com.ibm.eserver.zos.racf.userregistry
Class RACF_SecAdmin

java.lang.Object
  extended bycom.ibm.eserver.zos.racf.userregistry.RACF_SecAdmin
All Implemented Interfaces:
SecAdmin

public class RACF_SecAdmin
extends Object
implements SecAdmin

Implements SecAdmin interface to RACF and provides additional utility methods (including cloning a userid, ability to display attributes in alphabetical order). RACF_SecAdmin can be used to administer user and group security to RACF.

Attributes are named with the following convention:
segmentname_keyword
or
segmentname
where segmentname and keyword are the segment name and keyword used on the corresponding RACF command.

Examples: BASE_SPECIAL gives a user or group the SPECIAL attribute. CICS gives a user a CICS segment. OMVS_HOME specifies the home directory in the OMVS segment. Attributes are case-insensitive.


Field Summary
static String COPYRIGHT
           
static String sccsid
           
 
Constructor Summary
RACF_SecAdmin()
          Constructs RACF_SecAdmin for a local RACF database.
RACF_SecAdmin(RACF_remote r)
          Constructs RACF_SecAdmin for a remote RACF accessed using LDAP/SDBM.
 
Method Summary
static TreeMap BasicAttributestoTreeMap(BasicAttributes ba)
          Takes attributes in BasicAttributes object and places in TreeMap, thereby sorting attributes alphabetically.
 void clone_user(String orig_user, String copy_user)
          Creates a new user with same attributes as an existing user.
 UserGroup createGroup(String groupname, BasicAttributes input_at)
          Creates a new group in security repository with specified attributes
 User createUser(String username, BasicAttributes input_at)
          Creates a new user in security repository with specified attributes
 void deleteGroup(String groupname)
          Deletes existing group from security repository
 void deleteUser(String username)
          Deletes existing user from security repository
static void displayAttributes(BasicAttributes ba)
          Displays attributes, one on each line, in alphabetical order to standard out.
static void displayAttributes(BasicAttributes ba, PrintStream ps)
          Displays attributes, one on each line, in alphabetical order to input PrintStream.
 UserGroup getGroup(String groupname)
          Gets UserGroup object for an existing group
 User getUser(String username)
          Gets User object for an existing user
 void modifyGroup(String groupname, ModificationItem[] mod)
          changes, adds or deletes attributes of an existing group
 void modifyUser(String username, ModificationItem[] mod)
          changes, adds or deletes attributes of an existing user
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

COPYRIGHT

public static final String COPYRIGHT
See Also:
Constant Field Values

sccsid

public static final String sccsid
See Also:
Constant Field Values
Constructor Detail

RACF_SecAdmin

public RACF_SecAdmin()
              throws SecAdminException
Constructs RACF_SecAdmin for a local RACF database. RACF and Java code using RACF_SecAdmin must both reside on the same z/OS system.

Throws:
SecAdminException

RACF_SecAdmin

public RACF_SecAdmin(RACF_remote r)
              throws SecAdminException
Constructs RACF_SecAdmin for a remote RACF accessed using LDAP/SDBM. Java code using RACF_SecAdmin may reside on z/OS or off-platform.

Throws:
SecAdminException
Method Detail

BasicAttributestoTreeMap

public static TreeMap BasicAttributestoTreeMap(BasicAttributes ba)
                                        throws SecAdminException
Takes attributes in BasicAttributes object and places in TreeMap, thereby sorting attributes alphabetically. The key for each attribute placed in TreeMap is the attribute's id (name), thereby sorting the attributes alphabetically.

Parameters:
ba - BasicAttributes
Returns:
TreeMap of BasicAttribute objects that were in input BasicAttributes
Throws:
SecAdminException

clone_user

public void clone_user(String orig_user,
                       String copy_user)
                throws SecAdminException
Creates a new user with same attributes as an existing user. The following attributes are NOT duplicated: BASE_PASSWORD, PROXY_BINDPW, BASE_UAUDIT, KERB_KERBNAME LNOTES_SNAME, NDS_UNAME and OMVS_UID. BASE_PASSWORD and PROXY_BINDPW are not duplicated for security reasons. BASE_UAUDIT is not allowed to be set on userid creation. KERB_KERBNAME, LNOTES_SNAME, and NDS_UNAME must be unique values across the system. OMVS_UID being unique per user is so often a desired condition, that it will not be copied as part of clone_user. clone_user does NOT make the new user a member of any group (other than default group).

