com.sap.security.api

Interface IRoleFactory

All Superinterfaces:

IConfigurable

public interface IRoleFactory
extends IConfigurable

This interface provides methods to access, create, search and delete IRole objects.

NOTE: As this interface�can be extended, this interface can be freely used, but must not be implemented.

Field Summary

static String

VERSIONSTRING

Method Summary

void	addGroupToRole(String uniqueIdOfGroup, String uniqueIdOfRole) Adds the specified group to the specified role and implicitly does a commit.
void	addUserToRole(String uniqueIdOfUser, String uniqueIdOfRole) Adds the specified user to the specified role and implicitly does a commit.
void	deleteRole(String uniqueID) Delete a role from the used store
String[]	getGroupsOfRole(String uniqueIdOfRole, boolean recursive) Returns groups which are assigned to role identified by uniqueIdOfRole
int	getMaxRoleDescriptionLength() Deprecated. the maximum length is defined in (String, String, String[])
IRole	getMutableRole(String uniqueID) Gets a modifiable IRole objects for a unique ID
IRole	getRole(String uniqueID) Gets the role object with the given unique ID
IRole	getRole(String uniqueID, AttributeList populateAttributes) Gets the role object with the given unique ID and populates the attributes in populateAttributes
IRole	getRoleByUniqueName(String uniqueName) Gets the role object with the given uniqueName Note: If you use this method be prepared to get an exception if multiple objects with the same name are found
IRole[]	getRoles(String[] uniqueIDs) Gets the role objects for multiple unique IDs
IRole[]	getRoles(String[] uniqueIDs, AttributeList populateAttributes) Gets the role objects for multiple unique IDs and populates the attributes defined in populateAttributes
IRoleSearchFilter	getRoleSearchFilter() Returns an IRoleSearchFilter object to be used to specify query attributes IRoleSearchFilter contains attributes which can be queried
String[]	getRolesOfGroup(String uniqueIdOfGroup, boolean recursive) Returns roles which are assigned to a group identified by uniqueIdOfGroup
String[]	getRolesOfUser(String uniqueIdOfUser, boolean recursive) Returns roles which are assigned to user identified by uniqueIdOfUser
String[]	getUsersOfRole(String uniqueIdOfRole, boolean recursive) Returns users who are assigned to role identified by uniqueIdOfRole
IRole	newRole(String uniqueName) Creates a new, initially blank role object.
void	registerListener(RoleListener roleListener, int modifier) registerListener allows to subscribe to a predefined eventName RoleListener The caller has to provide a receiver object which implements RoleListener
void	registerListener(RoleListener roleListener, int modifier, boolean notifyAfterPhysicalCommitCompleted) registerListener allows to subscribe to a predefined eventName RoleListener The caller has to provide a receiver object which implements RoleListener
void	removeGroupFromRole(String uniqueIdOfGroup, String uniqueIdOfRole) Remove the specified group from the specified role and implicitly does a commit.
void	removeUserFromRole(String uniqueIdOfUser, String uniqueIdOfRole) Remove the specified user from the specified role and implicitly does a commit.
ISearchResult	searchRoles(IRoleSearchFilter filter) Search for roles in the role store and role account store which match the criteria specified in the given filter.
void	unregisterListener(RoleListener roleListener) unregisterListener unsubscribes a receiver from a previously subscribed event.

Methods inherited from interface com.sap.security.api.IConfigurable

initialize

Field Detail

VERSIONSTRING

static final String VERSIONSTRING

See Also:

Constant Field Values

Method Detail

getRole

IRole getRole(String uniqueID)
              throws UMException

Gets the role object with the given unique ID

Parameters:

uniqueID - String representing the uniqueID of a role object.

Returns:

IRole the role object exists

Throws:

NoSuchRoleException - if no role with the given unique ID

UMException

getRole

IRole getRole(String uniqueID,
              AttributeList populateAttributes)
              throws UMException

Gets the role object with the given unique ID and populates the attributes in populateAttributes

Parameters:

uniqueID - String representing the uniqueID of a role object.

populateAttributes - AttributeList

Returns:

IRole the role object

Throws:

NoSuchRoleException - if no role with the given unique ID exists

UMException

deleteRole

void deleteRole(String uniqueID)
                throws UMException

Delete a role from the used store

Parameters:

uniqueID - String representing the uniqueID of a role object.

