com.netegrity.llsdk6.imsapi.provider
Interface ProvisioningRoleProvider

public interface ProvisioningRoleProvider

Lets you create or retrieve Provisioning Roles which have been defined in the current Identity Manager environment.

To retrieve provisioning roles from multiple Identity Manager environments, use AccessControlProvider.

This and all Identity Manager providers are retrieved through ProviderAccessor.

Note: This object requires an instance of eTrust Admin Directory.

Access to Provisioning Role Attributes

After you retrieve a provisioning role object, you access its attribute data through the methods in the base interface Role.

Typically, managed objects retrieved through ProvisioningRoleProvider are accessed for reading purposes only. However, on occassion, business logic task handlers and event listeners may need to modify objects retrieved through ProvisioningRoleProvider.

Note: To commit the changes you make to a managed object retrieved through ProvisioningRoleProvider, call modifyObject(). The changes are then immediately persisted to the data store. No Identity Manager events are generated, and no workflow approvals, auditing, or security checks are performed.

Since:

Identity Manager 8.1

Method Summary

java.util.Vector	addOrRemoveProvisioningRole(java.util.Vector roles, ProvisioningRoleActionType action, User user, boolean addAccounts, java.lang.String opID) Adds or removes the Vector of roles to the user.
ProvisioningRole	createProvisioningRole(java.lang.String name, java.lang.String description, java.lang.String comments, java.lang.String department, boolean enabled, boolean assignable, boolean adminAssignable) Creates a new Provisioning Server provisioning role without any associated provisioning policies or change rules.
ProvisioningRole	createProvisioningRole(java.lang.String name, java.lang.String description, java.lang.String comments, java.lang.String department, boolean enabled, boolean assignable, boolean adminAssignable, java.lang.String[] customFieldValues) Creates a new Provisioning Server provisioning role without any associated provisioning policies or change rules.
ProvisioningRole	findProvisioningRole(java.lang.String friendlyName) Retrieves the specified provisioning role, using the role's friendly name.
ProvisioningRole	findPSProvisioningRole(java.lang.String friendlyName) Finds the provisioning role in the object store by friendly name.
ProvisioningRole	getProvisioningRole(java.lang.String uniqueName) Retrieves the specified provisioning role, using the role's unique name.
java.util.Vector	getProvisioningRoles() Retrieves all the provisioning roles in the Identity Manager environment.
java.util.Vector	getProvisioningRolesAdminCanAssign(TSContext tsCtx) Retrieves the provisioning roles to which the subject of the task can be assigned by the current administrator.
java.util.Vector	getProvisioningRolesAdminCanAssign(TSContext tsCtx, java.util.Vector rolesToSearch)
java.util.Vector	getProvisioningRolesAdminCanAssignExcludeRoles(TSContext tsCtx, java.util.Vector rolesToExclude) Returns all of the roles that the admin can assign to users except those in the exclusion list.
java.util.Vector	getProvisioningRolesAdminCanAssignExcludeRoles(TSContext tsCtx, java.util.Vector rolesToExclude, java.util.Vector rolesToSearch) Returns roles from the given list that the admin can assign to users except those in the exclusion list.
java.util.Vector	getProvisioningRolesAdminCanGrantAdmin(TSContext tsCtx) Retrieves the provisioning roles for which the subject of the task can be assigned administrator rights by the current administrator.
java.util.Vector	getProvisioningRolesAdminCanGrantAdmin(TSContext tsCtx, java.util.Vector rolesToSearch) Returns roles from the given list that the admin can make users role admins.
java.util.Vector	getProvisioningRolesAdminCanManageAdmin(TSContext tsCtx) Retrieves the provisioning roles for which the current administrator can assign administrator rights.
java.util.Vector	getProvisioningRolesAdminCanManageAdmin(TSContext tsCtx, java.util.Vector rolesToSearch)
java.util.Vector	getProvisioningRolesAdminCanManageMembers(TSContext tsCtx) Retrieves the provisioning roles to which users can be assigned by the current administrator.
java.util.Vector	getProvisioningRolesAdminCanManageMembers(TSContext tsCtx, java.util.Vector rolesToSearch) Returns the roles from the given list that the admin can assign to users.
java.util.Vector<ProvisioningRole>	getProvisioningRolesNested(ProvisioningRole role, boolean recursive, boolean wantFullRoleChains)
java.util.Vector<ProvisioningRole>	getProvisioningRolesNesting(ProvisioningRole role, boolean recursive, boolean wantFullRoleChains)
java.util.Vector	getProvisioningRolesStubs() Retrieves all the provisioning roles stubs in the Identity Manager environment.
java.util.Vector	searchAllProvisioningRoles(ProvisioningRoleObjectQuery query) Searches for a subset of the provisioning roles using enhanced search capabilities in the Identity Manager environment.
java.util.Vector	searchOnlyProvServerProvisioningRoles(ScopeRule query)
java.util.Vector	searchProvisioningRoles(IAMDomain iamDomain, java.util.Vector roleNames, java.util.Vector psRoles) Searches for ProvisioningRoles in ETrustAdmin.
java.util.Vector	searchProvisioningRoles(ProvisioningRoleObjectQuery query) Searches for a subset of the provisioning roles using enhanced search capabilities in the Identity Manager environment.
java.util.Vector	searchProvisioningRoles(ProvisioningRoleObjectQuery query, boolean linkem) Search for provisioning roles which meet the criteria defined in the specified query.
java.util.Vector	searchProvisioningRoles(ProvisioningRoleObjectQuery query, boolean linkem, boolean wantParentRoles) Same as above but allows control over parent/including role calculation
java.util.Vector	searchProvisioningRoles(RoleObjectQuery query) Searches for a subset of the provisioning roles in the Identity Manager environment.
void	setNestingForRole(ProvisioningRole role, boolean parent, boolean wantFullRoleChains, java.util.Map<java.lang.String,java.util.List<java.lang.String>> includedRoleMap, java.util.Map<java.lang.String,java.util.List<java.lang.String>> includingRoleMap) Set child and parent nested roles on a provisioning role using Maps of known child/parent roles or querying provisioning if necessary.

