com.netegrity.llsdk6.imsapi.managedobject
Interface Role

All Superinterfaces:

AttributeCollection, ManagedObject, java.util.Map, ModifiableObject, NamedObject, java.io.Serializable

All Known Subinterfaces:

AccessRole, AdminRole, ProvisioningRole

public interface Role
extends ManagedObject

Provides access to the attributes in a Role managed object through the methods inherited from the base interfaces.

Role represents a logical grouping of administrative or business tasks. The managed object interfaces AdminRole and AccessRole extend the Role interface.

Since:

IdentityMinder 5.6

Nested Class Summary

static class

Role.CustomFieldId Contains identifiers for the custom fields on an access/admin roles configuration screen.

Nested classes/interfaces inherited from interface java.util.Map

java.util.Map.Entry<K,V>

Field Summary

static java.lang.String	ASSIGNABLE The role object's assignable flag.
static java.lang.String	ASSIGNMENT_TYPE The role object's assignment type.
static java.lang.String	CONSTRAINT The role object's constraint value.
static java.lang.String	CONSTRAINT_TYPE The role object's constraint type.
static java.lang.String	DELEGATABLE The role object's delegatable flag.
static java.lang.String	DESCRIPTION The role object's description.
static java.lang.String	ENABLED The role object's enabled flag.
static java.lang.String	FRIENDLY_NAME The role object's friendly name.
static java.lang.String	VERSION The role object's version.

Method Summary

void	addTasks(Task[] newTasks) Adds one or more tasks to the set of tasks associated with this role.
void	clearAdminPolicies() Clears the set of AdminPolicy objects associated with this role.
void	clearMembershipPolicies() Clears the set of MembershpPolicy objects associated with this role.
void	clearTasks() Clears the set of tasks associated with this role.
AdminPolicy	createAdminPolicy(MemberRule trigger, ScopeRule user, boolean assignable, boolean adminassignable) Creates a new administrator policy for this role.
AdminPolicy	createAdminPolicy(java.lang.String MemberRuleXML, java.lang.String UserScopeRuleXML, boolean assignable, boolean adminassignable, boolean validate) Creates a new administrator policy for this role using XML as input -- primarily used by Identity Manager only.
MembershipPolicy	createMembershipPolicy(MemberRule trigger, ScopeRule user, ScopeRule group, ScopeRule org) Creates a new membership policy for this role.
MembershipPolicy	createMembershipPolicy(java.lang.String MemberRuleXML, java.lang.String UserScopeRuleXML, java.lang.String GroupScopeRuleXML, java.lang.String OrgScopeRuleXML, boolean validate) Creates a new membership policy for this role using XML as input -- primarily used by Identity Manager only.
MembershipPolicy	createMembershipPolicy(java.lang.String MemberRuleXML, java.lang.String UserScopeRuleXML, java.lang.String GroupScopeRuleXML, java.lang.String OrgScopeRuleXML, java.lang.String AccessTaskScopeRuleXML, boolean validate) Create a new membership policy for this role -- typically used by IdentityMinder only.
void	enableRole(boolean enabled) Alters the enabled state of this role.
java.util.Vector	getAdministrators(AttributeRightsCollection attribs) Retrieves the administrators for this role.
java.util.Vector	getAdministrators(int countLimit, AttributeRightsCollection attribs) Retrieves the administrators for this role.
java.util.Vector	getAdminPolicies() Retrieves the set of AdminPolicy objects associated with this role.
boolean	getAllowDuplicateCustom() Retrieves the flag that determines if duplicate values are allowed in custom fields
ChangeActionCollection	getChangeActions(ChangeRuleType type) Retrieves the ChangeRule object of the specified type associated with this role -- typically used by Identity Manager only.
java.lang.String	getCustomField(Role.CustomFieldId id) Retrieves the value of a custom field.
java.util.Vector	getMembers(AttributeRightsCollection attribs) Retrieves all objects that are members of this role.
java.util.Vector	getMembers(java.util.Enumeration attribs) Internal use only - use getMembers(AttributeRightsCollection).
java.util.Vector	getMembers(int countLimit, AttributeRightsCollection attribs) Return all objects that are members of this role
java.util.Vector	getMembershipPolicies() Retrieves the set of MembershpPolicy objects associated with this role.
java.util.Vector	getOwners(AttributeRightsCollection attribs) Retrieves all objects that are owners of this role.
java.util.Vector	getOwners(int countLimit, AttributeRightsCollection attribs) Retrieves all objects that are owners of this role.
java.lang.String	getRoleDescription() Retrieves the description of this role.
java.util.Vector	getTasks() Retrieves all tasks for this role
boolean	isRoleAdminAssignable() Determines whether users can be assigned as administrators for the role.
boolean	isRoleAssignable() Determines whether members can be assigned to the role.
boolean	isRoleEnabled() Determines whether the role is enabled.
void	modifyObject(Task[] tasks) Commits to the data store any changes made to the current managed object's local (in-memory) attribute set, and also specifies the complete set of tasks to be associated with the role.
void	removeTasks(Task[] tasks) Removes one or more tasks from the set of tasks associated with this role.
void	setAllowDuplicateCustom(boolean value) Sets the flag that determines if duplicate values are allowed in custom fields
void	setChangeActions(ChangeRuleType type, ChangeActionCollection rule) Sets the change rule of this specified type associated with this role -- typically used by Identity Manager only.
void	setChangeActions(ChangeRuleType type, java.lang.String ChangeActionXML, boolean validate) Sets the change rule of this specified type associated with this role -- typically used by Identity Manager only.
void	setCustomField(Role.CustomFieldId id, java.lang.String value) Sets the value of the specified reserved field, overwriting any existing value.
void	setFriendlyName(java.lang.String friendlyName) Sets the role's friendly name value.
void	setRoleAdminAssignable(boolean adminAssignable) Alters the assignable state of this role for role administrators.
void	setRoleAssignable(boolean assignable) Alters the assignable state of this role for role members.
void	setRoleDescription(java.lang.String newDescription) Sets the description of this role.