Throws:

UMException - if the role can't be deleted

NoSuchRoleException - if the role does not exist

searchRoles

ISearchResult searchRoles(IRoleSearchFilter filter)
                          throws UMException

Search for roles in the role store and role account store which match the criteria specified in the

given filter. In order to get a role search filter use getRoleSearchFilter(). You can define a search filter using methods of class IRoleSearchFilter. If you are using roles stored in the PCD, the behaviour not as expected. When searching with the uniquename and the equals operator for a role stored in PCD, only the first role which is found is returned. If you want to get all roles with a similar unique name you have to use the like operator in the role search filter. This PCD-Role specific behaviour is caused by the fact that the UME unique name is mapped to the pcd name of the role which is for example: pcd:portal_content/myFolder/myPrefix.MyRole However searching is only possible with the last part of the pcd name like "myPrefix.MyRole". In order to get all roles named for example "myPrefix.MyRole" you have to use the like operator with search string: "myPrefix.MyRole*"

Parameters:

filter - defined to search for roles

Returns:

ISearchResult result of the search operation ISearchResult

Throws:

UMException

getRoleSearchFilter

IRoleSearchFilter getRoleSearchFilter()
                                      throws UMException

Returns an IRoleSearchFilter object to be used to specify query attributes

IRoleSearchFilter contains attributes which can be queried

Returns:

IRoleSearchFilter container for values to be used as a search filter

Throws:

UMException

FeatureNotAvailableException

newRole

IRole newRole(String uniqueName)
              throws UMException

Creates a new, initially blank role object. After setting the appropriate data via set-methods, the role object must be commited to the role store via IPrincipalMaint.commit().

Parameters:

uniqueName - of new IRole object. Note: This uniqueName has to be unique for ALL data stores

Returns:

IRole a role object which can be modified

Throws:

RoleAlreadyExistsException - if role with uniqueName already exists

UMException

getRoleByUniqueName

IRole getRoleByUniqueName(String uniqueName)
                          throws UMException

Gets the role object with the given uniqueName

Note: If you use this method be prepared to get an exception if multiple objects with the same name are found

Parameters:

uniqueName - of IRole object

Returns:

IRole the role object

Throws:

NoSuchRoleException - if no role with the given uniqueName exists

UMException - if given unique name is not unique

getRoles

IRole[] getRoles(String[] uniqueIDs)
                 throws UMException

Gets the role objects for multiple unique IDs

Parameters:

uniqueIDs - array of uniqueIDs which are used to get an array of IRole objects.

Returns:

IRole[] an array of role objects

Throws:

NoSuchRoleException - if one or more of the given unique IDs are not assigned to any role

NoSuchPCDRoleException - if the role does not exist

UMException

getRoles

IRole[] getRoles(String[] uniqueIDs,
                 AttributeList populateAttributes)
                 throws UMException

Gets the role objects for multiple unique IDs and populates the attributes defined in populateAttributes

Parameters:

uniqueIDs - array of uniqueIDs which are used to get an array of IRole objects.

populateAttributes - AttributeList

Returns:

IRole[] an array of role objects

Throws:

NoSuchRoleException - if one or more of the given unique IDs are not assigned to any role

NoSuchPCDRoleException - if the role does not exist

UMException

getMutableRole

IRole getMutableRole(String uniqueID)
                     throws UMException

Gets a modifiable IRole objects for a unique ID

Parameters:

uniqueID - of an IRole object

Returns:

a mutable Role object which can be modified.

Throws:

NoSuchRoleException - if the unique ID does not exist

NoSuchPCDRoleException - if the role does not exist

UMException

getMaxRoleDescriptionLength

int getMaxRoleDescriptionLength()

Deprecated. the maximum length is defined in (String, String, String[])

Returns the maximum role description length, which is implementation depending.

