PersonMO

Overview

Package

Class

Use

Tree

Serialized

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.ibm.itim.apps.identity
Class PersonMO

java.lang.Object
  com.ibm.itim.apps.identity.PersonMO

public class PersonMO
extends java.lang.Object
extends java.lang.Object

Managed object representing a person, or identity.

Constructor Summary
`PersonMO(PlatformContext platform, javax.security.auth.Subject subject, DistinguishedName name)` Constructs the the managed object with a platform context, a subject, and the distinguished name of the object to manage.

Method Summary
`boolean`	`equals(java.lang.Object o)`
`OrganizationalContainerMO`	`getContainer()` Returns the current parent container in the tree.
`Person`	`getData()` Returns a current snapshot of the data defining the provisionng object.
`DistinguishedName`	`getDistinguishedName()` Returns the distinguished name of the managed object
`java.util.Set<RoleAssignmentObject>`	`getRoleAssignmentData()` This method returns all of the Role Assignment Objects for a person.
`java.util.Map<DistinguishedName,RoleAssignmentObject>`	`getRoleAssignmentData(RoleMO assignedRole)` This method returns a map of defined role and RoleAssignmentObject for the specified assigned role.
`java.util.Collection`	`getRoles()` Returns the person's roles.
`PersonMO`	`getSponsor()` Returns the person's sponsor (if any).
`PersonMO`	`getSupervisor()` Returns the person's supervisor (if any).
`int`	`hashCode()`
`Request`	`remove(java.util.Date scheduledTime)` This API removes the person objects and associated individual accounts from the provisioning platform.
`Request`	`removeRoleAssignmentData(java.util.Date scheduleTime, java.util.Set<RoleMO> assignedRole)` This method removes all the RoleAssignmentObjects for the specified assigned role.
`Request`	`restore(java.util.Date scheduledTime)` This API restores users and based on the property com.ibm.itim.personManagement.suspendRestorePersonWithAccounts in enRole.properties also restores individual accounts of the users.
`Request`	`suspend(java.util.Date scheduledTime)` This API restores users and based on the property com.ibm.itim.personManagement.suspendRestorePersonWithAccounts in enRole.properties also restores individual accounts of the users.
`Request`	`transfer(OrganizationalContainerMO newContainer, java.util.Date scheduledTime)` Transfers (moves) the person to another container.
`Request`	`unManage(java.util.Date scheduledTime)` Removes the person object ONLY from the provisioning platform.
`Request`	`update(Person p, java.util.Date scheduledTime)` Updates the managed object.
`Request`	`update(Person p, java.util.Set<RoleAssignmentObject> assignmentData, java.util.Date scheduledTime)` Updates the managed object.
`Request`	`updateRoleAssignmentData(java.util.Set<RoleAssignmentObject> attributeValues, java.util.Date scheduleTime)` This method updates a person with the role assignment attribute value changes defined in the set of RoleAssignmentObjects.

Methods inherited from class java.lang.Object
`getClass, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

PersonMO

public PersonMO(PlatformContext platform,
                javax.security.auth.Subject subject,
                DistinguishedName name)

Constructs the the managed object with a platform context, a subject, and the distinguished name of the object to manage.

Parameters:: platform - PlatformContext holding platform connection information.; subject - Subject representing the authenticated caller.; name - DistinguishedName identifying the container.

Method Detail

getDistinguishedName

public DistinguishedName getDistinguishedName()

Returns the distinguished name of the managed object

Returns:: DistinguishedName of the managed object.

getData

public Person getData()
               throws java.rmi.RemoteException,
                      ApplicationException

Returns a current snapshot of the data defining the provisionng object. The amount of information returned in the Person DirectoryObject is determined by attribute-level permissions in system ACIs. Person attributes that are not allowed to be read by the user associated with the Subject used to construct the PersonMO will be removed from the Person DirectoryObject returned.

Returns:: Person object holding attribute information.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with platform.; ApplicationException - Thrown if unable to retrieve data. This exception is thrown also when the PersonMO contains a null DistinguishedName.

getContainer

public OrganizationalContainerMO getContainer()
                                       throws java.rmi.RemoteException,
                                              ApplicationException,
                                              AuthorizationException

Returns the current parent container in the tree.

Returns:: OrganizationalContainerMO representing the parent container.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with platform.; AuthorizationException - Thrown if client is unauthorized to view the container of the person.; ApplicationException - Thrown if unable to retrieve the person's container. This may possibly be caused by the person being removed by another client previous to this call. This exception is thrown also when the PersonMO contains a null DistinguishedName.

unManage

public Request unManage(java.util.Date scheduledTime)
                 throws java.rmi.RemoteException,
                        ApplicationException,
                        AuthorizationException

Removes the person object ONLY from the provisioning platform.

Parameters:: scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
Returns:: Request object representing the operation's status.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with platform.; AuthorizationException - Thrown if client is unauthorized to remove the person.; ApplicationException - Thrown if unable to submit the request. This exception is thrown also when the PersonMO contains a null DistinguishedName.

remove

public Request remove(java.util.Date scheduledTime)
               throws java.rmi.RemoteException,
                      ApplicationException,
                      AuthorizationException

This API removes the person objects and associated individual accounts from the provisioning platform. Any associated sponsored accounts become orphan accounts.

