AuthorizationService (Oracle Fusion Middleware Java API Reference for Oracle Identity Manager)

All Known Subinterfaces:

AuthorizationOPSSService
```
public interface AuthorizationService
```
Service interface specifying contracts for the authorization checks supported by the OIM Authorization layer. Clients need to call this service for authorization checks at their Policy Enforcement Points. Examples of PEPs may be specific navigation items or action widgets on the user interface, or proactive checkpoints before processing a request in a feature, or an access control mechanism embedded in a custom OIM client.

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`java.util.List`	`allowedActions(java.lang.String subjectId, PolicyConstants.Resources resource)` Search for the allowed actions for the user on a resource.
`AuthorizationResult`	`bulkHasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.util.List resourceId, PolicyConstants.Actions action)` Check if user is allowed to perform an action on a specific resource.
`AuthorizationResult`	`bulkHasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.util.List resourceIds, PolicyConstants.Actions action, java.util.Map envMap)` Check if user is allowed to perform an action on a specific resource.
`AuthorizationResult`	`bulkHasAccessRelationship(java.lang.String subjectId, PolicyConstants.Resources beneficiaryType, java.util.List beneficiaryId, PolicyConstants.Resources targetEntityType, java.util.List targetEntityId, PolicyConstants.Actions targetAction, boolean performBeneficiaryCheck)` Check if user is allowed to perform the relationship operation on beneficiary(user) to the target(role, IT Resource or Entitlement).
`AuthorizationResult`	`hasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, PolicyConstants.Actions action)` Check if user is allowed to perform an action.
`AuthorizationResult`	`hasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.lang.String resourceId, OperationContext opContext)` Check if user is allowed to perform an action on a specific resource.
`AuthorizationResult`	`hasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.lang.String resourceId, PolicyConstants.Actions action)` Check if user is allowed to perform an action on a specific resource.
`AuthorizationResult`	`hasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.lang.String resourceId, PolicyConstants.Actions action, java.util.Map envMap)` Check if user is allowed to perform an action on a specific resource.
`AuthorizationResult`	`hasAccessRelationship(java.lang.String subjectId, PolicyConstants.Resources beneficiaryType, java.lang.String beneficiaryId, PolicyConstants.Resources targetEntityType, java.lang.String targetEntityId, PolicyConstants.Actions targetAction)` Check if user is allowed to perform the relationship operation on beneficiary(user) to the target(role, IT Resource or Entitlement).

- Method Detail
  - hasAccess
```
AuthorizationResult hasAccess(java.lang.String subjectId,
                              PolicyConstants.Resources resourceType,
                              PolicyConstants.Actions action)
                       throws AccessDeniedException
```
    Check if user is allowed to perform an action. Permissions for the specific resource type are evaluated and obligation may return to declare the constraints to be followed while performing the action.
    
    Parameters:
    
    subjectId - usr_key of the user performing the action, required.
    
    resourceType - type of the resource being accessed, required.
    
    action - actions are defined per resource type, required
    
    Returns:
    
    returns authorization result, which has decision and obligations to be followed.
    
    Throws:
    
    AccessDeniedException
  - hasAccess
```
AuthorizationResult hasAccess(java.lang.String subjectId,
                              PolicyConstants.Resources resourceType,
                              java.lang.String resourceId,
                              PolicyConstants.Actions action)
                       throws AccessDeniedException
```
    Check if user is allowed to perform an action on a specific resource. This method calls entity's security data provider to get the SecurableEntity object and then delgates evaluation to the hasAccess method with that object.
    
    Parameters:
    
    subjectId - usr_key of the user performing the action, required.
    
    resourceType - type of the resource being accessed, required.
    
    resourceId - id of a specific resource, required
    
    action - actions are defined per resource type, required
    
    Returns:
    
    returns authorization result, which has decision and obligations to be followed.
    
    Throws:
    
    AccessDeniedException
  - hasAccess
```
AuthorizationResult hasAccess(java.lang.String subjectId,
                              PolicyConstants.Resources resourceType,
                              java.lang.String resourceId,
                              OperationContext opContext)
                       throws AccessDeniedException
```
    Check if user is allowed to perform an action on a specific resource. This method calls entity's security data provider to get the SecurableEntity object and then delgates evaluation to the hasAccess method with that object.
    
    Parameters:
    
    subjectId - usr_key of the user performing the action, required.
    
    resourceType - type of the resource being accessed, required.
    
    resourceId - list of id of resources, required
    
    opContext - - the operation context used for specifying request context.
    
    Returns:
    
    authorizationResult - The authorization result, which has decision and obligations to be followed.
    
    Throws:
    
    AccessDeniedException
  - bulkHasAccess
```
AuthorizationResult bulkHasAccess(java.lang.String subjectId,
                                  PolicyConstants.Resources resourceType,
                                  java.util.List resourceId,
                                  PolicyConstants.Actions action)
                           throws AccessDeniedException
```
    Check if user is allowed to perform an action on a specific resource. This method calls entity's security data provider to get the SecurableEntity object and then delgates evaluation to the hasAccess method with that object.
    
    Parameters:
    
    subjectId - usr_key of the user performing the action, required.
    
    resourceType - type of the resource being accessed, required.
    
    resourceId - list of id of resources, required
    
    action - actions are defined per resource type, required
    
    Returns:
    
    returns authorization result, which has decision and obligations to be followed.
    
