public interface IAcl
Definition of an Access Control List object
This interface defines an Access Control List object (ACL object). It can contain zero or more ACE's which specify the principals and the permissions.
NOTE: Change operations on an ACL object do not implicitly trigger cluster-wide cache
invalidations. Therefore commit()
has to be called explicitly after all updates are
completed, to get the changes reflected in all runtime objects which might be cached in other
cluster nodes.
Modifier and Type | Method and Description |
---|---|
boolean |
addOwner(IPrincipal caller,
IPrincipal principal)
This method adds a new ACL owner to current ACL object.
|
boolean |
changeObjectID(IPrincipal caller,
String objectID)
This method changes the object ID for the current ACL.
|
void |
commit()
Commits any changes made to this ACL (i.e. add/remove AclEntry/Owner).
|
IAclEntry |
createAclEntry(IPrincipal caller,
IPrincipal principal,
String permission,
boolean isInherited)
This method creates a new ACE object to current ACL.
|
List |
getAclEntries()
This method returns a List of ACE objects which are assigned to the
current ACL object.
|
List |
getAclEntries(IPrincipal principal)
This method returns a List of ACE objects which are assigned to the
current ACL object concerning a specific user (principal).
|
String |
getObjectId()
This method returns the ID of the object which is assigned to current
ACL object.
|
List |
getOwners()
This method returns a list of ACL owners.
|
boolean |
hasPermission(IPrincipal principal,
String permission)
This method checks if an user (principal) is authorized for a specific
permission. but doesn't write an entry in the security audit log.
|
boolean |
isAllowed(IPrincipal principal,
String permission)
This method checks if an user (principal) is authorised for a specific
permission.
|
boolean |
isOwner(IPrincipal principal)
This method checks, if an user (principal) is an ACL owner.
|
IAcl |
prepare()
Prepares this ACL for update.
|
boolean |
removeAclEntry(IPrincipal caller,
IAclEntry aclEntry)
This method removes an existing ACE object from the current ACL object.
|
boolean |
removeOwner(IPrincipal caller,
IPrincipal principal)
This method removes an ACL owner from current ACL object.
|
void |
resetAcl(IPrincipal caller)
This method removes all existing ACE objects from the current ACL object
except the ACE's with the owner permission, but does not delete the ACL.
|
boolean addOwner(IPrincipal caller, IPrincipal principal) throws UMException
caller
- a current ACL owner.principal
- new ACL owner (principal, for example user).UMException
- if the data cannot be added.boolean removeOwner(IPrincipal caller, IPrincipal principal) throws UMException
caller
- an ACL owner.principal
- another ACL owner (principal, for example user)UMException
- if the data cannot be removed.boolean isOwner(IPrincipal principal) throws UMException
principal
- the checked user (principal).UMException
- if the data cannot be read.List getOwners() throws UMException
UMException
- if the data cannot be read.IAclEntry createAclEntry(IPrincipal caller, IPrincipal principal, String permission, boolean isInherited) throws UMException
caller
- an ACL owner.principal
- principal for ACEpermission
- permission for the ACEisInherited
- if the ACE is inheritedUMException
- if the data cannot be created.boolean removeAclEntry(IPrincipal caller, IAclEntry aclEntry) throws UMException
caller
- an ACL owner.aclEntry
- an ACE object.UMException
- if the data cannot be removed.void resetAcl(IPrincipal caller) throws UMException
caller
- an ACL owner.UMException
- if the data cannot be reseted.List getAclEntries() throws UMException
UMException
- if the data cannot be read.List getAclEntries(IPrincipal principal) throws UMException
principal
- user (principal).UMException
- if the data cannot be read.boolean isAllowed(IPrincipal principal, String permission) throws UMException
principal
- user (principal).permission
- checked permission.UMException
- if the data cannot be read.boolean hasPermission(IPrincipal principal, String permission) throws UMException
principal
- user or grouppermission
- checked permissionUMException
- if the data cannot be read.String getObjectId() throws UMException
UMException
- if the data cannot be read.boolean changeObjectID(IPrincipal caller, String objectID) throws UMException
caller
- an ACL ownerobjectID
- the object IDUMException
- if the data cannot be changed.IAcl prepare() throws UMException
UMException
- if the data cannot be prepared.void commit() throws UMException
UMException
- if the data cannot be committed.Access Rights |
---|
SC | DC | Public Part | ACH |
---|---|---|---|
[sap.com] CORE-TOOLS
|
[sap.com]
|
default
|
BC-JAS
|
[sap.com] ENGFACADE
|
[sap.com] tc/je/usermanagement/api
|
api
|
BC-JAS-SEC
|
[sap.com] ENGINEAPI
|
[sap.com]
|
-
|
BC-JAS-SEC-UME
|
[sap.com] ENGINEAPI
|
[sap.com]
|
default
|
BC-JAS-SEC-UME
|
Copyright 2018 SAP AG Complete Copyright Notice