Methods inherited from interface com.netegrity.llsdk6.imsapi.managedobject.ManagedObject

directAddAttributeValue, directRemoveAttributeValue, equals, fixUniqueNames, getImsDirectory, getImsEnvironment, getObjectType, getOrg, getOrg, getProvider, hashCode, move, persisted

Methods inherited from interface com.netegrity.llsdk6.imsapi.abstractinterface.NamedObject

getFriendlyName, getUniqueName, toString

Methods inherited from interface com.netegrity.llsdk6.imsapi.abstractinterface.AttributeCollection

addAttributes, addValueToAttribute, containsAttribute, doesAttributeHaveMultipleValues, enumerateAttributes, getAttribute, getAttributeMultiValue, getAttributePermission, getAttributes, getExtendedAttribute, getLastCommittedAttribute, getLastCommittedAttributeMultiValue, getLastCommittedValue, getOriginalAttribute, getOriginalAttributeMultiValue, getOriginalValue, getValue, hasAttributeChanged, isAttributeUncommitted, isUncommitted, makeCurrentValueOriginal, removeAttributes, setAttribute, setAttributeMultiValue, setAttributes, setValue, updateAttributeSet

Methods inherited from interface com.netegrity.llsdk6.imsapi.abstractinterface.ModifiableObject

modifyObject, modifyObject

Methods inherited from interface java.util.Map

clear, containsKey, containsValue, entrySet, get, isEmpty, keySet, put, putAll, remove, size, values

Field Detail

FRIENDLY_NAME

static final java.lang.String FRIENDLY_NAME

The role object's friendly name.

DESCRIPTION

static final java.lang.String DESCRIPTION

The role object's description.

ENABLED

static final java.lang.String ENABLED

The role object's enabled flag.

DELEGATABLE

static final java.lang.String DELEGATABLE

The role object's delegatable flag.

ASSIGNABLE

static final java.lang.String ASSIGNABLE

The role object's assignable flag.

ASSIGNMENT_TYPE

static final java.lang.String ASSIGNMENT_TYPE

The role object's assignment type.

CONSTRAINT_TYPE

static final java.lang.String CONSTRAINT_TYPE

The role object's constraint type.

CONSTRAINT

static final java.lang.String CONSTRAINT

The role object's constraint value.

VERSION

static final java.lang.String VERSION

The role object's version.

Method Detail

setFriendlyName

void setFriendlyName(java.lang.String friendlyName)

Sets the role's friendly name value.

Note: To persist the change, call modifyObject().

Parameters:

friendlyName - The friendly name to set.

Throws:

com.netegrity.llsdk6.imsapi.exception.AttributeNotPresentException

com.netegrity.llsdk6.imsapi.exception.DeletedObjectException

getRoleDescription

java.lang.String getRoleDescription()

Retrieves the description of this role.

Returns:

The role description.

Throws:

com.netegrity.llsdk6.imsapi.exception.AttributeNotPresentException

com.netegrity.llsdk6.imsapi.exception.DeletedObjectException

setRoleDescription

void setRoleDescription(java.lang.String newDescription)

Sets the description of this role.