Method Detail

createProvisioningRole

ProvisioningRole createProvisioningRole(java.lang.String name,
                                        java.lang.String description,
                                        java.lang.String comments,
                                        java.lang.String department,
                                        boolean enabled,
                                        boolean assignable,
                                        boolean adminAssignable)
                                        throws com.netegrity.sdk.apiutil.SmApiException

Creates a new Provisioning Server provisioning role without any associated provisioning policies or change rules.

Parameters:

name - The friendly name for the role.

description - The description of the role.

comments - A user-defined comment for the role. A comment is any piece of information that has meaning to your particular site but that is not represented by any other role attribute.

department - The department to which the role belongs.

enabled - true if the role is enabled.

assignable - true if a member's role assignments can be changed.

adminAssignable - true if administrator rights to the role can be changed.

Note: The values of enabled, assignable, and adminAssignable are always true for provisioning roles. The values specified in the paramaters are ignored.

Returns:

The newly created provisioning role.

Throws:

com.netegrity.sdk.apiutil.SmApiException

createProvisioningRole

ProvisioningRole createProvisioningRole(java.lang.String name,
                                        java.lang.String description,
                                        java.lang.String comments,
                                        java.lang.String department,
                                        boolean enabled,
                                        boolean assignable,
                                        boolean adminAssignable,
                                        java.lang.String[] customFieldValues)
                                        throws com.netegrity.sdk.apiutil.SmApiException

Creates a new Provisioning Server provisioning role without any associated provisioning policies or change rules.

Parameters:

name - The friendly name for the role.

description - The description of the role.

comments - A user-defined comment for the role. A comment is any piece of information that has meaning to your particular site but that is not represented by any other role attribute.

department - The department to which the role belongs.

enabled - true if the role is enabled.

assignable - true if a member's role assignments can be changed.

adminAssignable - true if administrator rights to the role can be changed.

Returns:

The newly created provisioning role.

Throws:

com.netegrity.sdk.apiutil.SmApiException

getProvisioningRole

ProvisioningRole getProvisioningRole(java.lang.String uniqueName)
                                     throws com.netegrity.sdk.apiutil.SmApiException,
                                            NoSuchObjectException

Retrieves the specified provisioning role, using the role's unique name.

