30.2 Role API

This section provides details about the methods available with the Role Web service. This API presumes you’re using Java code generated by the WSSDK toolkit. The API will be different if you’re using another Web Service toolkit.

30.2.1 IRemoteRole

This section provides reference information for each method associated with the IRemoteRole interface.

createResourceAssociation

Create a resource association and return the resource association object with the newly created resource association DN.

Syntax: Here is the method signature:

ResourceAssociation createResourceAssociation(com.novell.idm.nrf.soap.ws.ResourceAssociation resourceAssociation)
        throws com.novell.idm.nrf.soap.ws.NrfServiceException, java.rmi.RemoteException;

deleteResourceAssociation

Deletes a resource association object.

Syntax: Here is the method signature:

void deleteResourceAssociation(com.novell.idm.nrf.soap.ws.DNString resourceAssociationDn)
        throws com.novell.idm.nrf.soap.ws.NrfServiceException, java.rmi.RemoteException;

getResourceAssociations

Retrieves resource association objects for a given role DN or resource DN. If the roleDn and resourceDn parameters are null, the entire list is returned.

Syntax: Here is the method signature:

ResourceAssociation[] getResourceAssociations(com.novell.idm.nrf.soap.ws.DNString roleDn, com.novell.idm.nrf.soap.ws.DNString resourceDn)
        throws com.novell.idm.nrf.soap.ws.NrfServiceException, java.rmi.RemoteException;

Create Role

Creates a new role according to the specified parameters and returns the DN of the created role.

A correlation ID is generated automatically for this method that uses this format:

UserApp#RemoteRoleRequest#xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

The correlation ID is used for auditing.

Syntax: Here is the method signature:

public DNString createRole(RoleRequest role)
            throws NrfServiceException, RemoteException;

createRoleAid

Creates a new role with a correlation ID that you provide. The correlation ID is used for auditing to link a set of related roles. This method returns the DN of the created role.

Syntax: Here is the method signature:

public DNString createRoleAid (RoleRequest role, String correlationId)
            throws NrfServiceException, RemoteException;

findRoleByExampleWithOperator

Finds an array of Role objects based on the search criteria specified in the given Role object. This method also lets you specify whether to use AND as the operator for multi-value searches.

Syntax: Here is the method signature:

RoleArray findRoleByExampleWithOperator(Role searchCriteria, boolean useAndForMultiValueSearch) throws NrfServiceException, java.rmi.RemoteException 

This method follows a query by example approach. It allows you to populate a Role object to specify the desired search criteria. An AND operation is always used across multiple attributes within the Role search object. For example, you might provide a value for the name and description attributes, which indicates that the criteria for both attributes must be satisfied for a successful search.

The second parameter (useAndForMultiValueSearch) allows you to specify which operator should be used for multi-valued attributes (such as when multiple child roles are provided). A value of true indicates that AND should be used for these operations, whereas a value of false indicates that OR should be used.

Not all attributes in the Role object can be used for the search expression. Values found in the non-supported search attributes are ignored.

Table 30-1 Guidelines for Defining Search Criteria in the Role Object

Attribute

Supported?

Description

approvers

Yes

Uses a standard LDAP equal operator for the search. You can enter multiple approvers and use the operator parameter to determine whether an AND or an OR is used for the multi-valued search. You need to provide valid Dns for the approvers. Note that an approver is made up of multiple parts. It is of type TypedNameSyntax. You need to specify the sequence number of the approver to execute a successful search. This is a limitation in LDAP.

Sample SOAP Request:

<ser:findRoleByExampleWithOperatorRequest>                <ser:role>
  <ser:approvers>
   <!--Zero or more repetitions:-->
   <ser:approver>                   <ser:approverDN>cn=ablake,ou=users,ou=medical-idmsample,o=netiq</ser:approverDN>
    <ser:sequence>1</ser:sequence>   
   </ser:approver>
  </ser:approvers>     
 </ser:role>
 <ser:operator>false</ser:operator>     
</ser:findRoleByExampleWithOperatorRequest>

The example above shows how to find roles that have the specified approver associated with them. An OR search is used since the operator parameter is set to false.

childRoles

Yes

Uses a standard LDAP equal operator for the search. You can enter multiple child roles and use the operator parameter to determine whether an AND or an OR is used for the multi-valued search. You need to provide valid Dns for the child roles.

