provisioned to the user. Additionally, one can pass criteria to filter the accounts being returned.
Parameters:
userId - The target user for whom the list of account is returned.
criteria - The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL and NOT_EQUAL. For additional comparisons like contains the SearchCriteria Operator will be EQUAL with value to be searched will be '*<value>*'

The following is a list of attributes supported: ProvisioningConstants.AppInstanceSearchAttribute.DISPLAY_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.OBJ_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.ACCOUNT_STATUS.getId()

configParams - Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.

The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched. These parameters are mandatory.

The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional

The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING.

The following is a list of attributes supported: ProvisioningConstants.AppInstanceSearchAttribute.DISPLAY_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.OBJ_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.ACCOUNT_STATUS.getId() ProvisioningConstants.AppInstanceSearchAttribute.PROVISIONED_ON.getId()

populateAccountData - A boolean to indicate whether account data should be populated in the returned list of Account VO. If set to false, account data will not be populated.
Returns:
A List of Account objects, which contains details about the application instance, the account profile and the entitlements corresponding to the accounts. Logged in user can have permission to view few accounts (i.e ApplicationInstance) out of the specified list. Only those accounts are returned in the list.
Throws:
UserNotFoundException - if the target user does not exist (i.e deleted) in the system.
GenericProvisioningException - if any other errors occur while fetching the accounts provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation.
Since:
11.1.2.2.0

getAccountsProvisionedToUser

java.util.List getAccountsProvisionedToUser(java.lang.String userId,
                                            SearchCriteria criteria,
                                            java.util.HashMap configParams)
                                            throws UserNotFoundException,
                                                   GenericProvisioningException
This API method returns a list of all the accounts provisioned to the user. Additionally, one can pass criteria to filter the accounts being returned. By default this method will not return the AccountData in the AccountVO. To get the account data use getAccountsProvisionedToUser(String userId, SearchCriteria criteria, HashMap<String, Object> configParams, boolean populateAccountData)
Parameters:
userId - The target user for whom the list of account is returned.
criteria - The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL and NOT_EQUAL. For additional comparisons like contains the SearchCriteria Operator will be EQUAL with value to be searched will be '*<value>*'

The following is a list of attributes supported: ProvisioningConstants.AppInstanceSearchAttribute.DISPLAY_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.OBJ_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.ACCOUNT_STATUS.getId()

configParams - Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.

The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched. These parameters are mandatory.

The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional

The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING.

The following is a list of attributes supported: ProvisioningConstants.AppInstanceSearchAttribute.DISPLAY_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.OBJ_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.ACCOUNT_STATUS.getId() ProvisioningConstants.AppInstanceSearchAttribute.PROVISIONED_ON.getId()

Returns:
A List of Account objects, which contains details about the application instance, the account profile and the entitlements corresponding to the accounts. Logged in user can have permission to view few accounts (i.e ApplicationInstance) out of the specified list. Only those accounts are returned in the list.
Throws:
UserNotFoundException - if the target user does not exist (i.e deleted) in the system.
GenericProvisioningException - if any other errors occur while fetching the accounts provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation.
Since:
11.1.2.0.0

getAccountsProvisionedToUser

java.util.List getAccountsProvisionedToUser(java.lang.String userId,
                                            boolean populateAccountData)
                                            throws UserNotFoundException,
                                                   GenericProvisioningException
This API method returns a list of all the accounts provisioned to the user
Parameters:
userId - The target user for whom the list of account is returned.
populateAccountData - boolean to indicate if account data should be populated in the returned Account VO. If set to false, account data will not be populated.
Returns:
A List of Account objects, which contains details about the application instance, the account profile and the entitlements corresponding to the accounts. Logged in user can have permission to view few accounts (i.e ApplicationInstance) out of the specified list. Only those accounts are returned in the list.
Throws:
UserNotFoundException - if the target user does not exist (i.e deleted) in the system.
GenericProvisioningException - if any other errors occur while fetching the accounts provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation.
Since:
11.1.2.0.0
See Also:
Account, AccountData, ApplicationInstance, EntitlementInstance