Parameters:

uniqueName - The unique name of the provisioning role to retrieve.

Returns:

The specified provisioning role.

Throws:

NoSuchObjectException - if the object cannot be found.

com.netegrity.sdk.apiutil.SmApiException

findProvisioningRole

ProvisioningRole findProvisioningRole(java.lang.String friendlyName)
                                      throws SmApiException,
                                             NoSuchObjectException

Retrieves the specified provisioning role, using the role's friendly name.

Parameters:

friendlyName - The friendly name of the provisioning role to retrieve.

Returns:

The specified provisioning role.

Throws:

NoSuchObjectException - if the object cannot be found.

SmApiException

findPSProvisioningRole

ProvisioningRole findPSProvisioningRole(java.lang.String friendlyName)
                                        throws SmApiException

Finds the provisioning role in the object store by friendly name.

Parameters:

friendlyName - The friendly name of the provisioning role to retrieve.

Returns:

The specified provisioning role

Throws:

SmApiException

getProvisioningRoles

java.util.Vector getProvisioningRoles()
                                      throws JIAMOperationException,
                                             SmApiException

Retrieves all the provisioning roles in the Identity Manager environment.

Returns:

A Vector of ProvisioningRole objects.

Throws:

JIAMOperationException

SmApiException

getProvisioningRolesStubs

java.util.Vector getProvisioningRolesStubs()
                                           throws com.netegrity.sdk.apiutil.SmApiException

Retrieves all the provisioning roles stubs in the Identity Manager environment.

Returns:

A Vector of ProvisioningRole objects.

Throws:

com.netegrity.sdk.apiutil.SmApiException

getProvisioningRolesNested

java.util.Vector<ProvisioningRole> getProvisioningRolesNested(ProvisioningRole role,
                                                              boolean recursive,
                                                              boolean wantFullRoleChains)
                                                              throws SmApiException

Throws:

SmApiException

getProvisioningRolesNesting

java.util.Vector<ProvisioningRole> getProvisioningRolesNesting(ProvisioningRole role,
                                                               boolean recursive,
                                                               boolean wantFullRoleChains)
                                                               throws SmApiException

Throws:

SmApiException

setNestingForRole

void setNestingForRole(ProvisioningRole role,
                       boolean parent,
                       boolean wantFullRoleChains,
                       java.util.Map<java.lang.String,java.util.List<java.lang.String>> includedRoleMap,
                       java.util.Map<java.lang.String,java.util.List<java.lang.String>> includingRoleMap)
                       throws SmApiException,
                              IAMException,
                              JIAMOperationException

Set child and parent nested roles on a provisioning role using Maps of known child/parent roles or querying provisioning if necessary.

Parameters:

role -

parent -

wantFullRoleChains -

includedRoleMap -

includingRoleMap -

Throws:

SmApiException

IAMException

JIAMOperationException

searchProvisioningRoles

java.util.Vector searchProvisioningRoles(RoleObjectQuery query)
                                         throws com.netegrity.sdk.apiutil.SmApiException

Searches for a subset of the provisioning roles in the Identity Manager environment. The returned subset of provisioning roles will contain only those roles which have at least one valid Identity Manager Owner Policy. There may be provisioning roles that have been defined in the Provisioning Server which have not had the "Reset Provisioning Role Owners" task run against them. In this case, these Provisioning Roles will not contain a valid Identity Manager Owner Policy, and will not be included in this search.

Parameters:

query - The search filter.

Returns:

A Vector of the ProvisioningRole objects found in the search.

Throws:

com.netegrity.sdk.apiutil.SmApiException

searchProvisioningRoles

java.util.Vector searchProvisioningRoles(ProvisioningRoleObjectQuery query,
                                         boolean linkem)
                                         throws com.netegrity.sdk.apiutil.SmApiException

Search for provisioning roles which meet the criteria defined in the specified query. ** The method is meant for internal use only.** The linkem flag should be used cautiously. If linkem is true, full enumeration of provisioning roles from the Policy Server will be performed. From this list the those that matched the roles returned from the provisioning server will be linked and returned. If linkem is false, the roles returned from the provisioning server search will be returned unlinked. The result set of unlinked roles is meant to be passed down to methods in this class that accept the "rolesToSearch" argument. These methods returns linked roles only.