Sample SOAP Request:

<ser:findRoleByExampleWithOperatorRequest>          <ser:role>
  <ser:childRoles>
   <!--Zero or more repetitions:-->
   <ser:dnstring>                      <ser:dn>cn=Doctor,cn=Level20,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=PicassoDriver,cn=TestDrivers,o=netiq</ser:dn>
    </ser:dnstring>
   <ser:dnstring>                      <ser:dn>cn=Nurse,cn=Level20,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=PicassoDriver,cn=TestDrivers,o=netiq</ser:dn>
   </ser:dnstring>
  </ser:childRoles>
 </ser:role>
 <ser:operator>false</ser:operator>
</ser:findRoleByExampleWithOperatorRequest>

The example above shows how to find roles with a child role of “Doctor” or “Nurse. An OR search is used since the operator parameter is set to false.

description

Yes

Uses an LDAP contains search. All entries are prefixed and suffixed with the * (wild card character). Therefore, a search for “Doctor” translates to “*Doctor*”. This is to accommodate searches across any localized language.

Sample SOAP Request:

<ser:findRoleByExampleWithOperatorRequest>          <ser:role>
  <ser:description>Doctor</ser:description>
 </ser:role>
 <ser:operator>false</ser:operator>
</ser:findRoleByExampleWithOperatorRequest>

The example above shows how to find roles with a description of “Doctor”. This description string results in a search string of “*Doctor*”.

entityKey

Yes

If entered, this attribute causes a getRole operation to be performed. All other search criteria are ignored in this case.

Sample SOAP Request:

<ser:findRoleByExampleWithOperatorRequest>          <ser:role>              <ser:entityKey>cn=Doctor,cn=Level20,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=PicassoDriver,cn=TestDrivers,o=netiq</ser:entityKey>
 </ser:role>
 <ser:operator>false</ser:operator>
</ser:findRoleByExampleWithOperatorRequest>

The example above shows how to retrieve a role with a specific entity key.

implicitContainers

Yes

Uses a standard LDAP equal operator for the search. You can enter multiple implicit containers and use the operator parameter to determine whether an AND or an OR will be used for the multi-valued search. You need to provide valid Dns for the implicit containers.

Sample SOAP Request:

<ser:findRoleByExampleWithOperatorRequest>          <ser:role>
  <ser:implicitContainers>
   <!--Zero or more repetitions:-->
   <ser:dnstring>
    <ser:dn>ou=medical-idmsample,o=netiq</ser:dn>                  </ser:dnstring>
  </ser:implicitContainers>
 </ser:role>
 <ser:operator>false</ser:operator>
</ser:findRoleByExampleWithOperatorRequest>

The example above shows how to find roles that have the specified implicit container associated with them. An OR search is used since the operator parameter is set to false.

implicitGroups

Yes

Uses a standard LDAP equal operator for the search. You can enter multiple implicit groups and use the operator parameter to determine whether an AND or an OR will be used for the multi-valued search. You need to provide valid Dns for the implicit groups.

Sample SOAP Request:

<ser:findRoleByExampleWithOperatorRequest>          <ser:role>
  <ser:implicitGroups>
   <!--Zero or more repetitions:-->                  <ser:dnstring>                      <ser:dn>cn=HR,ou=groups,ou=medical-idmsample,o=netiq</ser:dn>
   </ser:dnstring>
  </ser:implicitGroups>
 </ser:role>
 <ser:operator>false</ser:operator>
</ser:findRoleByExampleWithOperatorRequest>

The example above shows how to find roles that have the specified implicit group associated with them. An OR search is used since the operator parameter is set to false.

name

Yes

Uses an LDAP contains search. All entries will be prefixed and suffixed with the * (wild card character). Therefore, a search for “Doctor” translates to “*Doctor*”. This is to accommodate searches across any localized language.

Sample SOAP Request:

<ser:findRoleByExampleWithOperatorRequest>          <ser:role>
  <ser:name>Doctor</ser:name>
 </ser:role>
 <ser:operator>false</ser:operator>
</ser:findRoleByExampleWithOperatorRequest>

The above example shows how to find roles with a name of “Doctor”. The name string results in a search string of “*Doctor*”.

owners

Yes

Uses a standard LDAP equal operator for the search. You can enter multiple owners and use the operator parameter to determine whether an AND or an OR is used for the multi-valued search. You must provide valid Dns for the owners.

SoapUI Example Request:

<ser:findRoleByExampleWithOperatorRequest>          <ser:role>
  <ser:owners>
   <!--Zero or more repetitions:-->                  <ser:dnstring>                      <ser:dn>cn=ablake,ou=users,ou=medical-idmsample,o=netiq</ser:dn>
   </ser:dnstring>
   <ser:dnstring>                      <ser:dn>cn=mmackenzie,ou=users,ou=medical-idmsample,o=netiq</ser:dn>
   </ser:dnstring>
  </ser:owners>
 </ser:role>
 <ser:operator>true</ser:operator>
</ser:findRoleByExampleWithOperatorRequest>   

The example above shows how to find roles that have the specified owners. An AND search is used since the operator parameter is set to true.

parentRoles

Yes

Uses a standard LDAP equal operator for the search. You can enter multiple parent roles and use the operator parameter to determine whether an AND or an OR is used for the multi-valued search. You must provide valid Dns for the parent roles.

