Overview  Package   Class  Use  Tree  Serialized  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.ibm.itim.apps.system
Class SystemRoleMO

java.lang.Object
  extended by com.ibm.itim.apps.system.SystemRoleMO

public class SystemRoleMO
extends java.lang.Object

Managed object representing a System Role. Provides methods to get the attributes of, update the membership and to remove a System Role.

Constructor Summary
SystemRoleMO(PlatformContext platform, javax.security.auth.Subject subject, DistinguishedName name)
          Constructs the the managed object with a platform context, a subject, and the distinguished name of the object to manage.
 
Method Summary
 void addMembers(java.util.Collection members, java.util.Date effectiveDate)
          Adds multiple users to a System Role.
 OrganizationalContainerMO getContainer()
          Returns the current parent container in the tree.
 SystemRole getData()
          Returns a current snapshot of the data defining the System Role.
 DistinguishedName getDistinguishedName()
          Returns the distinguished name of the managed object
 java.util.Collection getMembers()
          Returns the members of a System Role.
 void remove()
          Removes the System Role associated with this SystemRoleMO.
 void removeMembers(java.util.Collection members, java.util.Date effectiveDate)
          Removes multiple users from a System Role.
 void update(SystemRole systemRole)
          Updates the System Role associated with a SystemRoleMO.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SystemRoleMO

public SystemRoleMO(PlatformContext platform,
                    javax.security.auth.Subject subject,
                    DistinguishedName name)
Constructs the the managed object with a platform context, a subject, and the distinguished name of the object to manage.

Parameters:
platform - PlatformContext holding platform connection information.
subject - Subject representing the authenticated caller.
name - DistinguishedName identifying the system's role.
Method Detail

getDistinguishedName

public DistinguishedName getDistinguishedName()
Returns the distinguished name of the managed object

Returns:
DistinguishedName of the managed object.

getData

public SystemRole getData()
                   throws java.rmi.RemoteException,
                          ApplicationException
Returns a current snapshot of the data defining the System Role.

Returns:
SystemRole object holding attribute information.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if unable to retrieve data. This exception is thrown also when the SystemRoleMO contains a null DistinguishedName.

getContainer

public OrganizationalContainerMO getContainer()
                                       throws java.rmi.RemoteException,
                                              ApplicationException
Returns the current parent container in the tree.

Returns:
OrganizationalContainerMO representing the parent container.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if unable to retrieve parent.

getMembers

public java.util.Collection getMembers()
                                throws java.rmi.RemoteException,
                                       ApplicationException
Returns the members of a System Role.

Returns:
Collection of SystemUserMO, members of the System Role associated with a SystemRoleMO.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - thrown if unable to retrieve the System Role members. This exception is thrown also when the SystemRoleMO contains a null DistinguishedName.

addMembers

public void addMembers(java.util.Collection members,
                       java.util.Date effectiveDate)
                throws java.rmi.RemoteException,
                       ApplicationException,
                       AuthorizationException
Adds multiple users to a System Role. The operation can be scheduled but the method does not return a com.ibm.itim.apps.Request object.

Parameters:
members - Collection of SystemUserMO to add to the System Role associated with this SystemRoleMO.
effectiveDate - The scheduled starting time of the operation. If null, the operation will start immediately. In case this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - thrown if unable to update the System Role membership. This exception is thrown also when the SystemRoleMO contains a null DistinguishedName.
AuthorizationException - thrown if the user associated with the SystemRoleMO instance is not allowed to add users to this System Role. Two sets of permission are required:

  1. Permission to "modify" System Role
  2. Permission to write to the System Roles attribute of a System User.

removeMembers

public void removeMembers(java.util.Collection members,
                          java.util.Date effectiveDate)
                   throws java.rmi.RemoteException,
                          ApplicationException,
                          AuthorizationException
Removes multiple users from a System Role. The operation can be scheduled but the method does not return a com.ibm.itim.apps.Request object. If a user is not a member of the System Role, no exception is thrown.

Parameters:
members - Collection of SystemUserMO to remove from the System Role associated with this SystemRoleMO.
effectiveDate - The scheduled starting time of the operation. If null, the operation will start immediately. In case this method is invoked remotely, passing this parameter as the current date/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - thrown if unable to update the System Role membership. This exception is thrown also when the SystemRoleMO contains a null DistinguishedName.
AuthorizationException - thrown if the user associated with the SystemRoleMO instance is not allowed to remove users from this System Role. Two sets of permission are required:

  1. Permission to "modify" System Role
  2. Permission to write to the System Roles attribute of a System User.

update

public void update(SystemRole systemRole)
            throws java.rmi.RemoteException,
                   AuthorizationException,
                   ApplicationException
Updates the System Role associated with a SystemRoleMO.

Parameters:
systemRole - the SystemRole with attributes to update, namely the role description and/or role category. Only these two attributes can be updated using this method. If the systemRole object contains additional attributes that are not part of schema, an exception will be thrown. If the role category attribute contains multiple values while a single value is expected, only one value is considered for category updation. There are setter methods available for setting description and/or role category values in SystemRole class.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - is a data services error prevents updating the System Role. This exception is thrown also when the SystemRole or SystemRoleMO contains a null DistinguishedName. A more specific ApplicationException, SchemaViolationException, if SystemRole object does not have required attributes or attributes that are not part of the schema or attributes with bad values.
AuthorizationException - if the user associated with the SystemRoleMO used for this operation is not allowed to modify the System Role.

remove

public void remove()
            throws java.rmi.RemoteException,
                   ApplicationException,
                   AuthorizationException
Removes the System Role associated with this SystemRoleMO.

Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - thrown if a data services exception prevents removing the system role. This exception is thrown also when the SystemRoleMO contains a null DistinguishedName.
AuthorizationException - thrown if the user associated with the SystemRoleMO instance is not allowed to remove a System Role from its container.
Overview  Package   Class  Use  Tree  Serialized  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
IBM Security Identity Manager 6.0.0
© Copyright International Business Machines Corporation 2007, 2012. All rights reserved. US Government Users Restricited Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.