Previous Topic: ODBC SupportNext Topic: Programming Guide for the Federation .NET SDK

Programming GuidesProgramming Guide for JavaDelegated Management Services APIRestricted Methods

Restricted Methods

Some of the methods in the DMS API can only be called within a session established at a minimum level of the user privilege hierarchy or higher. For example, adding an end user to a role requires an organization administrator session, Siteminder administrator session, or super administrator session.

The following table shows the DMS methods (plus the login() and logout() methods in the apiutil package) that have security restrictions, the minimum privilege level required to call the methods, and the classes that the methods are called from:

Method

Minimum Privilege Level and Class

addObject()

Organization administrator session
SmDmsObject and subclasses

addToGroup()

Organization administrator session
SmDmsObject and subclasses

addToRole()

Organization administrator session
SmDmsUser class

authenticate()

End user session
SmDmsUser class

changePassword()

End user session
SmDmsUser class

deleteObject()

Organization administrator session
SmDmsObject and subclasses

getCapabilities()

End user session
SmDmsDirectory class

getDirectoryContext()

End user session
SmDmsApiImpl class

getDisabledState()

End user session
SmDmsUser class

getDmsContext()

SiteMinder administrator session
SmDmsApiImpl class

getDmsRoles()

Organization administrator session
SmDmsDirectory class

getGroups()

End user session
SmDmsObject and subclasses

getGroups()

Organization administrator session
SmDmsOrganization class

getMembers()

Organization administrator session
SmDmsGroup class

getMembers()

Organization administrator session
SmDmsRole class

getObject()

End user session
SmDmsObject and subclasses

getOrganizations()

Organization administrator session
SmDmsOrganization class

getRoles()

End User session
SmDmsUser class

getRoles()

Organization administrator session
SmDmsOrganization class

getUserChallengeText()

Super administrator session
SmDmsDirectory class

getUserPWState()

End user session
SmDmsUser class

getUserTempPassword()

Super administrator session
SmDmsDirectory class

login()

No session
SmApiSession class

logout()

SiteMinder administrator session
SmApiSession class

modifyObject()

End user session
SmDmsObject and subclasses

removeFromGroup()

Organization administrator session
SmDmsObject and subclasses

search()

Organization administrator session
SmDmsOrganization class

searchBack()

Organization administrator session
SmDmsOrganization class

searchForward()

Organization administrator session
SmDmsOrganization class

searchRefresh()

Organization administrator session
SmDmsOrganization class

setDisable()

Organization administrator session
SmDmsUser class

setDisabledState()

Organization administrator session
SmDmsUser class

setEnable()

Organization administrator session
SmDmsUser class

modifyObjectClass()

Organization administrator session
SmDmsObject and subclasses

setPasswordMustChange()

End user session
SmDmsUser class

setUserPWState()

End user session
SmDmsUser class