Sample SOAP Request:

<ser:findRoleByExampleWithOperatorRequest>          <ser:role>
  <ser:parentRoles>
   <!--Zero or more repetitions:-->                  <ser:dnstring>
    <ser:dn>cn=Doctor-East,cn=Level30,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=PicassoDriver,cn=TestDrivers,o=netiq</ser:dn>
   </ser:dnstring>
   <ser:dnstring>
    <ser:dn>cn=Doctor-West,cn=Level30,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=PicassoDriver,cn=TestDrivers,o=netiq</ser:dn>
   </ser:dnstring>
  </ser:parentRoles>
 </ser:role>
 <ser:operator>true</ser:operator>
</ser:findRoleByExampleWithOperatorRequest>   

The example above shows how to find roles that have the specified parent roles. An AND search is used since the operator parameter is set to true.

quorum

Yes

Uses a standard LDAP equal operator for the search.

Sample SOAP Request:

<ser:findRoleByExampleWithOperatorRequest>          <ser:role>
  <ser:quorum>50%</ser:quorum>
 </ser:role>
 <ser:operator>false</ser:operator>
</ser:findRoleByExampleWithOperatorRequest>

The example above shows how to find roles with the specified quorum search string. The search string can include the wild card character (“*”).

requestDef

Yes

Uses a standard LDAP equal operator for the search. You must provide a valid DN for the request definition.

Sample SOAP Request:

<ser:findRoleByExampleWithOperatorRequest>          <ser:role>
  <ser:requestDef>cn=Role Approval,cn=RequestDefs,cn=AppConfig,cn=PicassoDriver,cn=TestDrivers,o=netiq</ser:requestDef>
 </ser:role>
 <ser:operator>false</ser:operator>
</ser:findRoleByExampleWithOperatorRequest>

The example above shows how to find roles with the specified request definition DN.

roleCategoryKeys

Yes

Uses a standard LDAP equal operator for the search. You can enter multiple category keys and use the operator parameter to determine whether an AND or an OR is used for the multi-valued search.

Sample SOAP Request:

<ser:findRoleByExampleWithOperatorRequest>           <ser:role>
  <ser:roleCategoryKeys>
   <!--Zero or more repetitions:-->                  <ser:categorykey>                      <ser:categoryKey>doctor</ser:categoryKey>
   </ser:categorykey>
   <ser:categorykey>                      <ser:categoryKey>nurse</ser:categoryKey>                  </ser:categorykey>
  </ser:roleCategoryKeys>
 </ser:role>
 <ser:operator>false</ser:operator>
</ser:findRoleByExampleWithOperatorRequest>

The example above shows how to find roles with a category of “doctor” or “nurse. An OR search is used since the operator parameter is set to false.

roleLevel

Yes

Uses a standard LDAP equal operator for the search. You can only enter one level at a time.

Sample SOAP Request:

<ser:findRoleByExampleWithOperatorRequest>         <ser:role>
  <ser:roleLevel>
   <ser:level>10</ser:level>
  </ser:roleLevel>
 </ser:role>
   <ser:operator>false</ser:operator>
</ser:findRoleByExampleWithOperatorRequest>

The example above shows how to find all level 10 roles.

associatedRoles

No

Not supported.

entitlementRef

No

Not supported.

roleAssignments

No

Not supported.

systemRole

No

Not supported.

findSodByExample

Finds all SoD objects based on the search criteria in the given SOD object.

Syntax: Here is the method signature:

SodArray findSodByExample(Sod sod) throws NrfServiceException, java.rmi.RemoteException

findSodByExampleWithOperator

Finds all SoD objects based on the search criteria found in the given SOD object. This method also lets you specify whether to use And as the operator for multi-value searches.

Syntax: Here is the method signature:

SodArray findSodByExampleWithOperator(Sod searchCriteria, boolean useAndForMultiValueSearch) throws NrfServiceException, java.rmi.RemoteException 

findSodById

Find by key.

Syntax: Here is the method signature:

Sod findSodById(java.lang.String entityKey) throws NrfServiceException, java.rmi.RemoteException 

getAssignedIdentities

Returns returns the list of identities having a particular role DN.