Parameters:: scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
Returns:: Request object representing the operation's status.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with platform.; AuthorizationException - Thrown if client is unauthorized to remove the person.; ApplicationException - Thrown if unable to submit the request. This exception is thrown also when the PersonMO contains a null DistinguishedName.

update

public Request update(Person p,
                      java.util.Date scheduledTime)
               throws java.rmi.RemoteException,
                      AuthorizationException,
                      SchemaViolationException,
                      ApplicationException

Updates the managed object. A Person value object is provided with the changes to make.

Parameters:: p - Person value object with changes to make.; scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
Returns:: Request object representing the operation's status.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with platform.; AuthorizationException - Thrown if client is unauthorized to change the person. Note, even if only one of the attributes being changed is not writeable for the client, the entire request will fail and this exception will be thrown.; SchemaViolationException - Thrown if any of the attributes in the value object violate the managed object's schema.; ApplicationException - Thrown if unable to submit the request. This may possibly be caused by the person being removed by another client previous to this call.

update

public Request update(Person p,
                      java.util.Set<RoleAssignmentObject> assignmentData,
                      java.util.Date scheduledTime)
               throws java.rmi.RemoteException,
                      AuthorizationException,
                      SchemaViolationException,
                      ApplicationException

Updates the managed object. A Person value object is provided with the changes to make.

Parameters:: p - Person value object with the changes to make.; assignmentData - The set of RoleAssignmentObjects that represent the assignment data changes for this person. If null is used, this parameter is ignored.; scheduledTime - The scheduled starting time of the process. If null, the process starts immediately. If this method is invoked remotely, passing this parameter as the current date and time of the client machine is not a safe technique, because the date and time of the client machine may not be the same as the date and time of the ITIM server machine.
Returns:: Request object representing the operation's status.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with the platform.; AuthorizationException - Thrown if client is unauthorized to change the person. Note that even if only one of the attributes being changed is not writeable for the client, the entire request fails and this exception is thrown.; SchemaViolationException - Thrown if any of the attributes in the value object violate the managed object's schema.; ApplicationException - Thrown if unable to submit the request. This can be caused if the person was removed by another client previous to this call.
See Also:: RoleManager.getAllAssignmentAttributes(Set )

suspend

public Request suspend(java.util.Date scheduledTime)
                throws java.rmi.RemoteException,
                       AuthorizationException,
                       ApplicationException

This API restores users and based on the property com.ibm.itim.personManagement.suspendRestorePersonWithAccounts in enRole.properties also restores individual accounts of the users.

Parameters:: scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
Returns:: Request object representing the operation's status.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with platform.; AuthorizationException - Thrown if client is unauthorized to suspend the person or their accounts (if requested).; ApplicationException - Thrown if unable to submit the request. This may possibly be caused by the person being removed by another client previous to this call. This exception is thrown also when the PersonMO contains a null DistinguishedName.

restore

public Request restore(java.util.Date scheduledTime)
                throws java.rmi.RemoteException,
                       AuthorizationException,
                       ApplicationException

This API restores users and based on the property com.ibm.itim.personManagement.suspendRestorePersonWithAccounts in enRole.properties also restores individual accounts of the users.

Parameters:: scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
Returns:: Request object representing the operation's status.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with platform.; AuthorizationException - Thrown if client is unauthorized to restore the person or their accounts (if requested).; ApplicationException - Thrown if unable to submit the request. This may possibly be caused by the person being removed by another client previous to this call. This exception is thrown also when the PersonMO contains a null DistinguishedName.

transfer

public Request transfer(OrganizationalContainerMO newContainer,
                        java.util.Date scheduledTime)
                 throws java.rmi.RemoteException,
                        AuthorizationException,
                        ApplicationException

Transfers (moves) the person to another container.

Parameters:: newContainer - OrganizationalContainerMO representing the new parent container of the person.; scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
Returns:: Request object representing the operation's status.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with platform.; AuthorizationException - Thrown if client is unauthorized to transfer the person.; ApplicationException - Thrown if unable to submit the request. This may possibly be caused by the person or container being removed by another client previous to this call. This exception is thrown also when the PersonMO or newContainer contains a null DistinguishedName.

getRoles

public java.util.Collection getRoles()
                              throws java.rmi.RemoteException,
                                     AuthorizationException,
                                     ApplicationException

Returns the person's roles. Note, only roles the client is authorized to search will be returned. If the client is not authorized to view the roles of the person at all, an AuthorizationException will be thrown. If the client can view the roles, but not all roles are searchable by the client, then no AuthorizationException will be thrown; only a reduced list will be returned.

Returns:: Collection of RoleMO's for the person.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with platform.; AuthorizationException - Thrown if client is unauthorized to view the roles of the user.; ApplicationException - Thrown if unable to retrieve the person's roles. This may possibly be caused by the person being removed by another client previous to this call. This exception is thrown also when the PersonMO contains a null DistinguishedName.

getSupervisor

public PersonMO getSupervisor()
                       throws java.rmi.RemoteException,
                              AuthorizationException,
                              ApplicationException

Returns the person's supervisor (if any).