getEntitlementInstanceForEntitlement

java.util.List getEntitlementInstanceForEntitlement(Entitlement entitlement,
                                                    SearchCriteria searchcriteria,
                                                    java.util.HashMap configParams)
                                                    throws GenericProvisioningException,
                                                           AccessDeniedException,
                                                           EntitlementNotFoundException,
                                                           GenericEntitlementServiceException
This API method returns the entitlement instances for the given entitlement.
Parameters:
entitlement - Entitlement object for which entitlement instances has to be returned.
searchcriteria - The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operator supported is EQUAL

Following is the attribute supported: ProvisioningConstants.EntitlementInstanceSearchAttribute.ENT_ASSIGN_STATUS.getId() Following are the list of possible values supported for status ProvisioningConstants.ENT_PROVISIONED_STATUS ProvisioningConstants.ENT_PROV_IN_PROGRESS_STATUS ProvisioningConstants.ENT_FUTURE_GRANT_STATUS

configParams - Parameters to further configure the search operation. There are two configuration parameters. STARTROW and ENDROW.

The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.

Returns:
A list of EntitlementInstance objects which contains details about entitlements.
Throws:
GenericProvisioningException - if any other errors occur while fetching the entitlement instances for the given entitlement.
AccessDeniedException - if there is any authorization failure while getting the EntitlementInstance. To avoid this exception, the logged in user should at least have Entitlement Authorizer Admin Role on Organization to which this Entitlement is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view entitlement.
EntitlementNotFoundException - if the entitlement instance does not exist.
GenericEntitlementServiceException - if any failure while finding the entitlement.

getEntitlementInstance

EntitlementInstance getEntitlementInstance(long entitlementInstanceKey)
                                           throws AccessDeniedException,
                                                  EntitlementInstanceNotFoundException,
                                                  GenericProvisioningException
This API method returns an entitlement instance provisioned to the user corresponding to the edlntitlement key
Parameters:
entitlementInstanceKey - The entitlement instance key.
Returns:
An EntitlementInstance object which contains details about entitlement provisioned to the user.
Throws:
EntitlementInstanceNotFoundException - if the entitlement instance does not exist.
AccessDeniedException - if there is any authorization failure while getting the EntitlementInstance. To avoid this exception, the logged in user should at least have Entitlement Authorizer Admin Role on Organization to which this Entitlement is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view entitlement.
GenericProvisioningException - if any other errors occur while fetching entitlement details.
Since:
11.1.2.0.0
See Also:
Entitlement, EntitlementInstance, AuthorizationService, oracle.iam.platform.authopss.api.PolicyConstants.EntitlementActions.VIEW_SEARCH

getEntitlementInstances

java.util.List getEntitlementInstances(long[] entitlementInstanceKeys)
                                       throws GenericProvisioningException
This API method returns a list of entitlement instances provisioned to the user corresponding to the list of entitlement instances key.
Parameters:
userId - The target user for whom the entitlement instance is returned.
Returns:
A list of EntitlementInstance objects which contains details about entitlements provisioned to the user.
Throws:
GenericProvisioningException - if any other errors occur while fetching the entitlement instances provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation. Logged in user can have permission to view few entitlements out of the specified list. Only those entitlement instance are returned in the list.
Since:
11.1.2.0.0

getEntitlementsForUser

java.util.List getEntitlementsForUser(java.lang.String userId)
                                      throws UserNotFoundException,
                                             GenericProvisioningException
This API method returns a list of all the entitlements provisioned to the user.
Parameters:
userId - The target user for whom the entitlement instances are returned.
Returns:
A List of EntitlementInstance objects, which contains details about the entitlements. Logged in user can have permission to view few accounts (i.e ApplicationInstance) out of the specified list. Only those EntitlementInstances are returned in the list.
Throws:
UserNotFoundException - if the target user does not exist (i.e deleted) in the system.
GenericProvisioningException - if any other errors occur while fetching the entitlement instances provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation. Logged in user can have permission to view few entitlements out of the specified list. Only those entitlement instance are returned in the list.
Since:
11.1.2.0.0

