com.sap.security.api.acl

Interface IAcl

public interface IAcl

ACL Context Interface

Definition of an Access Control List object

This interface defines an Access Control List object (ACL object). It can contain zero or more ACE's which specify the principals and the permissions.

NOTE: Change operations on an ACL object do not implicitly trigger cluster-wide cache invalidations. Therefore commit() has to be called explicitly after all updates are completed, to get the changes reflected in all runtime objects which might be cached in other cluster nodes.

Method Summary

boolean	addOwner(IPrincipal caller, IPrincipal principal) This method adds a new ACL owner to current ACL object.
boolean	changeObjectID(IPrincipal caller, String objectID) This method changes the object ID for the current ACL.
void	commit() Commits any changes made to this ACL (i.e. add/remove AclEntry/Owner).
IAclEntry	createAclEntry(IPrincipal caller, IPrincipal principal, String permission, boolean isInherited) This method creates a new ACE object to current ACL.
List	getAclEntries() This method returns a List of ACE objects which are assigned to the current ACL object.
List	getAclEntries(IPrincipal principal) This method returns a List of ACE objects which are assigned to the current ACL object concerning a specific user (principal).
String	getObjectId() This methode returns the ID of the object which is assigned to current ACL object.
List	getOwners() This method returns a list of ACL owners.
boolean	hasPermission(IPrincipal principal, String permission) This method checks if an user (principal) is authorized for a specific permission.
boolean	isAllowed(IPrincipal principal, String permission) This method checks if an user (principal) is authorised for a specific permission.
boolean	isOwner(IPrincipal principal) This method checks, if an user (principal) is an ACL owner.
IAcl	prepare() Prepares this ACL for update.
boolean	removeAclEntry(IPrincipal caller, IAclEntry aclEntry) This method removes an existing ACE object from the current ACL object.
boolean	removeOwner(IPrincipal caller, IPrincipal principal) This method removes an ACL owner from current ACL object.
void	resetAcl(IPrincipal caller) This method removes all existing ACE objects from the current ACL object except the ACE's with the owner permission, but does not delete the ACL.

Method Detail

addOwner

boolean addOwner(IPrincipal caller,
                 IPrincipal principal)
                 throws UMException

This method adds a new ACL owner to current ACL object.

Parameters:

caller - a current ACL owner.

principal - new ACL owner (principal, for example user).

Returns:

true when the new ACL owner was set successfully false otherwise

Throws:

UMException - if the data cannot be added.

removeOwner

boolean removeOwner(IPrincipal caller,
                    IPrincipal principal)
                    throws UMException

This method removes an ACL owner from current ACL object.

Parameters:

caller - an ACL owner.

principal - another ACL owner (principal, for example user)

Returns:

true when the ACL owner was removed successfully false otherwise

Throws:

UMException - if the data cannot be removed.

isOwner

boolean isOwner(IPrincipal principal)
                throws UMException

This method checks, if an user (principal) is an ACL owner.

Parameters:

principal - the checked user (principal).

Returns:

true when the user is an ACL owner false otherwise

Throws:

UMException - if the data cannot be read.

getOwners

List getOwners()
               throws UMException

This method returns a list of ACL owners.

Returns:

the owners of the ACL (List of IPrincipals).

Throws:

UMException - if the data cannot be read.

createAclEntry

IAclEntry createAclEntry(IPrincipal caller,
                         IPrincipal principal,
                         String permission,
                         boolean isInherited)
                         throws UMException

This method creates a new ACE object to current ACL. If an IAclEntry is inherited, it represents the parent ACE's of the object.

Parameters:

caller - an ACL owner.

principal - principal for ACE

permission - permission for the ACE qparam isInherited if the ACE is inherited

Returns:

IAclEntry the ACE object null if it is not possible to create an ACE

Throws:

UMException - if the data cannot be created.

removeAclEntry

boolean removeAclEntry(IPrincipal caller,
                       IAclEntry aclEntry)
                       throws UMException

This method removes an existing ACE object from the current ACL object.

Parameters:

caller - an ACL owner.

aclEntry - an ACE object.

Returns:

true when the new ACE object was removed successfully false otherwise

Throws:

UMException - if the data cannot be removed.

resetAcl

void resetAcl(IPrincipal caller)
              throws UMException

This method removes all existing ACE objects from the current ACL object except the ACE's with the owner permission, but does not delete the ACL.

Parameters:

caller - an ACL owner.

Throws:

UMException - if the data cannot be reseted.

getAclEntries

List getAclEntries()
                   throws UMException

This method returns a List of ACE objects which are assigned to the current ACL object.

Returns:

a List of ACE objects

Throws:

UMException - if the data cannot be read.

getAclEntries

List getAclEntries(IPrincipal principal)
                   throws UMException

This method returns a List of ACE objects which are assigned to the current ACL object concerning a specific user (principal).

Parameters:

principal - user (principal).

Returns:

a List of ACE objects concerning a specific user (principal).

Throws:

UMException - if the data cannot be read.

isAllowed

boolean isAllowed(IPrincipal principal,
                  String permission)
                  throws UMException

This method checks if an user (principal) is authorised for a specific permission.

Parameters:

principal - user (principal).

permission - checked permission.

Returns:

true if the principal is authorised for the specified permission false otherwise

Throws:

UMException - if the data cannot be read.

hasPermission

boolean hasPermission(IPrincipal principal,
                      String permission)
                      throws UMException

This method checks if an user (principal) is authorized for a specific permission. but doesn't write an entry in the security audit log.

Parameters:

principal - user or group

permission - checked permission

Returns:

true if the principal is authorized for the specified permission false otherwise

Throws:

UMException - if the data cannot be read.

getObjectId

String getObjectId()
                   throws UMException

This methode returns the ID of the object which is assigned to current ACL object.

Returns:

an object ID.

Throws:

UMException - if the data cannot be read.

changeObjectID

boolean changeObjectID(IPrincipal caller,
                       String objectID)
                       throws UMException

This method changes the object ID for the current ACL.

Returns:

true if the object ID was changed successfully false otherwise

Throws:

UMException - if the data cannot be changed.

prepare

IAcl prepare()
             throws UMException

Prepares this ACL for update.

Returns:

the concerning ACL Object.

Throws:

UMException - if the data cannot be prepared.

commit

void commit()
            throws UMException

Commits any changes made to this ACL (i.e. add/remove AclEntry/Owner). If successful, a cluster-wide cache invalidation of the ACL is performed.

Throws:

UMException - if the data cannot be commited.

Access Rights

This class can be accessed from:

SC	DC
[sap.com] ENGINEAPI	[sap.com] com.sap.security.api.sda
[sap.com] ENGFACADE	[sap.com] tc/je/usermanagement/api
[sap.com] CORE-TOOLS	[sap.com] com.sap.engine.client.lib