Parameters:

newDescription - The new role description.

Throws:

com.netegrity.llsdk6.imsapi.exception.AttributeNotPresentException

com.netegrity.llsdk6.imsapi.exception.DeletedObjectException

isRoleEnabled

boolean isRoleEnabled()

Determines whether the role is enabled.

Returns:

true if the role is enabled; false otherwise.

Throws:

com.netegrity.llsdk6.imsapi.exception.AttributeNotPresentException

com.netegrity.llsdk6.imsapi.exception.DeletedObjectException

enableRole

void enableRole(boolean enabled)

Alters the enabled state of this role.

Parameters:

enabled - true to enable the role, or false to disable the role.

Throws:

com.netegrity.llsdk6.imsapi.exception.AttributeNotPresentException

com.netegrity.llsdk6.imsapi.exception.DeletedObjectException

isRoleAssignable

boolean isRoleAssignable()

Determines whether members can be assigned to the role.

An assignable role is assigned by an administrator. Otherwise, the role is assigned automatically if a user meets the role constraints.

Returns:

true if the role is assignable for role members, or false otherwise.

Throws:

com.netegrity.llsdk6.imsapi.exception.AttributeNotPresentException

com.netegrity.llsdk6.imsapi.exception.DeletedObjectException

setRoleAssignable

void setRoleAssignable(boolean assignable)

Alters the assignable state of this role for role members.

If the role is assignable, members can be added to the role.

Parameters:

assignable - true if the role is assignable for role members, or false otherwise.

Throws:

com.netegrity.llsdk6.imsapi.exception.AttributeNotPresentException

com.netegrity.llsdk6.imsapi.exception.DeletedObjectException

isRoleAdminAssignable

boolean isRoleAdminAssignable()

Determines whether users can be assigned as administrators for the role.

A user is assigned as a role administrator by another administrator. Otherwise, the role administrator is assigned automatically if a user meets the role constraints.

Returns:

true if the role is assignable for role administrators, or false otherwise.

Throws:

com.netegrity.llsdk6.imsapi.exception.AttributeNotPresentException

com.netegrity.llsdk6.imsapi.exception.DeletedObjectException

setRoleAdminAssignable

void setRoleAdminAssignable(boolean adminAssignable)

Alters the assignable state of this role for role administrators.

If the role is assignable, role administrators can be assigned to manage the role.

Parameters:

adminAssignable - true if the role is assignable for role administrators, or false otherwise.

Throws:

com.netegrity.llsdk6.imsapi.exception.AttributeNotPresentException

com.netegrity.llsdk6.imsapi.exception.DeletedObjectException

getMembers

java.util.Vector getMembers(java.util.Enumeration attribs)
                            throws com.netegrity.sdk.apiutil.SmApiException

Internal use only - use getMembers(AttributeRightsCollection).

Throws:

com.netegrity.sdk.apiutil.SmApiException

getMembers

java.util.Vector getMembers(AttributeRightsCollection attribs)
                            throws com.netegrity.sdk.apiutil.SmApiException

Retrieves all objects that are members of this role.

Parameters:

attribs - The requested attributes and permissions for the returned objects.

Returns:

A Vector of AssignableObject objects (typically User).

Throws:

com.netegrity.sdk.apiutil.SmApiException

getMembers

java.util.Vector getMembers(int countLimit,
                            AttributeRightsCollection attribs)
                            throws SmApiException

Return all objects that are members of this role

Parameters:

countLimit - Number of members to return. If 0, return all members.

attribs - Requested attributes and permissions for the returned objects

Returns:

A Vector of Assignable objects (typically Users)

Throws:

com.netegrity.sdk.apiutil.SmApiException

SmApiException

getAdministrators

java.util.Vector getAdministrators(AttributeRightsCollection attribs)
                                   throws com.netegrity.sdk.apiutil.SmApiException

Retrieves the administrators for this role.

Parameters:

attribs - The requested attributes and permissions for the returned objects.

Returns:

A Vector of Grantor objects (typically User).

Throws:

com.netegrity.sdk.apiutil.SmApiException

getAdministrators

java.util.Vector getAdministrators(int countLimit,
                                   AttributeRightsCollection attribs)
                                   throws com.netegrity.sdk.apiutil.SmApiException

Retrieves the administrators for this role.

Parameters:

countLimit - Number of administrators to return. If 0, return all administrators

attribs - The requested attributes and permissions for the returned objects.

Returns:

A Vector of Grantor objects (typically User).