    Throws:
    
    AccessDeniedException
  - hasAccessRelationship
```
AuthorizationResult hasAccessRelationship(java.lang.String subjectId,
                                          PolicyConstants.Resources beneficiaryType,
                                          java.lang.String beneficiaryId,
                                          PolicyConstants.Resources targetEntityType,
                                          java.lang.String targetEntityId,
                                          PolicyConstants.Actions targetAction)
                                   throws AccessDeniedException
```
    Check if user is allowed to perform the relationship operation on beneficiary(user) to the target(role, IT Resource or Entitlement). It also checks if the beneficairy is allowed to view the target enity.
    
    Parameters:
    
    subjectId - usr_key of the user performing the action, required.
    
    beneficiaryType - type of the resource(user) being granted , required.
    
    beneficiaryId - id of a specific resource(user), required
    
    targetEntityType - type of the target entity being assigned , required.
    
    targetEntityId - id of a specific target entity being assigned, required
    
    targetAction - action for the target entity, required.
    
    Returns:
    
    returns authorization result, which has decision and obligations to be followed.
    
    Throws:
    
    AccessDeniedException
  - bulkHasAccessRelationship
```
AuthorizationResult bulkHasAccessRelationship(java.lang.String subjectId,
                                              PolicyConstants.Resources beneficiaryType,
                                              java.util.List beneficiaryId,
                                              PolicyConstants.Resources targetEntityType,
                                              java.util.List targetEntityId,
                                              PolicyConstants.Actions targetAction,
                                              boolean performBeneficiaryCheck)
                                       throws AccessDeniedException
```
    Check if user is allowed to perform the relationship operation on beneficiary(user) to the target(role, IT Resource or Entitlement). It also checks if the beneficairy is allowed to view the target enity.
    
    Parameters:
    
    subjectId - usr_key of the user performing the action, required.
    
    beneficiaryType - type of the resource(user) being granted , required.
    
    beneficiaryId - id list of resource(user), required
    
    targetEntityType - type of the target entity being assigned , required.
    
    targetEntityId - id List of target entity being assigned, required
    
    targetAction - action for the target entity, required.
    
    performBeneficiaryCheck - boolean if the beneficiary check is required.
    
    Returns:
    
    returns authorization result, which has decision and obligations to be followed.
    
    Throws:
    
    AccessDeniedException
  - allowedActions
```
java.util.List allowedActions(java.lang.String subjectId,
                              PolicyConstants.Resources resource)
                       throws AccessDeniedException
```
    Search for the allowed actions for the user on a resource.
    
    Parameters:
    
    subjectId - usr_key of the user performing the action, required.
    
    resource - enum for the type of the resource being accessed, required.
    
    Returns:
    
    returns List of allowed actions.
    
    Throws:
    
    AccessDeniedException
  - hasAccess
```
AuthorizationResult hasAccess(java.lang.String subjectId,
                              PolicyConstants.Resources resourceType,
                              java.lang.String resourceId,
                              PolicyConstants.Actions action,
                              java.util.Map envMap)
                       throws AccessDeniedException
```
    Check if user is allowed to perform an action on a specific resource. This method calls entity's security data provider to get the SecurableEntity object and then delgates evaluation to the hasAccess method with that object.
    
    Parameters:
    
    subjectId - usr_key of the user performing the action, required.
    
    resourceType - type of the resource being accessed, required.
    
    resourceId - id of a specific resource.
    
    action - actions are defined per resource type, required
    
    envMap - Map containing the List of values for various keys defined in resource-sec-attributes (PolicyConstants.ResourceSecurityAttributes) Need to pass the USER_ORG_HIERARCHY and USER_MANAGEMENT_CHAIN as key and vlaue as List of organizations(List) & managerKey(String) of the user e.g. : envMap.put(PolicyConstants.ResourceSecurityAttributes.USER_MANAGEMENT_CHAIN.getId(), managerKey); envMap.put(PolicyConstants.ResourceSecurityAttributes.USER_ORG_HIERARCHY.getId() , orgList);
    
    Returns:
    
    returns authorization result, which has decision and obligations to be followed.
    
    Throws:
    
    AccessDeniedException
  - bulkHasAccess
```
AuthorizationResult bulkHasAccess(java.lang.String subjectId,
                                  PolicyConstants.Resources resourceType,
                                  java.util.List resourceIds,
                                  PolicyConstants.Actions action,
                                  java.util.Map envMap)
                           throws AccessDeniedException
```
    Check if user is allowed to perform an action on a specific resource. This method calls entity's security data provider to get the SecurableEntity object and then delgates evaluation to the hasAccess method with that object.
    
    Parameters:
    
    subjectId - usr_key of the user performing the action, required.
    
    resourceType - type of the resource being accessed, required.
    
    resourceIds - id list of resources.
    
    action - actions are defined per resource type, required
    
    envMap - Map containing the List of values for various keys defined in resource-sec-attributes (PolicyConstants.ResourceSecurityAttributes) Need to pass the USER_ORG_HIERARCHY and USER_MANAGEMENT_CHAIN as key and vlaue as List of organizations(List) & managerKey(String) of the user e.g. : envMap.put(PolicyConstants.ResourceSecurityAttributes.USER_MANAGEMENT_CHAIN.getId(), managerKey); envMap.put(PolicyConstants.ResourceSecurityAttributes.USER_ORG_HIERARCHY.getId() , orgList);
    
    Returns:
    
    returns authorization result, which has decision and obligations to be followed.
    
    Throws:
    
    AccessDeniedException

Interface AuthorizationService

Method Summary

Method Detail

hasAccess

hasAccess

hasAccess

bulkHasAccess

hasAccessRelationship

bulkHasAccessRelationship

allowedActions

hasAccess

bulkHasAccess