com.ibm.itim.apps.identity
Class RoleMO

java.lang.Object
  |
  +--com.ibm.itim.apps.identity.RoleMO

public class RoleMO
extends java.lang.Object

Managed object representing an organizational role, either static or dynamic.


Constructor Summary
RoleMO(PlatformContext platform, javax.security.auth.Subject subject, DistinguishedName name)
          Constructs the the managed object with a platform context, a subject, and the distinguished name of the object to manage.
 
Method Summary
 Request addMember(PersonMO member, java.util.Date scheduledTime)
          Adds a new member to the specified role.
 OrganizationalContainerMO getContainer()
          Returns the current parent container in the tree.
 Role getData()
          Returns a current snapshot of the data defining the provisionng object.
 DistinguishedName getDistinguishedName()
          Returns the distinguished name of the managed object
 java.util.Collection getMembers()
          Retrieves the members of the role.
 void getMembers(SearchResultsMO results)
          Retrieves the members of the role.
 Request remove(java.util.Date scheduledTime)
          Removes the managed object from the provisioning platform.
 Request removeMember(PersonMO member, java.util.Date scheduledTime)
          Removes a member from the role.
 Request update(Role r, java.util.Date scheduledTime)
          Updates the managed object.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RoleMO

public RoleMO(PlatformContext platform,
              javax.security.auth.Subject subject,
              DistinguishedName name)
Constructs the the managed object with a platform context, a subject, and the distinguished name of the object to manage.
Parameters:
platform - PlatformContext holding platform connection information.
subject - Subject representing the authenticated caller.
name - DistinguishedName identifying the container.
Method Detail

getDistinguishedName

public DistinguishedName getDistinguishedName()
Returns the distinguished name of the managed object
Returns:
DistinguishedName of the managed object.

getData

public Role getData()
             throws java.rmi.RemoteException,
                    ApplicationException
Returns a current snapshot of the data defining the provisionng object.
Returns:
Role object holding attribute information.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if unable to retrieve data.

getContainer

public OrganizationalContainerMO getContainer()
                                       throws java.rmi.RemoteException,
                                              ApplicationException,
                                              AuthorizationException
Returns the current parent container in the tree.
Returns:
OrganizationalContainerMO representing the parent container.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if unable to retrieve parent.

remove

public Request remove(java.util.Date scheduledTime)
               throws AuthorizationException,
                      ApplicationException,
                      java.rmi.RemoteException
Removes the managed object from the provisioning platform. The removal of the role will not be allowed if a provisioning policy references it. For static roles only, the removal will not be allowed if there are existing members in the role.
Parameters:
scheduledTime - Date holding the time the operation is to be executed. Only applicable to dynamic role.
Returns:
Request object representing the operation's status. NULL when it's an organizational role removal.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to remove the role.
ApplicationException - Thrown if unable to remove the role. This may possibly be caused by a provisioning policy still referencing the role, or by the presence of members if the role is static.

update

public Request update(Role r,
                      java.util.Date scheduledTime)
               throws java.rmi.RemoteException,
                      AuthorizationException,
                      SchemaViolationException,
                      ApplicationException
Updates the managed object. A Role value object is provided with the changes to make.
Parameters:
r - Role value object with changes to make.
scheduledTime - Date holding the time the operation is to be executed. Only applicable to dynamic role.
Returns:
Request object representing the operation's status. NULL when it's an organizational role modification.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to change the role. Note, even if only one of the attributes being changed is not writeable for the client, the entire request will fail and this exception will be thrown.
ApplicationException - Thrown if unable to update the role. This may possibly be caused by the role being removed by another client previous to this call.

getMembers

public java.util.Collection getMembers()
                                throws java.rmi.RemoteException,
                                       ApplicationException
Retrieves the members of the role. Note, only members the client is authorized to search and members the client is authorized role assignment knowledge of will be returned. No AuthorizationException will be thrown, only a reduced list will be returned.
Returns:
Collection of PersonMO's representing the role's members.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if unable to retrieve members of the role. This may possibly be caused by the role being removed by another client previous to this call.

getMembers

public void getMembers(SearchResultsMO results)
                throws java.rmi.RemoteException,
                       ApplicationException
Retrieves the members of the role. Note, only members the client is authorized to search and members the client is authorized role assignment knowledge of will be returned. No AuthorizationException will be thrown, only a reduced list will be returned.
Parameters:
results - SearchResultsMO to hold the results of the search. Note, if the SearchResultsMO object was constructed using a different user context, that context will be changed to match the context of this object.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if unable to retrieve members of the role. This may possibly be caused by the role being removed by another client previous to this call.

addMember

public Request addMember(PersonMO member,
                         java.util.Date scheduledTime)
                  throws java.rmi.RemoteException,
                         AuthorizationException,
                         ApplicationException
Adds a new member to the specified role.
Parameters:
member - PersonMO representing the new member.
scheduledTime - Date holding the time the operation is to be executed.
Returns:
Request object representing the operation's status.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to change the role or change the role assignment of the user.
ApplicationException - Thrown if unable to update the role membership. This may possibly be caused by the role or member being removed by another client previous to this call.

removeMember

public Request removeMember(PersonMO member,
                            java.util.Date scheduledTime)
                     throws java.rmi.RemoteException,
                            AuthorizationException,
                            ApplicationException
Removes a member from the role.
Parameters:
member - PersonMO representing the member to remove.
scheduledTime - Date holding the time the operation is to be executed.
Returns:
Request object representing the operation's status.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to change the role or change the role assignment of the user.
ApplicationException - Thrown if unable to update the role membership. This may possibly be caused by the role or member being removed by another client previous to this call.