Syntax: Here is the method signature:

RoleAssignment[] getAssignedIdentities(java.lang.String roleDN, IdentityType identityType, boolean directAssignOnly)

getConfigProperty

Retrieves configuration properties stored in the identity applications configuration XML files by passing in a configuration property key or macro name.

Syntax: Here is the method signature:

public ConfigProperty getConfigProperty(String configPropertyKey) throws NrfServiceException, RemoteException;

The configPropertyKey parameter can accept a fully qualified configuration key name from any of the configuration XML files, such as the following:

DirectoryService/realms/jndi/params/USER_ROOT_CONTAINER

Alternativelly, the configPropertyKey parameter can accept a macro name that references a fully qualified configuration key name. The following macro names are allowed:

Table 30-2 Macro Names Allowed

Configuration Macro Name

Configuration Key Value

USER_CONTAINER

DirectoryService/realms/jndi/params/USER_ROOT_CONTAINER

GROUP_CONTAINER

DirectoryService/realms/jndi/params/GROUP_ROOT_CONTAINER

ROOT_CONTAINER

DirectoryService/realms/jndi/params/ROOT_NAME

PROVISIONING_DRIVER

DirectoryService/realms/jndi/params/PROVISIONING_ROOT

getConfiguration

Returns the role system configuration defined in the Role Catalog root (nrfConfiguration).

Syntax: Here is the method signature:

Configuration getConfiguration() throws NrfServiceException,                          java.rmi.RemoteException

getContainer

Gets container and role information for a given container DN.

Syntax: Here is the method signature:

Container getContainer(java.lang.String containerDn)                       throws NrfServiceException, java.rmi.RemoteException

getExceptionList

Returns a list of Sod instances for all SOD violations found for a specific identity and type.

Syntax: Here is the method signature:

SodArray getExceptionsList(java.lang.String identity, IdentityType identityType) throws NrfServiceException, java.rmi.RemoteException

getGroup

Gets group and role information for a given group DN.

Syntax: Here is the method signature:

Group getGroup(java.lang.String groupDn) throws NrfServiceException, java.rmi.RemoteException

getIdentitiesInViolation

Returns a map of identities which are in violation of a given SoD.

Syntax: Here is the method signature:

IdentityTypeDnMapArray getIdentitiesInViolation(java.lang.String sodDn) throws NrfServiceException, java.rmi.RemoteException

getIdentityRoleConflicts

Returns a list of Sod instances for all SOD conflicts found for a given list of roles for a given identity.

Syntax: Here is the method signature:

SodArray getIdentityRoleConflicts(java.lang.String identity, IdentityType identityType, DNStringArray requestedRoles) throws NrfServiceException, java.rmi.RemoteException

getRole

Retrieves a role object defined by a role DN. Returns several role attributes, such as name, dn, description, role level. Returns child roles, assigned containers, and assigned groups. However, this API does not return assigned users. If you want assigned users, use the getAssignedIdentities API with USER for identityType and true for directAssignOnly.

Syntax: Here is the method signature:

Role getRole(java.lang.String roleDn) throws NrfServiceException, java.rmi.RemoteException  

getRoleAssignmentRequestStatus

Returns a list of role assignment request status instances given a correlation ID.

Syntax: Here is the method signature:

RoleAssignmentRequestStatusArray getRoleAssignmentRequestStatus(java.lang.String correlationId) throws NrfServiceException, java.rmi.RemoteException 

getRoleAssignmentRequestStatusByIdentityType

Returns a list of role assignment request status instances given an identity and an identity type.

Syntax: Here is the method signature:

RoleAssignmentRequestStatusArray getRoleAssignmentRequestStatusByIdentityType(java.lang.String identityDn, IdentityType identityType) throws NrfServiceException, java.rmi.RemoteException

getRoleAssignmentTypeInfo

Retrieves details about a RoleAssignmentType.

Syntax: Here is the method signature:

RoleAssignmentTypeInfo getRoleAssignmentTypeInfo(RoleAssignmentType type) throws NrfServiceException, java.rmi.RemoteException 

getRoleCategories

Gets role categories.

Syntax: Here is the method signature:

CategoryArray getRoleCategories() throws NrfServiceException, java.rmi.RemoteException 

getRoleConflicts

Returns a list of Sod instances found for all given roles. This method always returns a list.

Syntax: Here is the method signature:

SodArray getRoleConflicts(DNStringArray roles) throws NrfServiceException, java.rmi.RemoteException

getRoleLevels

Gets the role levels.

Syntax: Here is the method signature:

RoleLevelArray getRoleLevels() throws NrfServiceException, java.rmi.RemoteException

getRoleLocalizedStrings

Gets role localized strings, such as names and descriptions. The method takes an integer parameter that allows you to specify the type of the string. The number 1 indicates names; the number 2 indicates descriptions.