Throws:

com.netegrity.sdk.apiutil.SmApiException

getOwners

java.util.Vector getOwners(AttributeRightsCollection attribs)
                           throws com.netegrity.sdk.apiutil.SmApiException

Retrieves all objects that are owners of this role.

Parameters:

attribs - The requested attributes and permissions for the returned objects.

Returns:

A Vector of RoleOwner objects (typically User).

Throws:

com.netegrity.sdk.apiutil.SmApiException

getOwners

java.util.Vector getOwners(int countLimit,
                           AttributeRightsCollection attribs)
                           throws com.netegrity.sdk.apiutil.SmApiException

Retrieves all objects that are owners of this role.

Parameters:

countLimit - Number of owners to return. If 0, return all owners

attribs - The requested attributes and permissions for the returned objects.

Returns:

A Vector of RoleOwner objects (typically User).

Throws:

com.netegrity.sdk.apiutil.SmApiException

createMembershipPolicy

MembershipPolicy createMembershipPolicy(MemberRule trigger,
                                        ScopeRule user,
                                        ScopeRule group,
                                        ScopeRule org)
                                        throws SmApiException

Creates a new membership policy for this role.

Parameters:

trigger - A rule that determines whether an object can be assigned to this role.

user - Specifies the users that role members can manage.

group - Specifies the groups that role members can manage.

org - Specifies the organizations that role members can manage.

Returns:

The new membership policy for this role.

Throws:

SmApiException

createMembershipPolicy

MembershipPolicy createMembershipPolicy(java.lang.String MemberRuleXML,
                                        java.lang.String UserScopeRuleXML,
                                        java.lang.String GroupScopeRuleXML,
                                        java.lang.String OrgScopeRuleXML,
                                        boolean validate)
                                        throws SmApiException,
                                               java.text.ParseException

Creates a new membership policy for this role using XML as input -- primarily used by Identity Manager only. See createMembershipPolicy().

Returns:

The new membership policy for this role.

Throws:

SmApiException

java.text.ParseException

createMembershipPolicy

MembershipPolicy createMembershipPolicy(java.lang.String MemberRuleXML,
                                        java.lang.String UserScopeRuleXML,
                                        java.lang.String GroupScopeRuleXML,
                                        java.lang.String OrgScopeRuleXML,
                                        java.lang.String AccessTaskScopeRuleXML,
                                        boolean validate)
                                        throws SmApiException,
                                               java.text.ParseException

Create a new membership policy for this role -- typically used by IdentityMinder only.

Returns:

A Vector of MembershipPolicy objects. Order is important.

Throws:

SmApiException

java.text.ParseException

getMembershipPolicies

java.util.Vector getMembershipPolicies()
                                       throws SmApiException

Retrieves the set of MembershpPolicy objects associated with this role.

Returns:

A Vector of MembershpPolicy objects.

Throws:

SmApiException

clearMembershipPolicies

void clearMembershipPolicies()
                             throws SmApiException

Clears the set of MembershpPolicy objects associated with this role.

Throws:

SmApiException

createAdminPolicy

AdminPolicy createAdminPolicy(MemberRule trigger,
                              ScopeRule user,
                              boolean assignable,
                              boolean adminassignable)
                              throws SmApiException

Creates a new administrator policy for this role.

Parameters:

trigger - A rule that determines who can manage the users in this role's scope.

user - Specifies the users that the administrator can manage with this role.

assignable - If true, the administrator can manage members of this role.

adminassignable - If true, the administrator can manage administrators of this role.

Returns:

The new admin policy for this role.

Throws:

SmApiException

createAdminPolicy

AdminPolicy createAdminPolicy(java.lang.String MemberRuleXML,
                              java.lang.String UserScopeRuleXML,
                              boolean assignable,
                              boolean adminassignable,
                              boolean validate)
                              throws SmApiException,
                                     java.text.ParseException

Creates a new administrator policy for this role using XML as input -- primarily used by Identity Manager only. See createAdminPolicy().

Returns:

The new admin policy for this role.

Throws:

SmApiException

java.text.ParseException

getAdminPolicies

java.util.Vector getAdminPolicies()
                                  throws SmApiException

Retrieves the set of AdminPolicy objects associated with this role.

Returns:

A Vector of AdminPolicy objects.

Throws:

SmApiException

clearAdminPolicies

void clearAdminPolicies()
                        throws SmApiException

Clears the set of AdminPolicy objects associated with this role.

Throws:

SmApiException

getChangeActions

ChangeActionCollection getChangeActions(ChangeRuleType type)

Retrieves the ChangeRule object of the specified type associated with this role -- typically used by Identity Manager only.

Parameters:

type - The type of the specified change rule.

