Interface DelReviewMgr
-
- All Superinterfaces:
Manageable
- All Known Implementing Classes:
DelReviewMgrImpl
,DelReviewMgrRestImpl
public interface DelReviewMgr extends Manageable
This class prescribes the ARBAC02 DelReviewMgr interface for performing policy interrogation of provisioned Fortress ARBAC entities that reside in LDAP directory. These APIs map directly to similar named APIs specified by ARBAC02 functions. The ARBAC Functional specification describes delegated administrative operations for the creation and maintenance of ARBAC element sets and relations. Delegated administrative review functions for performing administrative queries and system functions for creating and managing ARBAC attributes on user sessions and making delegated administrative access control decisions.Administrative Role Based Access Control (ARBAC)
Fortress fully supports the Oh/Sandhu/Zhang ARBAC02 model for delegated administration. ARBAC provides large enterprises the capability to delegate administrative authority to users that reside outside of the security admin group. Decentralizing administration helps because it provides security provisioning capability to work groups without sacrificing regulations for accountability or traceability.
This interface's implementer will NOT be thread safe if parent instance variables (
Manageable.setContextId(String)
orManageable.setAdmin(org.apache.directory.fortress.core.model.Session)
) are set.- Author:
- Apache Directory Project
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description List<UserAdminRole>
assignedRoles(User user)
This function returns the set of admin roles assigned to a given user.List<User>
assignedUsers(AdminRole role)
This method returns the data set of all users who are assigned the given admin role.List<AdminRole>
findRoles(String searchVal)
Method will return a list of type Admin Role.OrgUnit
read(OrgUnit entity)
Commands reads existing OrgUnit entity from OrgUnit dataset.AdminRole
readRole(AdminRole role)
Method reads Admin Role entity from the admin role container in directory.List<Permission>
rolePermissions(AdminRole role)
This function returns the set of all ARBAC permissions (op, obj), granted to or inherited by a given ARBAC role.List<Permission>
rolePermissions(AdminRole role, boolean noInheritance)
This function returns the set of all ARBAC permissions (op, obj), granted to or inherited by a given ARBAC role.List<OrgUnit>
search(OrgUnit.Type type, String searchVal)
Commands searches existing OrgUnit entities from OrgUnit dataset.-
Methods inherited from interface org.apache.directory.fortress.core.Manageable
setAdmin, setContextId
-
-
-
-
Method Detail
-
readRole
AdminRole readRole(AdminRole role) throws SecurityException
Method reads Admin Role entity from the admin role container in directory.required parameters
Role.name
- contains the name of the AdminRole being targeted for read
- Parameters:
role
- contains role name to be read.- Returns:
- AdminRole entity that corresponds with role name.
- Throws:
SecurityException
- will be thrown if role not found or system error occurs.
-
findRoles
List<AdminRole> findRoles(String searchVal) throws SecurityException
Method will return a list of type Admin Role.required parameters
Role.name
- contains all or some chars in the name of AdminRole(s) targeted for search
- Parameters:
searchVal
- contains the all or some of the chars corresponding to admin role entities stored in directory.- Returns:
- List of type AdminRole containing role entities that match the search criteria.
- Throws:
SecurityException
- in the event of system error.
-
assignedRoles
List<UserAdminRole> assignedRoles(User user) throws SecurityException
This function returns the set of admin roles assigned to a given user. The function is valid if and only if the user is a member of the USERS data set.required parameters
User.userId
- contains the userId associated with the User object targeted for search.
- Parameters:
user
- contains userId matching user entity stored in the directory.- Returns:
- List of type UserAdminRole containing the user admin role data.
- Throws:
SecurityException
- If user not found or system error occurs.
-
assignedUsers
List<User> assignedUsers(AdminRole role) throws SecurityException
This method returns the data set of all users who are assigned the given admin role. This searches the User data set for AdminRole relationship. This method does NOT search for hierarchical Admin Roles relationships.required parameters
Role.name
- contains the name of AdminRole targeted for search
- Parameters:
role
- contains the role name used to search the User data set.- Returns:
- List of type User containing the users assigned data.
- Throws:
SecurityException
- If system error occurs.
-
read
OrgUnit read(OrgUnit entity) throws SecurityException
Commands reads existing OrgUnit entity from OrgUnit dataset. The OrgUnit can be either User or Perm and is set by setting type attribute.required parameters
-
OrgUnit.name
- contains the name associated with the OrgUnit object targeted for search. -
OrgUnit.type
- contains the type of OU:OrgUnit.Type.USER
orOrgUnit.Type.PERM
- Parameters:
entity
- contains OrgUnit name and type.- Returns:
- OrgUnit entity that corresponds with ou name and type.
- Throws:
SecurityException
- in the event of data validation or system error.
-
-
search
List<OrgUnit> search(OrgUnit.Type type, String searchVal) throws SecurityException
Commands searches existing OrgUnit entities from OrgUnit dataset. The OrgUnit can be either User or Perm and is set by setting type parameter on API.required parameters
-
OrgUnit.type
- contains the type of OU:OrgUnit.Type.USER
orOrgUnit.Type.PERM
- searchVal - contains some or all of the chars associated with the OrgUnit objects targeted for search.
- Parameters:
type
- either PERM or USERsearchVal
- contains the leading chars that map toOrgUnit.name
on existing OrgUnit(s) targeted for search.- Returns:
- List of type OrgUnit containing the OrgUnit data.
- Throws:
SecurityException
- in the event of data validation or system error.
-
-
rolePermissions
List<Permission> rolePermissions(AdminRole role) throws SecurityException
This function returns the set of all ARBAC permissions (op, obj), granted to or inherited by a given ARBAC role. The function is valid if and only if the role is a member of the ROLES data set.required parameters
Role.name
- contains the name to use for the AdminRole targeted for search.
- Parameters:
role
- contains role name,Role.name
of AdminRole entity Permission is granted to.- Returns:
- List of type Permission that contains all perms granted to a role.
- Throws:
SecurityException
- In the event system error occurs.
-
rolePermissions
List<Permission> rolePermissions(AdminRole role, boolean noInheritance) throws SecurityException
This function returns the set of all ARBAC permissions (op, obj), granted to or inherited by a given ARBAC role. The function is valid if and only if the role is a member of the ROLES data set.required parameters
Role.name
- contains the name to use for the AdminRole targeted for search.
- Parameters:
role
- contains role name,Role.name
of AdminRole entity Permission is granted to.noInheritance
- if true will NOT include inherited roles in the search.- Returns:
- List of type Permission that contains all perms granted to a role.
- Throws:
SecurityException
- In the event system error occurs.
-
-