Syntax: Here is the method signature:

public LocalizedValue[] getRoleLocalizedStrings(DNString roleDn, int type)
            throws NrfServiceException, RemoteException;

getRolesInfo

Returns a list of RoleInfo instances given a list of role DNs.

Syntax: Here is the method signature:

RoleInfoArray getRolesInfo(DNStringArray roleDns) throws NrfServiceException, java.rmi.RemoteException

getRolesInfoByCategory

Returns a list of RoleInfo instances given a list of role category keys.

Syntax: Here is the method signature:

RoleInfoArray getRolesInfoByCategory(CategoryKeyArray roleCategoryKeys) throws NrfServiceException, java.rmi.RemoteException

getRolesInfoByLevel

Returns a list of RoleInfo instances given a list of role levels.

Syntax: Here is the method signature:

RoleInfoArray getRolesInfoByLevel(LongArray roleLevels) throws NrfServiceException, java.rmi.RemoteException

getTargetSourceConflicts

Returns a list of Sod instances for all SOD conflicts defined between the target role DN and the source role DN.

Syntax: Here is the method signature:

SodArray getTargetSourceConflicts(java.lang.String targetName, java.lang.String sourceName) throws NrfServiceException, java.rmi.RemoteException 

getUser

Gets user info including all role assignments for a given user DN stored in a UserIdentity object.

Syntax: Here is the method signature:

User getUser(java.lang.String userDn) throws NrfServiceException, java.rmi.RemoteException

getVersion

Returns the version of this Web Service.

Syntax: Here is the method signature:

VersionVO getVersion() throws java.rmi.RemoteException

isUserInRole

Returns boolean flag; true if role has been assigned to a User identity.

Syntax: Here is the method signature:

boolean isUserInRole(java.lang.String userDn, java.lang.String roleDn)

modifyRole

Modifies a role definition. This method does not update localized strings. Use the getRoleLocalizedStrings(DNString roleDn, LocalizedString[] locStrings, int strType) method to update localized names or descriptions for a role.

A correlation ID is generated automatically for this method that uses this format:

UserApp#RemoteRoleRequest#xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

The correlation ID is used for auditing.

Syntax: Here is the method signature:

public Role modifyRole(Role role)
            throws NrfServiceException, RemoteException;

modifyRoleAid

Modifies a role definition with a correlation ID that you provide. The correlation ID is used for auditing to link a set of related roles. This method does not update localized strings. Use the getRoleLocalizedStrings(DNString roleDn, LocalizedString[] locStrings, int strType) method to update localized names or descriptions for a role.

Syntax: Here is the method signature:

public Role modifyRoleAid(Role role, String correlationId)
            throws NrfServiceException, RemoteException;

removeRoles

Deletes specified roles from the Role Catalog and returns an array of DNs for the deleted roles as a confirmation.

A correlation ID is generated automatically for this method that uses this format:

UserApp#RemoteRoleRequest#xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

The correlation ID is used for auditing.

Syntax: Here is the method signature:

public DNString[] removeRoles(DNString[] roleDns)
            throws NrfServiceException, RemoteException;

removeRolesAid

Deletes specified roles from the Role Catalog with a correlation ID that you provide. The correlation ID is used for auditing to link a set of related roles. This method returns an array of DNs for the deleted roles as a confirmation.

Syntax: Here is the method signature:

public DNString[] removeRolesAid(DNString[] roleDns, String correlationId)
            throws NrfServiceException, RemoteException;

requestRolesAssignment

Returns a list of request DNs created by the role assignment. Be aware that the role assignment expires only if the role is assigned to a user and not when it is assigned to a group or a container.

If you do not want to supply date (effective or expiration) for role assignments with the requestRolesAssignment endpoint, then you must remove these two elements from the SOAP call. They must not be included with empty tags:

<ser:effectiveDate/> 
<ser:expirationDate/>

If you want to omit the effective date or the expiration date, a request similar to the following will work:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://www.netiq.com/role/service">
   <soapenv:Header/>
   <soapenv:Body>
      <ser:requestRolesAssignmentRequest>
         <!--Optional:-->
         <ser:assignRequest>
            <ser:actionType>grant</ser:actionType>
            <ser:assignmentType>USER_TO_ROLE</ser:assignmentType>
            <ser:correlationID>testpolina</ser:correlationID>
            <ser:identity>cn=uaadmin,ou=sa,o=data</ser:identity>
            <ser:originator/>
            <ser:reason>test without expiration date</ser:reason>
            <ser:roles>
               <!--Zero or more repetitions:-->
               <ser:dnstring>
                  <ser:dn>cn=test2
id,cn=Level10,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=User Application
Driver,cn=driverset1,o=system</ser:dn>
               </ser:dnstring>
            </ser:roles>
            <ser:sodOveridesRequested/>
         </ser:assignRequest>
      </ser:requestRolesAssignmentRequest>
   </soapenv:Body>
</soapenv:Envelope>

With that said, without the these two elements in the soap request, the request will not validate. It will work, but will not validate.