getEntitlementsForUser

java.util.List getEntitlementsForUser(java.lang.String userId,
                                      SearchCriteria criteria,
                                      java.util.HashMap configParams)
                                      throws UserNotFoundException,
                                             GenericProvisioningException
This API method searches for entitlement instances provisioned to a user matching the specified SearchCriteria
Parameters:
userId - The target user for whom the entitlement instances are returned.
criteria - The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL and NOT_EQUAL. For additional comparisons like contains the SearchCriteria Operator will be EQUAL with value to be searched will be '*<value>*'

The following is a list of search attributes supported: ProvisioningConstants.EntitlementSearchAttribute.ENTITLEMENT_DISPLAYNAME.getId() ProvisioningConstants.EntitlementSearchAttribute.ENT_ASSIGN_STATUS.getId();

configParams - Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.

The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched. These parameters are mandatory.

The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional

The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING.

The following is a list of search attributes supported: ProvisioningConstants.EntitlementSearchAttribute.ENTITLEMENT_DISPLAYNAME.getId()

Returns:
A List of EntitlementInstance objects, which contains details about entitlements provisioned to the user.
Throws:
UserNotFoundException - if the target user does not exist (i.e deleted) in the system.
GenericProvisioningException - if any other errors occur while fetching the entitlement instances provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation. Logged in user can have permission to view few entitlements out of the specified list. Only those entitlement instance are returned in the list.
Since:
11.1.2.0.0

isApplicationInstanceProvisionedToUser

boolean isApplicationInstanceProvisionedToUser(java.lang.String userId,
                                               ApplicationInstance appInstance)
                                               throws UserNotFoundException,
                                                      ApplicationInstanceNotFoundException,
                                                      GenericProvisioningException,
                                                      AccessDeniedException
This API method returns a boolean indicating weather the specified user has an account in the specified application instance.
Parameters:
userId - The target user for whom operation is performed.
appInstance - The ApplicationInstance which needs to be checked if it is provisioned to user.
Returns:
true if the user has an account in the application instance in Provisioned/Enabled/Disabled state. false otherwise.
Throws:
UserNotFoundException - if a user with the specified userId is not found in the system
ApplicationInstanceNotFoundException - if the specified Application instance is not found in the system.
AccessDeniedException - if there is any authorization failure while checking if the ApplicationInstance is provisioned to user. To avoid this exception, the logged in user should at least have ApplicationInstance Viewer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view ApplicationInstance.
GenericProvisioningException - if any other errors occur while checking if the ApplicationInstance is provisioned to user.
Since:
11.1.2.0.0

isEntitlementProvisionedToUser

boolean isEntitlementProvisionedToUser(java.lang.String userId,
                                       Entitlement entitlement)
                                       throws UserNotFoundException,
                                              EntitlementNotFoundException,
                                              AccessDeniedException,
                                              GenericProvisioningException
This API method returns a boolean indicating whether the specified user has been granted the specific entitlement.
Parameters:
userId - The target user for whom operation is performed.
entitlement - The Entitlement which needs to be checked if it is provisioned to user.
Returns:
true if the user has an been granted the specified entitlement. false otherwise.
Throws:
UserNotFoundException - if a user with the specified userId is not found in the system
EntitlementNotFoundException - if the specified Entitlement is not found in the system.
AccessDeniedException - if there is any authorization failure while checking if the Entitlement is provisioned to user. To avoid this exception, the logged in user should at least have Entitlement Viewer Admin Role on Organization to which this Entitlement is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view Entitlement.
GenericProvisioningException - if any other errors occur while checking if the Entitlement is provisioned to user.
Since:
11.1.2.0.0