Returns:: PersonMO representing the person's supervisor, null if no supervisor is defined.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with platform.; AuthorizationException - Thrown if client is unauthorized to view the supervisor of the person.; ApplicationException - Thrown if unable to retrieve the person's supervisor. This may possibly be caused by the person being removed by another client previous to this call. This exception is thrown also when the PersonMO contains a null DistinguishedName.

getSponsor

public PersonMO getSponsor()
                    throws java.rmi.RemoteException,
                           AuthorizationException,
                           ApplicationException

Returns the person's sponsor (if any). Note, a sponsor is only applicable if the object represents an identity in the Business Partner category.

Returns:: PersonMO representing the person's sponsor, null if no sponsor is defined.
Throws:: java.rmi.RemoteException - Thrown if unable to communicate with platform.; AuthorizationException - Thrown if client is unauthorized to view the sponsor of the user.; ApplicationException - Thrown if unable to retrieve the person's sponsor. This may possibly be caused by the person being removed by another client previous to this call. This exception is thrown also when the PersonMO contains a null DistinguishedName.

getRoleAssignmentData

public java.util.Set<RoleAssignmentObject> getRoleAssignmentData()
                                                          throws ApplicationException

This method returns all of the Role Assignment Objects for a person.

Returns:: Returns a set of RoleAssignmentObject for this person.
Throws:: ApplicationException - Thrown if unable to retrieve the person's RoleAssignmentObject. This can be caused by the person being removed by another client previous to this call. This exception is thrown also when the PersonMO contains a null DistinguishedName.
Since:: 6.0
See Also:: RoleAssignmentObject

getRoleAssignmentData

public java.util.Map<DistinguishedName,RoleAssignmentObject> getRoleAssignmentData(RoleMO assignedRole)
                                                                            throws ApplicationException

This method returns a map of defined role and RoleAssignmentObject for the specified assigned role.

Returns:: Returns a map of defined role distinguished name and RoleAssignmentObject for the specified assigned role. The key is the defined role.
Throws:: ApplicationException - Thrown if unable to retrieve the person's RoleAssignmentObject. This can be caused by the person being removed by another client previous to this call. This exception is thrown also when the PersonMO contains a null DistinguishedName.
Since:: 6.0
See Also:: RoleAssignmentObject

updateRoleAssignmentData

public Request updateRoleAssignmentData(java.util.Set<RoleAssignmentObject> attributeValues,
                                        java.util.Date scheduleTime)
                                 throws ApplicationException

This method updates a person with the role assignment attribute value changes defined in the set of RoleAssignmentObjects. Each RoleAssignmentObject contains assignment attribute value changes applicable for a specific defined role (in which the attribute is defined) and a specific role to which the person is assigned. Use RoleManager.getAllAssignmentAttributes(assignedRoleDN) method to get all the assignment attribute that this person can have.

Parameters:: attributeValues - set of RoleAssignmentObjects that will be updated.; scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. If this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
Returns:: Request object representing the operation's status.
Throws:: ApplicationException - Thrown if unable to update the person's RoleAssignmentObject. This can be caused by the person being removed by another client previous to this call. This exception is thrown also when the PersonMO contains a null DistinguishedName.
Since:: 6.0
See Also:: RoleAssignmentObject, RoleManager.getAllAssignmentAttributes(Set )

removeRoleAssignmentData

public Request removeRoleAssignmentData(java.util.Date scheduleTime,
                                        java.util.Set<RoleMO> assignedRole)
                                 throws ApplicationException

This method removes all the RoleAssignmentObjects for the specified assigned role.

Parameters:: scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. If this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the Identity Manager server machine.; assignedRole - the DN of the assigned role of the person.
Returns:: Request object representing the operation's status.
Throws:: ApplicationException - Thrown if unable to remove the person's RoleAssignmentObject. This can be caused by the person being removed by another client previous to this call. This exception is thrown also when the PersonMO contains a null DistinguishedName.
Since:: 6.0

equals

public boolean equals(java.lang.Object o)

Overrides:: equals in class java.lang.Object

See Also:: Object.equals(java.lang.Object)

hashCode

public int hashCode()

Overrides:: hashCode in class java.lang.Object

See Also:: Object.hashCode()

Overview

Package

Class

Use

Tree

Serialized

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

IBM Security Identity Manager 6.0.0
© Copyright International Business Machines Corporation 2007, 2012. All rights reserved. US Government Users Restricited Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

com.ibm.itim.apps.identity Class PersonMO

PersonMO

getDistinguishedName

getData

getContainer

unManage

remove

update

update

suspend

restore

transfer

getRoles

getSupervisor

getSponsor

getRoleAssignmentData

getRoleAssignmentData

updateRoleAssignmentData

removeRoleAssignmentData

equals

hashCode

com.ibm.itim.apps.identity
Class PersonMO