Syntax: Here is the method signature:

DNStringArray requestRolesAssignment(RoleAssignmentRequest roleAssignmentRequest) throws NrfServiceException, java.rmi.RemoteException

setRoleLocalizedStrings

Sets role localized strings, such as names and descriptions.

A correlation ID is generated automatically for this method that uses this format:

UserApp#RemoteRoleRequest#xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

The correlation ID is used for auditing.

Syntax: Here is the method signature:

public LocalizedValue[] setRoleLocalizedStrings(DNString roleDn, LocalizedValue[] locStrings, int type)
            throws NrfServiceException, RemoteException;

setRoleLocalizedStringsAid

Sets role localized strings, such as name and description, with a correlation ID that you provide. The correlation ID is used for auditing to link a set of related roles.

Syntax: Here is the method signature:

public LocalizedValue[] setRoleLocalizedStringsAid(DNString roleDn, String correlationId, LocalizedValue[] locStrings, int type)
            throws NrfServiceException, RemoteException;

30.2.2 Approver

Class to hold the approver information for SOD or normal request approvals.

Approver constructors

The Approver class supports a single constructor.

Syntax: Here is the syntax for the constructor:

Approver()

getApproverDN

Gets the approver DN.

Syntax: Here is the method signature:

public java.lang.String getApproverDN()

getSequence

Gets the approver sequence.

Syntax: Here is the method signature:

public long getSequence()

setApproverDN

Sets the approver DN.

Syntax: Here is the method signature:

public void setApproverDN(java.lang.String approverDN)

setSequence

Sets the approver sequence.

Syntax: Here is the method signature:

public void setSequence(long sequence)

30.2.3 ApproverArray

This section provides reference information on the ApproverArray class.

ApproverArray constructors

The ApproverArray class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

ApproverArray()

Syntax 2: Here is the syntax for a constructor that takes an array of Attribute objects as a parameter:

ApproverArray(Approver[] ApproverVal)

getApprover

Returns an array of Approver objects.

Syntax: Here is the method signature:

Approver[] getApprover()

setApprover

Sets the array of Approver objects associated with the ApproverArray class.

Syntax: Here is the method signature:

void setApprover (Approver[] ApproverVal)

30.2.4 Category

Class to represent a role category.

Category constructors

The Category class supports a single constructor.

Syntax: Here is the syntax for the constructor:

Category()

getCategoryKey

Gets the category key.

Syntax: Here is the method signature:

public java.lang.String getCategoryKey()

getCategoryLabel

Gets the category label.

Syntax: Here is the method signature:

public java.lang.String getCategoryLabel()

setCategoryKey

Sets the category key.

Syntax: Here is the method signature:

public void setCategoryKey(java.lang.String categoryKey)

setCategoryLabel

Sets the category label.

Syntax: Here is the method signature:

public void setCategoryLabel(java.lang.String categoryLabel)

30.2.5 CategoryArray

This section provides reference information on the CategoryArray class.

CategoryArray constructors

The CategoryArray class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

CategoryArray()

Syntax 2: Here is the syntax for a constructor that takes an array of Category objects as a parameter:

CategoryArray(Category[] CategoryVal)

getCategory

Returns an array of Category objects.

Syntax: Here is the method signature:

Category[] getCategory()

setCategory

Sets the array of Category objects associated with the CategoryArray class.

Syntax: Here is the method signature:

void setCategory(Category[] CategoryVal)

30.2.6 CategoryKey

Class to hold a Category Key.

CategoryKey constructors

The CategoryKey class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

CategoryKey()

Syntax 2: Here is the syntax for a constructor that takes a String as a parameter:

CategoryKey(java.lang.String categoryKey)

getCategoryKey()

Gets the categoryKey.

Syntax: Here is the method signature:

public java.lang.String getCategoryKey()

setCategoryKey

Sets the category key.

Syntax: Here is the method signature:

public void setCategoryKey(java.lang.String categoryKey)

30.2.7 CategoryKeyArray

This section provides reference information on the CategoryKeyArray class.

