com.ibm.itim.apps.policy
Class SeparationOfDutyPolicyMO

java.lang.Object
  extended by com.ibm.itim.apps.policy.SeparationOfDutyPolicyMO

public class SeparationOfDutyPolicyMO
extends java.lang.Object

Separation of duty object representing a separation of duty policy.


Constructor Summary
SeparationOfDutyPolicyMO(PlatformContext platform, javax.security.auth.Subject subject, DistinguishedName name)
          Constructs the the managed object with a platform context, a subject, and the distinguished name of the object to manage.
 
Method Summary
 OrganizationalContainerMO getContainer()
          Returns the current parent container of this policy.
 SeparationOfDutyPolicy getData()
          Returns a current snapshot of the data defining the managed object.
 DistinguishedName getDistinguishedName()
          Returns the distinguished name of the managed object
 java.util.Collection<IPolicyRuleStatistics> getItemizedStatisticsByRule()
          For this policy, categorize violation and exemption counts into their respective rules.
 OrganizationalContainerMO getOrganization()
          Returns the organization this policy is contained within.
 IPolicyStatistics getPolicyStatistics()
          For this policy, determine how many violations and exemptions exist.
 java.util.Collection<IRuleExemption> getRuleExemptions(java.lang.String ruleName)
          Retrieve the exemptions for the given rule in this separation of duty policy.
 java.util.Collection<IRuleViolation> getRuleViolations(java.lang.String ruleName)
          Retrieve the violations for the given rule in this separation of duty policy.
 boolean isDeletable()
          Returns true if this object can be deleted/removed.
 boolean isExemptionAdminable()
          Returns true if the logged in user has permission to update exemption status for this policy (exemptionAdmin permission).
 boolean isReconcileable()
          Returns true if the logged in user has permission to reconcile exemption data for this policy (reconcile permission).
 boolean isUpdatable()
          Returns true if this object can be modified/updated.
 Request reconcile(java.util.Date scheduledTime)
          Starts a separation of duty policy reconciliation which will record violation results into the database.
 Request remove(java.util.Date scheduledTime)
          Removes the policy object and associated managed objects from the provisioning platform.
 Request update(SeparationOfDutyPolicy p, java.util.Date scheduledTime)
          Updates the managed object.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SeparationOfDutyPolicyMO

public SeparationOfDutyPolicyMO(PlatformContext platform,
                                javax.security.auth.Subject subject,
                                DistinguishedName name)
Constructs the the managed object with a platform context, a subject, and the distinguished name of the object to manage.

Parameters:
platform - PlatformContext holding platform connection information.
subject - Subject representing the authenticated caller.
name - DistinguishedName identifying the policy.
Method Detail

getDistinguishedName

public DistinguishedName getDistinguishedName()
Returns the distinguished name of the managed object

Returns:
DistinguishedName of the managed object.

getData

public SeparationOfDutyPolicy getData()
                               throws java.rmi.RemoteException,
                                      ApplicationException
Returns a current snapshot of the data defining the managed object. This snapshot contains only the data the user is authorized to view. Attributes the user has no permission to search on are filtered out.

Returns:
SeparationOfDutyPolicy object holding attribute information.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with the platform.
ApplicationException - Thrown if unable to retrieve data.

update

public Request update(SeparationOfDutyPolicy p,
                      java.util.Date scheduledTime)
               throws java.rmi.RemoteException,
                      AuthorizationException,
                      SchemaViolationException,
                      ApplicationException
Updates the managed object. A policy value object is provided with the changes to make.

Parameters:
p - Policy value object with changes to make.
scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. If this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not match the date/time of the ITIM server machine.
Returns:
Request object representing the operation's status.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with the platform.
AuthorizationException - Thrown if the client is unauthorized to change the policy.
SchemaViolationException - Thrown if any of the attributes in the value object violate the schema of the managed object.
ApplicationException - Thrown if unable to submit the request. This might occur if another client removes the policy prior to the call. This exception is also thrown when SeparationOfDutyPolicyMO contains a null DistinguishedName.

remove

public Request remove(java.util.Date scheduledTime)
               throws java.rmi.RemoteException,
                      ApplicationException,
                      AuthorizationException
Removes the policy object and associated managed objects from the provisioning platform.

Parameters:
scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. If this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine might not match the date/time of the ITIM server machine.
Returns:
Request object representing the status of the operation.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with the platform.
AuthorizationException - Thrown if the client is unauthorized to remove the policy.
ApplicationException - Thrown if unable to submit the request. This might occur if another client removes the policy prior to the call. This exception is also thrown when SeparationOfDutyPolicyMO contains a null DistinguishedName.

getContainer

public OrganizationalContainerMO getContainer()
                                       throws java.rmi.RemoteException,
                                              ApplicationException,
                                              AuthorizationException
Returns the current parent container of this policy.

