public interface IResourceAclManager
IAclSecurityManager
s
IAclManager
s (one to one)
IResource
s
IAclManager
s operate on arbitrary objects which are identified by an unique
ID
RID
of the IResource
s as object ID to the
IAclManager
s
IAclManager
s
IResourceAcl
(for IAcl
), IResourceAclEntry
(for IAclEntry
) in
order to hide the calls of the IAclManager
(so that nobody can pass a fake
'caller')
Abbreviations
ACL: Access Control List
ACE: Access Control List Entry
Copyright (c) SAP AG 2001-2004
Modifier and Type | Method and Description |
---|---|
boolean |
addSupportedPermission(IObjectType objectType,
IAclPermission permission)
assign a permission to an object type
|
boolean[] |
areAclsUpToDate(IResourceAcl[] acls)
check whether the ACLs are up to date (compared to the database)
|
boolean |
areNegativeAclEntriesSupported()
check whether negative ACEs are supported
|
boolean |
assignForeignAcl(IResourceAcl foreignAcl,
IResource resource)
assign an ACL from a foreign IResourceAclManager to a local resource -
foreign ACEs which hold permissions that are not supported by the local
IResourceAclManager are ignored - locally inherited ACEs are added - the
owners are maintained - if the resource inherits an ACL the user must be an
owner - fails, if the resource already has an ACL assigned
|
IResourceAcl |
createAcl(IResource resource)
create a new ACL for a resource - initial owner is the user in the resource
context - inherited ACEs are added - if the resource inherits an ACL the
user must be an owner - fails, if the resource already has an ACL assigned
|
IResourceAclEntry |
createAclEntry(IPrincipal principal,
boolean negative,
IAclPermission permission,
int sortIndex)
create a new ACE for an ACL to grant or deny a permission to a principal
|
IResourceAclEntry |
createAclEntry(com.sapportals.portal.security.usermanagement.IUMPrincipal principal,
boolean negative,
IAclPermission permission,
int sortIndex)
Deprecated.
As of NetWeaver 7.1, replaced by
createAclEntry(com.sap.security.api.IPrincipal,boolean,IAclPermission,int) |
IAclPermission |
createPermission(String name)
create a new permission (the permission can not be used until it is
assigned to an object type by calling the addSupportedPermission() method)
|
IResourceAcl |
getAcl(IResource resource)
get the ACL of a specific resource
|
long |
getDBVersion()
Returns a value representing the state (timestamp or modifycounter) of all
persisted acl entries.
|
IResourceAcl |
getInheritedAcl(IResource resource)
get the ACL that a resource inherits by its ancestors
|
IObjectType |
getObjectType(IResource resource)
get the object type of a resource
|
IAclPermission |
getPermission(String name)
get the IAclPermission object of the (supported) permission with a given
name
|
IObjectTypeList |
getSupportedObjectTypes()
get a list of object types which are supported by the IResourceAclManager
for resources
|
IAclPermissionList |
getSupportedPermissions(IResource resource)
get a list of permissions which are supported by the IResourceAclManager
for a specific resource
|
boolean |
isPermissionUsedInAcl(IAclPermission permission)
check whether a permission is used in an ACL
|
boolean |
isReadOnly()
check whether the IResourceAclManager is read only (no creation or
modification of ACLs is allowed)
|
IResourceList |
propagateAcl_Remove(IResource resource)
remove the ACLs of the descendants of the resource
|
boolean |
removeAcl(IResource resource)
remove the ACL of a specific resource
|
boolean |
removeAcl(IResourceAcl acl)
remove an ACL
|
boolean |
removePermission(IAclPermission permission)
remove a permission - a permission can only be removed if it is not
predefined and not used in an ACL
|
boolean |
removeSupportedPermission(IObjectType objectType,
IAclPermission permission)
remove the assignment of a permission to an object type - a supported
permission can only be removed if it is not predefined and not used in an
ACL
|
IResourceAclEntry createAclEntry(com.sapportals.portal.security.usermanagement.IUMPrincipal principal, boolean negative, IAclPermission permission, int sortIndex) throws AclPersistenceException, UnsupportedOperationException, InvalidClassException
createAclEntry(com.sap.security.api.IPrincipal,boolean,IAclPermission,int)
principal
- the principalnegative
- true if the entry denies a permission, false if it grants
(denials are currently unsupported)permission
- the permissionsortIndex
- the position of the ACE in an ACL (important only with
denials)AclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredInvalidClassException
- the permission was created by a foreign
IResourceAclManagerUnsupportedOperationException
- negative ACEs are currently not
supported (request support by using the
areNegativeAclEntriesSupported() method)IResourceAclEntry createAclEntry(IPrincipal principal, boolean negative, IAclPermission permission, int sortIndex) throws AclPersistenceException, UnsupportedOperationException, InvalidClassException
principal
- the principalnegative
- true if the entry denies a permission, false if it grants
(denials are currently unsupported)permission
- the permissionsortIndex
- the position of the ACE in an ACL (important only with
denials)AclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredInvalidClassException
- the permission was created by a foreign
IResourceAclManagerUnsupportedOperationException
- negative ACEs are currently not
supported (request support by using the
areNegativeAclEntriesSupported() method)boolean areNegativeAclEntriesSupported()