CategoryKeyArray constructors

The CategoryKeyArray class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

CategoryKeyArray()

Syntax 2: Here is the syntax for a constructor that takes an array of CategoryKey objects as a parameter:

CategoryKeyArray(CategoryKey[] CategoryVal)

getCategorykey

Returns an array of Category objects.

Syntax: Here is the method signature:

CategoryKey[] getCategorykey()

setCategorykey

Sets the array of CategoryKey objects associated with the CategoryKeyArray class.

Syntax: Here is the method signature:

void setCategorykey(CategoryKey[] CategoryKeyVal)

30.2.8 Configuration

Class to represent the configuration object.

Configuration constructors

The Configuration class supports a single constructor.

Syntax: Here is the syntax for the constructor:

Configuration()

getDefaultRequestDef

Gets the default request definition.

Syntax: Here is the method signature:

public java.lang.String getDefaultRequestDef()

getDefaultSODRequestDef

Gets the default SOD request definition.

Syntax: Here is the method signature:

public java.lang.String getDefaultSODRequestDef()

getRemovalGracePeriod

Gets the removal grace period.

Syntax: Here is the method signature:

public int getRemovalGracePeriod()

getReportContainer

Gets the report container.

Syntax: Here is the method signature:

public java.lang.String getReportContainer()

getRoleLevels

Gets the role levels.

Syntax: Here is the method signature:

public RoleLevelArray getRoleLevels()

getRoleRequestContainer

Gets the role request container.

Syntax: Here is the method signature:

public java.lang.String getRoleRequestContainer()

getRolesContainer

Gets the role container.

Syntax: Here is the method signature:

public java.lang.String getRolesContainer()

getSODApprovers

Gets SOD approvers.

Syntax: Here is the method signature:

public ApproverArray getSODApprovers()

getSODContainer

Gets the SOD container.

Syntax: Here is the method signature:

public java.lang.String getSODContainer()

getSODQuorum

Gets the SOD quorum amount.

Syntax: Here is the method signature:

public java.lang.String getSODContainer()

getSODRequestDef

Gets the SOD request definition.

Syntax: Here is the method signature:

public java.lang.String getSODRequestDef()

setDefaultRequestDef

Sets the default request definition.

Syntax: Here is the method signature:

public void setDefaultRequestDef(java.lang.String defaultRequestDef)

setDefaultSODRequestDef

Sets the default SOD request definition.

Syntax: Here is the method signature:

public void setDefaultSODRequestDef(java.lang.String defaultSODRequestDef)

setRemovalGracePeriod

Sets the removal grace period.

Syntax: Here is the method signature:

public void setRemovalGracePeriod(int removalGracePeriod)

setReportContainer

Sets the report container.

Syntax: Here is the method signature:

public void setReportContainer(java.lang.String reportContainer)

setRoleLevels

Sets the role levels.

Syntax: Here is the method signature:

public void setRoleLevels(RoleLevelArray roleLevels)

setRoleRequestContainer

Sets the role request container.

Syntax: Here is the method signature:

public void setRoleRequestContainer(java.lang.String roleRequestContainer)

setRolesContainer

Sets the role container.

Syntax: Here is the method signature:

public void setRolesContainer(java.lang.String rolesContainer)

setSODApprovers

Sets the SoD approvers.

Syntax: Here is the method signature:

public void setSODApprovers(ApproverArray sODApprovers)

setSODContainer

Sets the SoD container.

Syntax: Here is the method signature:

public void setSODContainer(java.lang.String sODContainer)

30.2.9 Container

Class to represent a Container object.

Container constructors

The Container class supports a single constructor.

Syntax: Here is the syntax for the constructor:

Container()

getAssociatedRoles

Gets associated roles for this identity.

Syntax: Here is the method signature:

public DNStringArray getAssociatedRoles()

getEntityKey

Gets identity entity key.

Syntax: Here is the method signature:

public java.lang.String getEntityKey()

getIdentityType

Gets identity type.

Syntax: Here is the method signature:

public IdentityType getIdentityType()

getRoleAssignments

Gets role assignments for this identity.

Syntax: Here is the method signature:

public RoleAssignmentArray getRoleAssignments()

setAssociatedRoles

Sets the associated roles for this identity.

Syntax: Here is the method signature:

public void setAssociatedRoles(DNStringArray associatedRoles)

setEntityKey

Sets the identity entity key.

Syntax: Here is the method signature:

public void setEntityKey(java.lang.String entityKey)

setIdentityType

Sets the identity type.

Syntax: Here is the method signature:

public void setIdentityType(IdentityType identityType)

setRoleAssignments

Sets the role assignments for this identity.

Syntax: Here is the method signature:

public void setRoleAssignments(RoleAssignmentArray roleAssignments)

30.2.10 DNString

Class to hold a DN.

