Class AccessControlListManager

  extended by

public class AccessControlListManager
extends java.lang.Object

Provides an interface to manage the system's Access Control List on a container by container basis. Exposes basic add, list, modify and delete operations for a remote client.

Constructor Summary
AccessControlListManager(PlatformContext platform, subject, DistinguishedName containerDN)
          Creates a new AccessControlListManager.
Method Summary
 void addAccessRight(AccessRight aRight)
          Adds an AccessRight to the ACL currently associated with a container, namely the container identified by the containerDN used to create this AccessControlListManager.
 void addAuthorizationOwner(AuthorizationOwner authOwner)
          Adds an AuthorizationOwner to the container identified by the containerDN used to create this AccessControlListManager.
 void deleteAccessRight(AccessRight accessRight)
          Deletes an AccessRight from the container identified by the containerDN used to create this AccessControlListManager.
 void deleteAuthorizationOwner(AuthorizationOwner authOwner)
          Removes an AuthorizationOwner from the container identified by the containerDN used to create this AccessControlListManager.
 java.util.Collection listAccessRights()
          Returns the full ACL on the container identified by the containerDN used to create this AccessControlListManager.
 java.util.Collection listAuthorizationOwners()
          Returns a Collection of AuthorizationOwner associated with the container identified by the containerDN used to create this AccessControlListManager.
 void modifyAccessRight(java.lang.String name, AccessRight newAccessRight)
          Modifies (replaces) an AccessRight on the container identified by the containerDN used to create this AccessControlListManager.
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail


public AccessControlListManager(PlatformContext platform,
                                DistinguishedName containerDN)
Creates a new AccessControlListManager.

platform - PlatformContext used to connect to the system.
subject - Subject represents an authenticated caller.
containerDN - the DistinguishedName of the container whose ACL to manage through this instance of AccessControlListManager.
Method Detail


public void addAccessRight(AccessRight aRight)
                    throws java.rmi.RemoteException,
Adds an AccessRight to the ACL currently associated with a container, namely the container identified by the containerDN used to create this AccessControlListManager.

aRight - The new AccessRight object to add to the ACL. The new AccessRight object being added should be semantically valid.
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if the client is unauthorized to manage/view the ACL for the container.
ApplicationException - Thrown if a low-level error such as accessing data services API prevents adding the AccessRight to the container. This exception is also thrown in case name is blank.


public java.util.Collection listAccessRights()
                                      throws java.rmi.RemoteException,
Returns the full ACL on the container identified by the containerDN used to create this AccessControlListManager. Returns a Collection of AccessRight.

Collection of AccessRight.
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if the client is unauthorized to manage/view the ACL for the container.
ApplicationException - Thrown if a low-level error such as accessing data services API prevents returning the container's ACL.


public void modifyAccessRight(java.lang.String name,
                              AccessRight newAccessRight)
                       throws java.rmi.RemoteException,
Modifies (replaces) an AccessRight on the container identified by the containerDN used to create this AccessControlListManager.

name - The old AccessRight's name.
newAccessRight - The new AccessRight object containing changes to commit which may include a new name. If the new AccessRight object contains changes that are not semantically valid, the changes will be ignored and no exception may be raised. For example, if the new AccessRight object contains a Permission with an action but no associated attribute rights or class rights, the Permission will be ignored.
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if the client is unauthorized to manage/view the ACL for the container.
ApplicationException - Thrown if a low-level error such as accessing data services API prevents modifying the AccessRight on the container. This exception is also thrown in case name is blank.


public void deleteAccessRight(AccessRight accessRight)
                       throws java.rmi.RemoteException,
Deletes an AccessRight from the container identified by the containerDN used to create this AccessControlListManager.

accessRight - The AccessRight to delete
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if the client is unauthorized to manage/view the ACL for the container.
ApplicationException - Thrown if a low-level error such as accessing data services API prevents deleting the AccessRight from the container. This exception is also thrown in case name is blank in the input AccessRight object.


public void addAuthorizationOwner(AuthorizationOwner authOwner)
                           throws java.rmi.RemoteException,
Adds an AuthorizationOwner to the container identified by the containerDN used to create this AccessControlListManager.

authOwner - the AuthorizationOwner to add.
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if the client is unauthorized to manage/view the ACL for the container.
ApplicationException - Thrown if a low-level error such as accessing data services API prevents adding the AuthorizationOwner to the container.


public java.util.Collection listAuthorizationOwners()
                                             throws java.rmi.RemoteException,
Returns a Collection of AuthorizationOwner associated with the container identified by the containerDN used to create this AccessControlListManager.

java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if the client is unauthorized to manage/view the ACL for the container.
ApplicationException - Thrown if a low-level error such as accessing data services API prevents listing the AuthorizationOwners on the container.


public void deleteAuthorizationOwner(AuthorizationOwner authOwner)
                              throws java.rmi.RemoteException,
Removes an AuthorizationOwner from the container identified by the containerDN used to create this AccessControlListManager.

authOwner - the AuthorizationOwner to add.
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if the client is unauthorized to manage/view the ACL for the container.
ApplicationException - Thrown if a low-level error such as accessing data services API prevents removing the AuthorizationOwner from the container.

IBM Tivoli Identity Manager 5.1
© Copyright International Business Machines Corporation 2007, 2009. All rightsreserved. US Government Users Restricited RightsUse, duplication or disclosure restricted by GSA ADP ScheduleContract with IBM Corp.