public interface PermissionSetManager extends EntityManager
Modifier and Type | Method and Description |
---|---|
EntryReference |
createPermissionSet(PermissionSetEntry permSet)
Create a PermissionSet
|
void |
deletePermissionSet(EntryReference ref, boolean cascade)
Delete a PermissionSet
|
PermissionSetEntry |
getPermissionSet(java.lang.String permissionSetName)
Get a PermissionSet by Name.
|
java.util.List<PermissionSetEntry> |
getPermissionSets(PermissionSetSearchQuery query)
Query PermissionSets based upon a search criteria.
|
void |
modifyPermissionSet(EntryReference ref, javax.naming.directory.ModificationItem[] modItems)
Modify the PermissionSet.
|
void |
modifyPermissionSet(EntryReference ref, ResourceActionsEntry resourceActionsToAdd, ResourceActionsEntry resourceActionsToDelete)
Modify the PermissionSet
|
resolveReference
EntryReference createPermissionSet(PermissionSetEntry permSet) throws InvalidArgumentException, PolicyStoreException
permSet
- the permission set. If the following prerequisites are not satisfied, the method would throw PolicyObjectNotFoundException
1. The resource type referenced in permSet
should exist at the application scope level, 2. The resource names referenced in permSet
should exist at the same level at which the permissionSet is being defined. For example, if creating an PermissionSet at the application scope, then resource must exist at the application scope, and if the permissionSet is being created at a PolicyDomain level, then resource must exist in the PolicyDomain.PolicyObjectAlreadyExistsException
- if the permission set exists alreadyPolicyObjectNotFoundException
- if the resource type or resource name referenced in the permSet
does not already exist in policy storeInvalidArgumentException
- if permSet is null or if ResourceAction(s) contain ResouceNameExpression have an invalid java regex.PolicyStoreException
- if there was an error while creating the PermissionSet. For example, if the resource instance is not found in the store, a PolicyStoreException is reported.void deletePermissionSet(EntryReference ref, boolean cascade) throws InvalidArgumentException, PolicyStoreException
ref
- a reference to the PermissionSetcascade
- if set to false, a check is performed to determine if there are any grants referencing this PermissionSet. If there are any grants, an exception is raised.
if set to true, any grant referencing this PermissionSet is also deleted along with this PermissionSet.
InvalidArgumentException
- if the input parameters are invalid.PolicyStoreException
- if there was an error while deleting the PermissionSet.PolicyStoreOperationNotAllowedException
- if the PermissionSet being deleted is in use and force flag is false.void modifyPermissionSet(EntryReference ref, ResourceActionsEntry resourceActionsToAdd, ResourceActionsEntry resourceActionsToDelete) throws InvalidArgumentException, PolicyStoreException
If there are any grants referencing this PermissionSet, the grants are also modified.
ref
- the reference to the PermissionSetresourceActionsToAdd
- the ResourceActionsEntry to add. It can be null.resourceActionsToDelete
- the ResourceActionsEntry to remove. It can be null. If Non-null, the resourceActionsToRemove must be present in this PermissionSet.PolicyStoreException
- if there was an error while modifying the PermissionSet.InvalidAgrumentException
- If both resourceActionsToAdd and resourceActionsToDelete are both null or either contains ResouceNameExpression have an invalid java regex.InvalidArgumentException
void modifyPermissionSet(EntryReference ref, javax.naming.directory.ModificationItem[] modItems) throws InvalidArgumentException, PolicyStoreException
The displayname and description of the permission can be modified by this method.
The following code fragment illustrates how to Replace the display name.
PermissionSetManager psm; String property2Change = PermissionSetEntry.Properties.PROPERTY_DISPLAY_NAME.name(); String newValue = "this is the new description"; Attribute attr = new BasicAttribute ( property2Change, newValue); ModificationItem displayModItem = new ModificationItem ( DirContext.REPLACE_ATTRIBUTE, attr); ModificationItem[] allItems = new ModificationItem []{ displayModItem }; // get psm psm.modifyPermissionSet ( ref, allItems );
ref
- a reference to the PermissionSetmodItems
- an array of modification items.InvalidArgumentException
- if the input parameters are invalidPolicyStoreException
- if there was an error while modifying the PermissionSet.PermissionSetEntry getPermissionSet(java.lang.String permissionSetName) throws InvalidArgumentException, PolicyObjectNotFoundException, PolicyStoreException
permissionSetName
- name of the PermissionSet.If the resource is managed in an external store, it is possible the resource has been deleted without the PermissionSet being updated.
If the resoure is managed in the default store, it is also possible for the resource to have been deleted without the PermissionSet having been updated. This is possible in distributed policy environment.
InvalidArgumentException
- if permissionSetName is null or empty.PolicyObjectNotFoundException
- if PermissionSet with the name does not exist.PolicyStoreException
- if there was an error while searching for the PermissionSet.java.util.List<PermissionSetEntry> getPermissionSets(PermissionSetSearchQuery query) throws InvalidArgumentException, PolicyStoreException
query
- search criteria, must not be null.getPermissionSet(String)
which attempts to lookup the description and display name of the resource. Returns an empty list if no permisison set matching the query is found.
If no permissionSets are found, an empty list is returned.
InvalidArgumentException
- if query is null.PolicyStoreException
- if there was an error while querying.