Returns:
OrganizationalContainerMO representing the parent container.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with the platform.
AuthorizationException - Thrown if the client is unauthorized to view the container of the policy.
ApplicationException - Thrown if unable to retrieve the container of the policy.

getOrganization

public OrganizationalContainerMO getOrganization()
                                          throws java.rmi.RemoteException,
                                                 ApplicationException,
                                                 AuthorizationException
Returns the organization this policy is contained within.

Returns:
OrganizationalContainerMO representing the organization.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with the platform.
com.ibm.itim.apps.exception.AppProcessingException - Thrown if unable to retrieve the organization.
ApplicationException
AuthorizationException

isDeletable

public boolean isDeletable()
                    throws java.rmi.RemoteException,
                           ApplicationException,
                           AuthorizationException
Returns true if this object can be deleted/removed.

Throws:
java.rmi.RemoteException - Thrown if unable to communicate with the platform.
ApplicationException - Thrown if unable to retrieve this object.
AuthorizationException - Thrown if the delete/remove operation is not allowed.

isUpdatable

public boolean isUpdatable()
                    throws java.rmi.RemoteException,
                           ApplicationException,
                           AuthorizationException
Returns true if this object can be modified/updated.

Throws:
java.rmi.RemoteException - Thrown if unable to communicate with the platform.
ApplicationException - Thrown if unable to update this object.
AuthorizationException - Thrown if the modify/update operation is not allowed.

isExemptionAdminable

public boolean isExemptionAdminable()
                             throws java.rmi.RemoteException,
                                    ApplicationException,
                                    AuthorizationException
Returns true if the logged in user has permission to update exemption status for this policy (exemptionAdmin permission).

Throws:
java.rmi.RemoteException - Thrown if unable to communicate with the platform.
ApplicationException - Thrown if unable to retrieve this object.
AuthorizationException - Thrown if the exemptionAdmin operation is not allowed.

isReconcileable

public boolean isReconcileable()
                        throws java.rmi.RemoteException,
                               ApplicationException,
                               AuthorizationException
Returns true if the logged in user has permission to reconcile exemption data for this policy (reconcile permission).

Throws:
java.rmi.RemoteException - Thrown if unable to communicate with the platform.
ApplicationException - Thrown if unable to retrieve this object.
AuthorizationException - Thrown if the exemptionAdmin operation is not allowed.

reconcile

public Request reconcile(java.util.Date scheduledTime)
                  throws java.rmi.RemoteException,
                         ApplicationException,
                         AuthorizationException
Starts a separation of duty policy reconciliation which will record violation results into the database.

Parameters:
scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. If this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine might not match the date/time of the ITIM server machine.
Returns:
Request object representing the status of the operation.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with the platform.
ApplicationException - Thrown if unable to retrieve this object.
AuthorizationException - Thrown if the exemptionAdmin operation is not allowed.

getPolicyStatistics

public IPolicyStatistics getPolicyStatistics()
                                      throws java.rmi.RemoteException,
                                             ApplicationException,
                                             AuthorizationException
For this policy, determine how many violations and exemptions exist.

Returns:
IPolicyStatistics object containing the violation and exemption counts for the passed-in policy.
Throws:
ApplicationException - Thrown when an application-level error occurs.
AuthorizationException - Thrown if the user is not authorized to perform the operation.
java.rmi.RemoteException

getItemizedStatisticsByRule

public java.util.Collection<IPolicyRuleStatistics> getItemizedStatisticsByRule()
                                                                        throws java.rmi.RemoteException,
                                                                               ApplicationException,
                                                                               AuthorizationException
For this policy, categorize violation and exemption counts into their respective rules.

Parameters:
policy - Determine the number of violations and exemptions for each rule in this passed-in policy.
Returns:
A Collection which details for each rule how many violations and exemptions exist.
Throws:
ApplicationException - Thrown when an application-level error occurs.
AuthorizationException - Thrown if the user is not authorized to perform the operation.
java.rmi.RemoteException

getRuleViolations

public java.util.Collection<IRuleViolation> getRuleViolations(java.lang.String ruleName)
                                                       throws java.rmi.RemoteException,
                                                              ApplicationException,
                                                              AuthorizationException
Retrieve the violations for the given rule in this separation of duty policy.

Parameters:
ruleName - The rule name (which is found in the policy) to lookup violations
Throws:
ApplicationException - Thrown when an application-level error occurs.
AuthorizationException - Thrown if the user is not authorized to perform the operation.
java.rmi.RemoteException

getRuleExemptions

public java.util.Collection<IRuleExemption> getRuleExemptions(java.lang.String ruleName)
                                                       throws java.rmi.RemoteException,
                                                              ApplicationException,
                                                              AuthorizationException
Retrieve the exemptions for the given rule in this separation of duty policy.

Parameters:
ruleName - The rule name (which is found in the policy) to lookup exemptions
Throws:
ApplicationException - Thrown when an application-level error occurs.
AuthorizationException - Thrown if the user is not authorized to perform the operation.
java.rmi.RemoteException


IBM Security Identity Manager 6.0.0
© Copyright International Business Machines Corporation 2007, 2012. All rights reserved. US Government Users Restricited Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.