com.ibm.itim.dataservices.model
Class AccessRight

java.lang.Object
  extended by com.ibm.itim.dataservices.model.AccessRight
All Implemented Interfaces:
java.io.Serializable

public class AccessRight
extends java.lang.Object
implements java.io.Serializable

Class that represents an access right, or Access Control Information (ACI).

See Also:
Serialized Form

Field Summary
static java.lang.String SINGLE_SCOPE
          Constant indicating the scope of the ACI is to be only one level of the logical tree.
static java.lang.String SUBTREE_SCOPE
          Constant indicating the scope of the ACI is to be the current level and all sub-levels of the logical tree.
 
Constructor Summary
AccessRight()
          Default constructor.
 
Method Summary
 java.lang.String getFilter()
          Returns the ACI's LDAP search filter, if any.
 java.lang.String getName()
          Returns a descriptive name or label for the ACI.
 java.util.Collection<Permission> getPermissions()
          Returns the collection of permissions that define the level of access to the target.
 java.util.Collection getPrincipals()
          Returns the set of principals that the permissions apply to.
 java.util.Collection getRoles()
          Returns a Collection String DN that point to the groups whose members are authorized by the ACI this AccessRight represents.
 java.lang.String getScope()
          Returns the scope of the ACI.
 java.lang.String getTarget()
          Returns the target entity, or set of entities, this ACI is protecting.
 boolean isForAllPrincipals()
          Returns true if the permissions apply to everyone in the system.
 void setFilter(java.lang.String filter)
          Sets the ACI's LDAP search filter.
 void setIsForAllPrincipals(boolean isForAllPrincipals)
          Toggles whether the permissions apply to everyone in the system.
 void setName(java.lang.String name)
          Changes the descriptive name or label of the ACI.
 void setScope(java.lang.String scope)
          Changes the scope of the ACI.
 void setTarget(java.lang.String target)
          Changes the target entity, or set of entities, this ACI is protecting.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SINGLE_SCOPE

public static final java.lang.String SINGLE_SCOPE
Constant indicating the scope of the ACI is to be only one level of the logical tree.

See Also:
Constant Field Values

SUBTREE_SCOPE

public static final java.lang.String SUBTREE_SCOPE
Constant indicating the scope of the ACI is to be the current level and all sub-levels of the logical tree.

See Also:
Constant Field Values
Constructor Detail

AccessRight

public AccessRight()
Default constructor.

Method Detail

getName

public java.lang.String getName()
Returns a descriptive name or label for the ACI.

Returns:
String name of the ACI.

setName

public void setName(java.lang.String name)
Changes the descriptive name or label of the ACI.

Parameters:
name - String name for the ACI.

getTarget

public java.lang.String getTarget()
Returns the target entity, or set of entities, this ACI is protecting.

Returns:
String description of the target entity, or entities.

setTarget

public void setTarget(java.lang.String target)
Changes the target entity, or set of entities, this ACI is protecting.

Parameters:
target - description of the target entity, or entities.

getPermissions

public java.util.Collection<Permission> getPermissions()
Returns the collection of permissions that define the level of access to the target.

Returns:
Collection of Permission objects. This collection is not a copy and all updates to it will be reflected in the AccessRight object.
See Also:
Permission

getRoles

public java.util.Collection getRoles()
Returns a Collection String DN that point to the groups whose members are authorized by the ACI this AccessRight represents.

Returns:
Collection of Strings representing group Distinguished Names. This collection is not a copy and all updates to it will be reflected in the AccessRight object.

getPrincipals

public java.util.Collection getPrincipals()
Returns the set of principals that the permissions apply to. A principal may represent one or more users by identifying a named group that the authorization engine can query.

Returns:
Collection of Strings representing group names. This collection is not a copy and all updates to it will be reflected in the AccessRight object. // returns "self", "supervisor", etc.

isForAllPrincipals

public boolean isForAllPrincipals()
Returns true if the permissions apply to everyone in the system.

Returns:
true if the access right applies to everyone (anyone).

setIsForAllPrincipals

public void setIsForAllPrincipals(boolean isForAllPrincipals)
Toggles whether the permissions apply to everyone in the system.

Parameters:
isForAllPrincipals - true if the access right applies to everyone (anyone).

getScope

public java.lang.String getScope()
Returns the scope of the ACI. The scope identifies how much of the data hierarchy the ACI covers.

Returns:
Enumeration of scope levels, SINGLE_SCOPE, SUBTREE_SCOPE.

setScope

public void setScope(java.lang.String scope)
Changes the scope of the ACI.

Parameters:
scope - Enumeration of scope levels, SINGLE_SCOPE, SUBTREE_SCOPE.

getFilter

public java.lang.String getFilter()
Returns the ACI's LDAP search filter, if any.

Returns:
the ACI's LDAP search filter. If there is no filter defined, then the null will be returned.

setFilter

public void setFilter(java.lang.String filter)
Sets the ACI's LDAP search filter.

Parameters:
filter - an RFC 2254 LDAP search filter.


IBM Security Identity Manager 6.0.0
© Copyright International Business Machines Corporation 2007, 2012. All rights reserved. US Government Users Restricited Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.