Parameters:

query -

linkem - - if true, roles are linked to the corresponding roles in the Policy Server.

Returns:

Throws:

com.netegrity.sdk.apiutil.SmApiException

searchProvisioningRoles

java.util.Vector searchProvisioningRoles(ProvisioningRoleObjectQuery query,
                                         boolean linkem,
                                         boolean wantParentRoles)
                                         throws com.netegrity.sdk.apiutil.SmApiException

Same as above but allows control over parent/including role calculation

Parameters:

query -

linkem -

wantParentRoles -

Returns:

Throws:

com.netegrity.sdk.apiutil.SmApiException

searchProvisioningRoles

java.util.Vector searchProvisioningRoles(ProvisioningRoleObjectQuery query)
                                         throws com.netegrity.sdk.apiutil.SmApiException

Searches for a subset of the provisioning roles using enhanced search capabilities in the Identity Manager environment. The returned subset of provisioning roles will contain only those roles which have at least one valid Identity Manager Owner Policy. There may be provisioning roles that have been defined in the Provisioning Server which have not had the "Reset Provisioning Role Owners" task run against them. In this case, these Provisioning Roles will not contain a valid Identity Manager Owner Policy, and will not be included in this search results.

Parameters:

query - The enhanced provisioning role search filter.

Returns:

A Vector of the ProvisioningRole objects found in the search.

Throws:

com.netegrity.sdk.apiutil.SmApiException

searchOnlyProvServerProvisioningRoles

java.util.Vector searchOnlyProvServerProvisioningRoles(ScopeRule query)
                                                       throws com.netegrity.sdk.apiutil.SmApiException

Throws:

com.netegrity.sdk.apiutil.SmApiException

searchAllProvisioningRoles

java.util.Vector searchAllProvisioningRoles(ProvisioningRoleObjectQuery query)
                                            throws com.netegrity.sdk.apiutil.SmApiException

Searches for a subset of the provisioning roles using enhanced search capabilities in the Identity Manager environment. The returned subset of provisioning roles will contian ALL provisioning roles regardless of whether or not the role contains a valid Identity Manager Owner Policy. There may be provisioning roles that have been defined in the Provisioning Server which have not had the "Reset Provisioning Role Owners" task run against them. In this case, these Provisioning Roles will not contain a valid Identity Manager Owner Policy, however will be included in the search results. It is important to note that the ONLY Identity Manager task which can be run against a provisioning role that does not contain at least one valid Provisioning Role Owner Policy is "Reset Provisioning Role Owners".

Parameters:

query - The search filter.

Returns:

A Vector of the ProvisioningRole objects found in the search.

Throws:

com.netegrity.sdk.apiutil.SmApiException

searchProvisioningRoles

java.util.Vector searchProvisioningRoles(IAMDomain iamDomain,
                                         java.util.Vector roleNames,
                                         java.util.Vector psRoles)
                                         throws com.netegrity.sdk.apiutil.SmApiException

Searches for ProvisioningRoles in ETrustAdmin.

Parameters:

iamDomain - JIAM domain

psRoles - A Vector of IM roles representing provisioning roles

Returns:

Vector A Vector of the ProvisioningRole provisioning roles linked to IAMroles.

Throws:

com.netegrity.sdk.apiutil.SmApiException

getProvisioningRolesAdminCanGrantAdmin

java.util.Vector getProvisioningRolesAdminCanGrantAdmin(TSContext tsCtx)
                                                        throws SmApiException

Retrieves the provisioning roles for which the subject of the task can be assigned administrator rights by the current administrator.

Parameters:

tsCtx - Context information about the current task, such as the subject of the task and the administrator who is executing the task.

Returns:

A Vector of the requested ProvisioningRole objects.

Throws:

SmApiException

getProvisioningRolesAdminCanAssign

java.util.Vector getProvisioningRolesAdminCanAssign(TSContext tsCtx)
                                                    throws SmApiException

Retrieves the provisioning roles to which the subject of the task can be assigned by the current administrator.

Parameters:

tsCtx - Context information about the current task, such as the subject of the task and the administrator who is executing the task.

Returns:

A Vector of ProvisioningRole objects that the administrator can make the subject a member of.