getAccountDetails

Account getAccountDetails(long accountId)
                          throws AccountNotFoundException,
                                 AccessDeniedException,
                                 GenericProvisioningException
This API method returns an Account value object which contains detailed information about the account corresponding to the specified account ID. The value object will contain information regarding the application instance, the account profile and all the entitlements corresponding to the accounts.
Parameters:
accountId - The account id of account whose details to be fetched.
Returns:
An Account value object.
Throws:
AccountNotFoundException - if no account is found corresponding to the specified accountId.
AccessDeniedException - if there is any authorization failure fetching account details. To avoid this exception, the logged in user should at least have ApplicationInstance Viewer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view ApplicationInstance.
GenericProvisioningException - if any other errors occur while fetching account details.
Since:
11.1.2.0.0

getMinimalAccountDetails

Account getMinimalAccountDetails(long accountId)
                                 throws AccountNotFoundException,
                                        AccessDeniedException,
                                        GenericProvisioningException
This API method returns an Account value object corresponding to the specified account ID. The AccountVO will not return the AccountData if this API is called. To retrieve the account data use getAccountDetails(long accountId)
Parameters:
accountId - The account id of account whose details to be fetched.
Returns:
An Account value object.
Throws:
AccountNotFoundException - if no account is found corresponding to the specified accountId.
AccessDeniedException - if there is any authorization failure fetching account details. To avoid this exception, the logged in user should at least have ApplicationInstance Viewer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view ApplicationInstance.
GenericProvisioningException - if any other errors occur while fetching account details.
Since:
11.1.2.0.0

getAccountDetails

java.util.List getAccountDetails(long[] accountIds)
                                 throws GenericProvisioningException
This API method returns a list of Account value object given the accountIds.The account object contains detailed information about the account corresponding to the specified account ID.
Parameters:
accountId - The list of account id of accounts whose details to be fetched.
Returns:
A list of Account value objects which have passed the authorization check. If an account is not found for a specified accountId, those accounts are also not returned in the list.
Throws:
GenericProvisioningException - if any other errors occur while fetching account details.
Since:
11.1.2.0.0

getUserAccountDetailsInApplicationInstance

java.util.List getUserAccountDetailsInApplicationInstance(java.lang.String userId,
                                                          long appInstanceKey)
                                                          throws UserNotFoundException,
                                                                 ApplicationInstanceNotFoundException,
                                                                 AccessDeniedException,
                                                                 GenericProvisioningException
This API method checks if the user has an account in the specified application instance. If an account is found, this API will return a List of Account provisioned (accounts in Provisioned/Enabled/Disabled status) to the specified userId. The value object will contain information regarding the application instance, the account profile and all the entitlements corresponding to the accounts.
Parameters:
userId - The target user for whom operation is performed.
appInstanceKey - ApplicationInstance key in which accounts are provisioned.
Returns:
List of Account value object. User can have multiple accounts in application instance and hence the list of Account
Throws:
UserNotFoundException - if no user is found in the system.
ApplicationInstanceNotFoundException - if the specified Application instance is not found in the system.
AccessDeniedException - if there is any authorization failure fetching account details. To avoid this exception, the logged in user should at least have ApplicationInstance Viewer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view ApplicationInstance.
GenericProvisioningException - if any other errors occur while fetching account details.
Since:
11.1.2.0.0

getUserAccountDetailsInApplicationInstance

java.util.List getUserAccountDetailsInApplicationInstance(java.lang.String userId,
                                                          long appInstanceKey,
                                                          boolean populateAccountData)
                                                          throws UserNotFoundException,
                                                                 ApplicationInstanceNotFoundException,
                                                                 AccessDeniedException,
                                                                 GenericProvisioningException
This API method checks if the user has an account in the specified application instance. If an account is found, this API will return a List of Account provisioned (accounts in Provisioned/Enabled/Disabled status) to the specified userId. The value object will contain information regarding the application instance, the account profile and all the entitlements corresponding to the accounts.
Parameters:
userId - The target user for whom operation is performed.
appInstanceKey - ApplicationInstance key in which accounts are provisioned.
populateAccountData - boolean to indicate if account data should be populated in the returned Account VO. If set to false, account data will not be populated.
Returns:
List of Account value object. User can have multiple accounts in application instance and hence the list of Account
Throws:
UserNotFoundException - if no user is found in the system.
ApplicationInstanceNotFoundException - if the specified Application instance is not found in the system.
AccessDeniedException - if there is any authorization failure fetching account details. To avoid this exception, the logged in user should at least have ApplicationInstance Viewer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view ApplicationInstance.
GenericProvisioningException - if any other errors occur while fetching account details.
Since:
11.1.2.2.0