Returns:

maximum supported role description length

registerListener

void registerListener(RoleListener roleListener,
                      int modifier)

registerListener allows to subscribe to a predefined eventName RoleListener The caller has to provide a receiver object which implements RoleListener

Parameters:

roleListener - object which implements interface RoleListener

modifier - constant defined in RoleListener

registerListener

void registerListener(RoleListener roleListener,
                      int modifier,
                      boolean notifyAfterPhysicalCommitCompleted)

registerListener allows to subscribe to a predefined eventName RoleListener The caller has to provide a receiver object which implements RoleListener

Parameters:

roleListener - object which implements interface RoleListener

modifier - constant defined in RoleListener

notifyAfterPhysicalCommitCompleted - Allows callers when set to false, to get a notification before the physical transaction is completed in order to include their actions into the same physical transaction.

unregisterListener

void unregisterListener(RoleListener roleListener)

unregisterListener unsubscribes a receiver from a previously subscribed event.

Parameters:

roleListener - object which implements interface RoleListener

getUsersOfRole

String[] getUsersOfRole(String uniqueIdOfRole,
                        boolean recursive)

Returns users who are assigned to role identified by uniqueIdOfRole

Parameters:

uniqueIdOfRole - representing the ID of an IRole

recursive - If this parameter is set to false all direct users are returned if recursive is true all users which are assigned via groups to this role are returned

Returns:

String[] of uniqueIdOfUsers

Throws:

NoSuchPCDRoleException - if the role does not exist

getGroupsOfRole

String[] getGroupsOfRole(String uniqueIdOfRole,
                         boolean recursive)

Returns groups which are assigned to role identified by uniqueIdOfRole

Parameters:

uniqueIdOfRole - representing the ID of an IRole

recursive - If this parameter is set to false all direct groups are returned if recursive is true all groups which are assigned via other groups to this role are returned.

Returns:

String[] of uniqueIdOfGroups

getRolesOfUser

String[] getRolesOfUser(String uniqueIdOfUser,
                        boolean recursive)

Returns roles which are assigned to user identified by uniqueIdOfUser

Parameters:

uniqueIdOfUser - representing the ID of an IUser

recursive - If this parameter is set to false all directly assigned roles are returned if recursive is true all roles which are assigned via other groups to this role are returned.

Returns:

String[] of uniqueIdOfRoles

getRolesOfGroup

String[] getRolesOfGroup(String uniqueIdOfGroup,
                         boolean recursive)

Returns roles which are assigned to a group identified by uniqueIdOfGroup

Parameters:

uniqueIdOfGroup - representing the ID of an IGroup

recursive - If this parameter is set to false all directly assigned roles are returned if recursive is true all roles which are assigned via other groups to this role are returned.

Returns:

String[] of uniqueIdOfRoles

addUserToRole

void addUserToRole(String uniqueIdOfUser,
                   String uniqueIdOfRole)
                   throws UMException

Adds the specified user to the specified role and implicitly does a commit.

Parameters:

uniqueIdOfUser - - the id of the user who will be added to the role

uniqueIdOfRole - - the id of the role to which the user will be added

Throws:

UMException

addGroupToRole

void addGroupToRole(String uniqueIdOfGroup,
                    String uniqueIdOfRole)
                    throws UMException

Adds the specified group to the specified role and implicitly does a commit.

Parameters:

uniqueIdOfGroup - - the id of the group which will be added to the role

uniqueIdOfRole - - the id of the role to which the group will be added

Throws:

UMException

removeUserFromRole

void removeUserFromRole(String uniqueIdOfUser,
                        String uniqueIdOfRole)
                        throws UMException

Remove the specified user from the specified role and implicitly does a commit.

Parameters:

uniqueIdOfUser - - the id of the user which will be removed from the role

uniqueIdOfRole - - the id of the role from which the user will be removed

Throws:

UMException

removeGroupFromRole

void removeGroupFromRole(String uniqueIdOfGroup,
                         String uniqueIdOfRole)
                         throws UMException

Remove the specified group from the specified role and implicitly does a commit.

Parameters:

uniqueIdOfGroup - - the id of the group which will be removed from the role

uniqueIdOfRole - - the id of the role from which the group will be removed

Throws:

UMException

Access Rights

This class can be accessed from:

SC	DC
[sap.com] ENGINEAPI	[sap.com] com.sap.security.api.sda
[sap.com] ENGFACADE	[sap.com] tc/je/usermanagement/api
[sap.com] CORE-TOOLS	[sap.com] com.sap.engine.client.lib