IResourceAcl createAcl(IResource resource) throws AclPersistenceException, NotAuthorizedException, AclExistsException, ResourceException
resource
- the resourceAclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredNotAuthorizedException
- the user in the resource context is not
an owner of an inherited ACLAclExistsException
- an ACL already exists for the resourceResourceException
- the resource URI could not be determinedboolean assignForeignAcl(IResourceAcl foreignAcl, IResource resource) throws AclPersistenceException, NotAuthorizedException, AclExistsException, ResourceException
foreignAcl
- the foreign ACLresource
- the local resourceAclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredNotAuthorizedException
- the user in the resource context is not
an owner of an inherited ACLAclExistsException
- an ACL already exists for the resourceResourceException
- the resource URI could not be determinedIResourceAcl getAcl(IResource resource) throws AclPersistenceException, ResourceException
resource
- the resourceAclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredResourceException
- the resource URI could not be determinedIResourceAcl getInheritedAcl(IResource resource) throws AclPersistenceException, ResourceException
resource
- the resourceAclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredResourceException
- the resource URI could not be determinedboolean removeAcl(IResource resource) throws AclPersistenceException, NotAuthorizedException, ResourceException, ResourceException
resource
- the resourceAclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredNotAuthorizedException
- the user in the resource context is not
an owner of the ACLResourceException
- the resource URI could not be determinedboolean removeAcl(IResourceAcl acl) throws AclPersistenceException, NotAuthorizedException, InvalidClassException, ResourceException
acl
- the ACLAclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredNotAuthorizedException
- the caller is not an owner of the access
control listInvalidClassException
- the acl was created by a foreign resource
acl managerResourceException
- Exception raised in failure situationIObjectTypeList getSupportedObjectTypes() throws AclPersistenceException
AclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredIObjectType getObjectType(IResource resource) throws AclPersistenceException, ResourceException
resource
- the resourceAclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredResourceException
- the resource URI could not be determinedIAclPermissionList getSupportedPermissions(IResource resource) throws AclPersistenceException, ResourceException
resource
- the resourceAclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredResourceException
- the resource URI could not be determinedIAclPermission getPermission(String name) throws AclPersistenceException
name
- the name of the permissionAclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredboolean addSupportedPermission(IObjectType objectType, IAclPermission permission) throws AclPersistenceException, PredefinedPermissionException
objectType
- the object typepermission
- the permissionAclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredPredefinedPermissionException
- the permission is predefined and
thus not allowed to be changedboolean removeSupportedPermission(IObjectType objectType, IAclPermission permission) throws AclPersistenceException, PredefinedPermissionException, PermissionUsedException
objectType
- the object typepermission
- the permissionAclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredPredefinedPermissionException
- the permission is predefined and
thus not allowed to be changedPermissionUsedException
- Exception raised in failure situationIAclPermission createPermission(String name) throws AclPersistenceException, PermissionExistsException
name
- the permission nameAclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredPermissionExistsException
- a permission with that name exists
alreadyboolean removePermission(IAclPermission permission) throws AclPersistenceException, PredefinedPermissionException, PermissionUsedException
permission
- the permissionAclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredPredefinedPermissionException
- the permission is predefined and
thus not allowed to be changedPermissionUsedException
- the permission is used in some acl and
thus not allowed to be changedboolean isPermissionUsedInAcl(IAclPermission permission) throws AclPersistenceException
permission
- the permissionAclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredboolean isReadOnly() throws AclPersistenceException
AclPersistenceException
- a problem with the storage where the
ACLs are persisted occurredboolean[] areAclsUpToDate(IResourceAcl[] acls) throws AclPersistenceException
acls
- the ACLs to checkAclPersistenceException
- Exception raised in failure situationIResourceList propagateAcl_Remove(IResource resource) throws AclPersistenceException, ResourceException, NoAclException, InvalidClassException, NotAuthorizedException
AclPersistenceException
- Exception raised in failure situationResourceException
- Exception raised in failure situationNoAclException
- Exception raised in failure situationInvalidClassException
- Exception raised in failure situationNotAuthorizedException
- Exception raised in failure situationlong getDBVersion()
Access Rights |
---|
SC | DC | Public Part | ACH |
---|---|---|---|
[sap.com] KMC-CM
|
[sap.com] tc/km/frwk
|
api
|
EP-KM-CM
|
[sap.com] KMC-WPC
|
[sap.com] tc/kmc/wpc/wpcfacade
|
api
|
EP-PIN-WPC-WCM
|
Copyright 2018 SAP AG Complete Copyright Notice