Parameters:
orig_user - Userid of existing RACF user
copy_user - Userid for new user to be created
Throws:
SecAdminException

createGroup

public UserGroup createGroup(String groupname,
                             BasicAttributes input_at)
                      throws SecAdminException
Description copied from interface: SecAdmin
Creates a new group in security repository with specified attributes

Specified by:
createGroup in interface SecAdmin
Parameters:
groupname - Identifier for group, such as: name, dn, group id
input_at - Attributes of group, such as: owner, gid
Returns:
UserGroup object for new group
Throws:
SecAdminException

createUser

public User createUser(String username,
                       BasicAttributes input_at)
                throws SecAdminException
Description copied from interface: SecAdmin
Creates a new user in security repository with specified attributes

Specified by:
createUser in interface SecAdmin
Parameters:
username - String to represent user, such as: userid, dn
input_at - Attributes of user, such as: email address, full name, account number. Can be null.
Returns:
User object for new user
Throws:
SecAdminException

deleteGroup

public void deleteGroup(String groupname)
                 throws SecAdminException
Description copied from interface: SecAdmin
Deletes existing group from security repository

Specified by:
deleteGroup in interface SecAdmin
Parameters:
groupname - Identifier for group, such as: name, dn, group id
Throws:
SecAdminException

deleteUser

public void deleteUser(String username)
                throws SecAdminException
Description copied from interface: SecAdmin
Deletes existing user from security repository

Specified by:
deleteUser in interface SecAdmin
Parameters:
username - String to represent user, such as: userid, dn
Throws:
SecAdminException

displayAttributes

public static void displayAttributes(BasicAttributes ba)
                              throws SecAdminException
Displays attributes, one on each line, in alphabetical order to standard out.

Parameters:
ba - BasicAttributes
Throws:
SecAdminException

displayAttributes

public static void displayAttributes(BasicAttributes ba,
                                     PrintStream ps)
                              throws SecAdminException
Displays attributes, one on each line, in alphabetical order to input PrintStream.

Parameters:
ba - BasicAttributes
ps - PrintStream
Throws:
SecAdminException

getGroup

public UserGroup getGroup(String groupname)
                   throws SecAdminException
Description copied from interface: SecAdmin
Gets UserGroup object for an existing group

Specified by:
getGroup in interface SecAdmin
Parameters:
groupname - String to represent group, such as: name of group, dn
Returns:
UserGroup object
Throws:
SecAdminException

getUser

public User getUser(String username)
             throws SecAdminException
Description copied from interface: SecAdmin
Gets User object for an existing user

Specified by:
getUser in interface SecAdmin
Parameters:
username - String to represent user, such as: userid, dn
Returns:
User object
Throws:
SecAdminException

modifyGroup

public void modifyGroup(String groupname,
                        ModificationItem[] mod)
                 throws SecAdminException
Description copied from interface: SecAdmin
changes, adds or deletes attributes of an existing group

Specified by:
modifyGroup in interface SecAdmin
Parameters:
groupname - Identifier for group, such as: name, dn, group id
mod - Array of modifications (each modification could be deleting, changing the value of, or adding an attribute)
Throws:
SecAdminException

modifyUser

public void modifyUser(String username,
                       ModificationItem[] mod)
                throws SecAdminException
Description copied from interface: SecAdmin
changes, adds or deletes attributes of an existing user

Specified by:
modifyUser in interface SecAdmin
Parameters:
username - String to represent user, such as: userid, dn
mod - Array of modifications (each modification could be deleting, changing the value of, or adding an attribute)
Throws:
SecAdminException