changeAccountPassword

void changeAccountPassword(long accountId,
                           char[] newPassword)
                           throws AccessDeniedException,
                                  AccountNotFoundException,
                                  GenericProvisioningException
This API method is used to change user's account password. It validates if new account password is in accordance with defined password policies for a given account.
Parameters:
accountId - - This is OIU_KEY for the account
newPassword - - Character array containing new password
Throws:
AccountNotFoundException - if the account with the specified accountId does not exist.
AccessDeniedException - if there is any authorization failure while changing the account password. To avoid this exception, the logged in user should at least have ApplicationInstance Authorizer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to modify account password.
GenericProvisioningException - if any other error, connector failures occur.
Since:
11.1.2.0.0
See Also:
Account, AuthorizationService, oracle.iam.platform.authopss.api.PolicyConstants.ApplicationInstanceActions.MODIFY_ACCOUNT_PASSWORD

getPasswordResettableAccountsForUser

java.util.List getPasswordResettableAccountsForUser(java.lang.String userID)
                                                    throws UserNotFoundException,
                                                           GenericProvisioningException
This API method returns a list of accounts provisioned to the user for which password can be reset. That is, it returns only those accounts that have user defined password field in process form. i.e sdc_field_type = passwordField && sdc_name = FormName_PASSWORD The returned list will not contain disconnected account or accounts that are revoked.
Parameters:
userId - The target user id for whom operation is performed.
Returns:
A List of Account objects, which contains details about the application instance, the account profile and the entitlements corresponding to the accounts
Throws:
UserNotFoundException - if no user is found in the system.
GenericProvisioningException - if any other errors occur while fetching account details.
Since:
11.1.2.0.0

changeAccountType

void changeAccountType(long accountId,
                       Account.ACCOUNT_TYPE accountType)
                       throws AccessDeniedException,
                              AccountNotFoundException,
                              GenericProvisioningException
This API is used to change the account type of the account.
Parameters:
accountId - - This is OIU_KEY for the account
accountType - - The values can be Account.ACCOUNT_TYPE.Primary, Account.ACCOUNT_TYPE.Secondery, Account.ACCOUNT_TYPE.Admin, Account.ACCOUNT_TYPE.Other, Account.ACCOUNT_TYPE.ServiceAccount An account can not change from Primary to any other type However, any other type can be changed into primary account.
Throws:
AccountNotFoundException - thrown if no account is found corresponding to the specified accountId.
AccessDeniedException - if there is any authorization failure while modifying the account type. To avoid this exception, the logged in user should at least have ApplicationInstance Authorizer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to modify account.
GenericProvisioningException - thrown if any error in db, connector failures occur.
Since:
11.1.2.0.0

getEntitlementInstance

EntitlementInstance getEntitlementInstance(long accountId,
                                           long entitlemenkey)
                                           throws AccessDeniedException,
                                                  EntitlementInstanceNotFoundException,
                                                  GenericProvisioningException
This API method returns an entitlement instance provisioned to the user corresponding to the entitlement key and account id
Parameters:
accountId - The accountId of the account to which the Entitlement is granted to.
entitlementKey - The entitlement key
Returns:
An EntitlementInstance object which contains details about entitlement provisioned to the user.
Throws:
EntitlementInstanceNotFoundException - if the entitlement instance does not exist.
AccessDeniedException - if there is any authorization failure while getting the EntitlementInstance. To avoid this exception, the logged in user should at least have Entitlement Authorizer Admin Role on Organization to which this Entitlement is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view entitlement.
GenericProvisioningException - if any other errors occur while fetching entitlement details.
Since:
11.1.2.2.0
See Also:
Entitlement, EntitlementInstance, AuthorizationService, oracle.iam.platform.authopss.api.PolicyConstants.EntitlementActions.VIEW_SEARCH