Returns:

A ChangeRule object, which can be null if no rule has been set for this type.

setChangeActions

void setChangeActions(ChangeRuleType type,
                      ChangeActionCollection rule)
                      throws SmApiException

Sets the change rule of this specified type associated with this role -- typically used by Identity Manager only. This replaces existing settings with the value passed in.

Parameters:

type - The type of the change rule being set.

rule - The ChangeRule to set.

Throws:

SmApiException

setChangeActions

void setChangeActions(ChangeRuleType type,
                      java.lang.String ChangeActionXML,
                      boolean validate)
                      throws SmApiException,
                             java.text.ParseException

Sets the change rule of this specified type associated with this role -- typically used by Identity Manager only. This replaces existing settings with the value passed in.

Parameters:

type - The type of change rule being set.

ChangeActionXML - The ChangeRule to set.

validate - true if provided XML should be validated; false otherwise.

Throws:

SmApiException - - If XML is validated and errors are found

java.text.ParseException

getTasks

java.util.Vector getTasks()
                          throws SmApiException

Retrieves all tasks for this role

Returns:

A Vector of the tasks associated with this role.

Throws:

DeletedObjectException - - If this object represents a role that has already been deleted

NoSessionException - - If this object represents a role that is not connected to a session (that is, isConnected() would return false).

SmApiException

addTasks

void addTasks(Task[] newTasks)
              throws SmApiException

Adds one or more tasks to the set of tasks associated with this role.

Parameters:

newTasks - An array of tasks to add to this role's collection. Trying to add an inappropriate task type to a role (such as trying to add an admin task to an access role) results in an exception.

Throws:

DeletedObjectException - - If this object represents a role that has already been deleted

NoSessionException - - If this object represents a role that is not connected to a session (that is, isConnected() would return false).

SmApiException

removeTasks

void removeTasks(Task[] tasks)
                 throws SmApiException,
                        NoSuchObjectException

Removes one or more tasks from the set of tasks associated with this role.

Parameters:

tasks - An array of tasks to remove from this role's collection. If the array includes tasks that are associated with the role and other tasks that are not, the associated tasks will be removed successfully, and no exception will be thrown.

Throws:

DeletedObjectException - - If this object represents a role that has already been deleted

NoSessionException - - If this object represents a role that is not connected to a session (i.e. isConnected() would return false).

SmApiException

NoSuchObjectException

clearTasks

void clearTasks()
                throws SmApiException

Clears the set of tasks associated with this role.

Throws:

DeletedObjectException - - If this object represents a role that has already been deleted

NoSessionException - - If this object represents a role that is not connected to a session (i.e. isConnected() would return false).

SmApiException

modifyObject

void modifyObject(Task[] tasks)
                  throws SmApiException

Commits to the data store any changes made to the current managed object's local (in-memory) attribute set, and also specifies the complete set of tasks to be associated with the role.

The tasks passed into this method represent the complete set of tasks to be associated with the role. Any existing tasks will be removed. If you pass in an empty array, the role will have no associated tasks.

To add one or more tasks to the existing set of tasks associated with the role, call addTasks().

To commit changes to the object's attribute set without specifying the tasks to associate with the role, call modifyObject().

Note: This method immediately persists changes to the data store. All Identity Manager data and security checks are bypassed. Typically, this method is only called after you modify a managed object retrieved through one of the provider objects.

Parameters:

tasks - An array containing the complete set of tasks to associate with the role.

newTasks - An array of tasks to add to this role's collection. Trying to add an inappropriate task type to a role (such as trying to add an admin task to an access role) results in an exception.

Throws:

DeletedObjectException - - If this object represents a role that has already been deleted

NoSessionException - - If this object represents a role that is not connected to a session (i.e. isConnected() would return false).

SmApiException

getCustomField

java.lang.String getCustomField(Role.CustomFieldId id)

Retrieves the value of a custom field.

Parameters:

id - The custom field identifier.

Returns:

The customfield value.

setCustomField

void setCustomField(Role.CustomFieldId id,
                    java.lang.String value)

Sets the value of the specified reserved field, overwriting any existing value.

Parameters:

id - The field identifier.

value - The new customfield value.

setAllowDuplicateCustom

void setAllowDuplicateCustom(boolean value)

Sets the flag that determines if duplicate values are allowed in custom fields

Parameters:

value - The new flag. If true then duplicate values are allowed, else not allowed.

getAllowDuplicateCustom

boolean getAllowDuplicateCustom()

Retrieves the flag that determines if duplicate values are allowed in custom fields

Returns:

The duplicate allowed flag