Throws:

SmApiException

getProvisioningRolesAdminCanAssign

java.util.Vector getProvisioningRolesAdminCanAssign(TSContext tsCtx,
                                                    java.util.Vector rolesToSearch)
                                                    throws SmApiException

Throws:

SmApiException

getProvisioningRolesAdminCanManageAdmin

java.util.Vector getProvisioningRolesAdminCanManageAdmin(TSContext tsCtx)
                                                         throws SmApiException

Retrieves the provisioning roles for which the current administrator can assign administrator rights.

Parameters:

tsCtx - Context information about the current task, such as the administrator who is executing the task.

Returns:

A Vector of the ProvisioningRole objects for which the administrator can assign administrator rights.

Throws:

SmApiException

getProvisioningRolesAdminCanManageAdmin

java.util.Vector getProvisioningRolesAdminCanManageAdmin(TSContext tsCtx,
                                                         java.util.Vector rolesToSearch)
                                                         throws SmApiException

Throws:

SmApiException

getProvisioningRolesAdminCanManageMembers

java.util.Vector getProvisioningRolesAdminCanManageMembers(TSContext tsCtx)
                                                           throws SmApiException

Retrieves the provisioning roles to which users can be assigned by the current administrator.

Parameters:

tsCtx - Context information about the current task, such as the administrator who is executing the task.

Returns:

A Vector of the requested ProvisioningRole objects.

Throws:

SmApiException

getProvisioningRolesAdminCanAssignExcludeRoles

java.util.Vector getProvisioningRolesAdminCanAssignExcludeRoles(TSContext tsCtx,
                                                                java.util.Vector rolesToExclude)
                                                                throws SmApiException

Returns all of the roles that the admin can assign to users except those in the exclusion list.

Parameters:

tsCtx -

rolesToExclude - collection of ProvisioningRoles to exclude.

Returns:

Throws:

SmApiException

getProvisioningRolesAdminCanGrantAdmin

java.util.Vector getProvisioningRolesAdminCanGrantAdmin(TSContext tsCtx,
                                                        java.util.Vector rolesToSearch)
                                                        throws SmApiException

Returns roles from the given list that the admin can make users role admins. Note: Roles to search should be a list of ProvisioningRole objects obtained from the provisioning server.

Parameters:

tsCtx -

rolesToSearch - collection of ProvisioningRoles to search for.

Returns:

Throws:

SmApiException

getProvisioningRolesAdminCanAssignExcludeRoles

java.util.Vector getProvisioningRolesAdminCanAssignExcludeRoles(TSContext tsCtx,
                                                                java.util.Vector rolesToExclude,
                                                                java.util.Vector rolesToSearch)
                                                                throws SmApiException

Returns roles from the given list that the admin can assign to users except those in the exclusion list. Note: Roles to search should be a list of ProvisioningRole objects obtained from the provisioning server.

Parameters:

tsCtx -

rolesToExclude - collection of ProvisioningRoles to exclude.

rolesToSearch - collection of ProvisioningRoles to search for.

Returns:

Throws:

SmApiException

getProvisioningRolesAdminCanManageMembers

java.util.Vector getProvisioningRolesAdminCanManageMembers(TSContext tsCtx,
                                                           java.util.Vector rolesToSearch)
                                                           throws SmApiException

Returns the roles from the given list that the admin can assign to users. Note: Roles to search should be a list of ProvisioningRole objects obtained from the provisioning server.

Parameters:

tsCtx -

rolesToSearch - collection of ProvisioningRoles to search for.

Returns:

Throws:

SmApiException

addOrRemoveProvisioningRole

java.util.Vector addOrRemoveProvisioningRole(java.util.Vector roles,
                                             ProvisioningRoleActionType action,
                                             User user,
                                             boolean addAccounts,
                                             java.lang.String opID)
                                             throws AccumulatedProvisioningRoleException,
                                                    SmApiException

Adds or removes the Vector of roles to the user.

Parameters:

roles - A vector of roles to add or remove.

action - The action (from com.netegrity.ims.events.ProvisioningRoleAction.

user - The user which will have roles added to or removed from.

addAccounts - A boolen to determine if accounts should be created for the user.

Throws:

AccumulatedProvisioningRoleException

SmApiException