grantEntitlements

void grantEntitlements(java.util.List entitlementInstances)
                       throws BulkProvisioningException
This API method grants the list of specified EntitlementInstance to the specified account This is a bulk operation that grants multiple EntitlementInstance to user's account.
Parameters:
entitlementInstances - the list of entitlementInstances that need to be granted to the account
Throws:
BulkProvisioningException - if errors occur during bulk operations
Since:
11.1.2.2.0

findEntitlementsForRole

java.util.List findEntitlementsForRole(java.lang.String roleKey)
                                       throws AccessDeniedException,
                                              GenericProvisioningException
This API method returns the list of entitlements for the given role key. It finds the access policies associated with this role and then returns a list of entitlements associated to such access policies.
Parameters:
roleKey - roleKey for which associated Entitlements need to be fetched.
Returns:
List<Entitlement> A list of Entitlement value objects.
Throws:
AccessDeniedException - if there is any authorization failure while getting the Entitlements. only user with capability "Role-View/Search" which allows user to view and search roles can access this API.
GenericProvisioningException - if any other errors occur while fetching entitlement details.

getEntitlementsForAccessPolicies

java.util.List getEntitlementsForAccessPolicies(java.util.List policyKeys,
                                                java.util.Map configParams)
                                                throws AccessDeniedException,
                                                       GenericProvisioningException
This API method returns the list of Entitlements for the given access policy Keys.
Parameters:
policyKeys - list of policyKeys for which associated Entitlements (as child access policy default data) need to be fetched.
configParams - Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.

The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.

The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted.

The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING.

Returns:
List<Entitlement> List of Entitlment value objects.
Throws:
AccessDeniedException - if there is any authorization failure while getting the Entitlements. only user with the capability "Role-Create" which allowes user to create a role can access this api.
GenericProvisioningException - if any other errors occur while fetching entitlement details.

getProvisionedAccountsForAppInstance

java.util.List getProvisionedAccountsForAppInstance(java.lang.String appInstance,
                                                    SearchCriteria crit,
                                                    java.util.HashMap configParams)
                                                    throws GenericProvisioningException,
                                                           AccessDeniedException
This API method rethrns the list of accounts for a given application instance name. The account VOs returned will be the light-weight VOs.
Parameters:
appInstance -
searchCriteria - The search criteria based on which entries will be retrieved from the backend. The possible SearchCriteria are ProvisioningConstants.AccountSearchAttribute.ACCOUNT_STATUS ProvisioningConstants.AccountSearchAttribute.ACCOUNT_TYPE
configParams - Parameters to further configure the search operation. There are four configuration parameters. ApplicationInstance.STARTROW, Applicationunstance.ENDROW, ApplicationInstance SORTEDBY, ApplicationInstance SORTORDER
Returns:
List of accounts
Throws:
GenericProvisioningException
AccessDeniedException

confirmAccountPassword

boolean confirmAccountPassword(long accountId,
                               char[] existingAccountPassword)
                               throws AccessDeniedException,
                                      AccountNotFoundException,
                                      GenericProvisioningException
This API method is used to verify and confirm account password.
Parameters:
accountId - - This is OIU_KEY for the account
accountPassword - - Character array containing existing password that needs to be verified
Throws:
AccountNotFoundException - if the account with the specified accountId does not exist.
AccessDeniedException - if there is any authorization failure while verifying existing the account password. To avoid this exception, the logged in user should at least have ApplicationInstance Authorizer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to modify account password.
GenericProvisioningException - if any other error, connector failures occur.
Since:
11.1.2.2.0
See Also:
Account, AuthorizationService, oracle.iam.platform.authopss.api.PolicyConstants.ApplicationInstanceActions.MODIFY_ACCOUNT_PASSWORD

Skip navigation links

Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

Copyright © 2015, Oracle and/or its affiliates. All rights reserved.