Some of the methods in the DMS API can only be called within a session established at a minimum level of the user privilege hierarchy or higher. For example, adding an end user to a role requires an organization administrator session, Siteminder administrator session, or super administrator session.
The following table shows the DMS methods (plus the login() and logout() methods in the apiutil package) that have security restrictions, the minimum privilege level required to call the methods, and the classes that the methods are called from:
Method |
Minimum Privilege Level and Class |
---|---|
addObject() |
Organization administrator session |
addToGroup() |
Organization administrator session |
addToRole() |
Organization administrator session |
authenticate() |
End user session |
changePassword() |
End user session |
deleteObject() |
Organization administrator session |
getCapabilities() |
End user session |
getDirectoryContext() |
End user session |
getDisabledState() |
End user session |
getDmsContext() |
SiteMinder administrator session |
getDmsRoles() |
Organization administrator session |
getGroups() |
End user session |
getGroups() |
Organization administrator session |
getMembers() |
Organization administrator session |
getMembers() |
Organization administrator session |
getObject() |
End user session |
getOrganizations() |
Organization administrator session |
getRoles() |
End User session |
getRoles() |
Organization administrator session |
getUserChallengeText() |
Super administrator session |
getUserPWState() |
End user session |
getUserTempPassword() |
Super administrator session |
login() |
No session |
logout() |
SiteMinder administrator session |
modifyObject() |
End user session |
removeFromGroup() |
Organization administrator session |
search() |
Organization administrator session |
searchBack() |
Organization administrator session |
searchForward() |
Organization administrator session |
searchRefresh() |
Organization administrator session |
setDisable() |
Organization administrator session |
setDisabledState() |
Organization administrator session |
setEnable() |
Organization administrator session |
modifyObjectClass() |
Organization administrator session |
setPasswordMustChange() |
End user session |
setUserPWState() |
End user session |
Copyright © 2014 CA.
All rights reserved.
|
|