DNString constructors

The DNString class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

DNString()

Syntax 2: Here is the syntax for a constructor that takes a String as a parameter:

DNString(java.lang.String dn)

getDn

Gets the DN.

Syntax: Here is the method signature:

public java.lang.String getDn()

setDn

Sets the DN.

Syntax: Here is the method signature:

public void setDn(java.lang.String dn)

30.2.11 DNStringArray

This section provides reference information on the DNStringArray class.

DNStringArray constructors

The DNStringArray class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

DNStringArray()

Syntax 2: Here is the syntax for a constructor that takes an array of DNString objects as a parameter:

DNStringArray(DNString[] DNStringVal)

getDnstring

Returns an array of DNString objects.

Syntax: Here is the method signature:

DNString[] getDnstring()

setDnstring

Sets the array of DNString objects associated with the DNStringArray class.

Syntax: Here is the method signature:

void setDnstring(DNString[] DnstringVal)

30.2.12 Entitlement

Class to hold Entitlement information.

Entitlement constructors

The Entitlement class supports a single constructor.

Syntax: Here is the syntax for the constructor:

Entitlement()

getEntitlementDn

Gets the entitlement DN.

Syntax: Here is the method signature:

public java.lang.String getEntitlementDn()

getEntitlementParameters

Gets the entitlement parameters.

Syntax: Here is the method signature:

public java.lang.String getEntitlementParameters()

setEntitlementDn

Sets the entitlement DN.

Syntax: Here is the method signature:

public void setEntitlementDn(java.lang.String entitlementDn)

setEntitlementParameters

Sets the entitlement parameters.

Syntax: Here is the method signature:

public void setEntitlementParameters(java.lang.String entitlementParameters)

30.2.13 EntitlementArray

This section provides reference information on the EntitlementArray class.

EntitlementArray constructors

The EntitlementArray class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

EntitlementArray()

Syntax 2: Here is the syntax for a constructor that takes an array of Entitlement objects as a parameter:

EntitlementArray(Entitlement[] EntitlementVal)

getEntitlement

Returns an array of Entitlement objects.

Syntax: Here is the method signature:

Entitlement[] getEntitlement()

setEntitlement

Sets the array of Entitlement objects associated with the EntitlementArray class.

Syntax: Here is the method signature:

void setEntitlement(EntitlementArray EntitlementVal)

30.2.14 Group

Class to represent a Group object.

Group constructors

The Group class supports a single constructor.

Syntax: Here is the syntax for the constructor:

Group()

getAssociatedRoles

Gets associated roles for this identity.

Syntax: Here is the method signature:

public DNStringArray getAssociatedRoles()

getDescription

Gets group description.

Syntax: Here is the method signature:

public java.lang.String getDescription()

getEntityKey

Gets identity entity key.

Syntax: Here is the method signature:

public java.lang.String getEntityKey()

getIdentityType

Gets identity type.

Syntax: Here is the method signature:

public IdentityType getIdentityType()

getRoleAssignments

Gets role assignments for this identity.

Syntax: Here is the method signature:

public RoleAssignmentArray getRoleAssignments()

setAssociatedRoles

Sets the associated roles for this identity.

Syntax: Here is the method signature:

public void setAssociatedRoles(DNStringArray associatedRoles)

setDescription

Sets the group description.

Syntax: Here is the method signature:

public void setDescription(java.lang.String description)

setEntityKey

Sets the identity entity key.

Syntax: Here is the method signature:

public void setEntityKey(java.lang.String entityKey)

setIdentityType

Sets the identity type.

Syntax: Here is the method signature:

public void setIdentityType(IdentityType identityType)

setRoleAssignments

Sets the role assignments for this identity.

Syntax: Here is the method signature:

public void setRoleAssignments(RoleAssignmentArray roleAssignments)

30.2.15 IdentityType

An JAX-RPC friendly representation of com.novell.idm.nrf.api.IdentityType.

Table 30-3 Field summary

Type

Name

static IdentityType

CONTAINER

static IdentityType

GROUP

static IdentityType

ROLE

static IdentityType

USER

IdentityType constructors

The IdentityType class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

IdentityType()

Syntax 2: Here is the syntax for a constructor that takes a String as a parameter:

IdentityType(java.lang.String value)

convertToAPI

Reconstructs an API representation object from an RPC representation.

Syntax: Here is the method signature:

public com.novell.idm.nrf.api.IdentityType convertToAPI()

convertToRPC

Contructs an RPC friendly representation from an API object.

Syntax: Here is the method signature:

public static IdentityType convertToRPC(com.novell.idm.nrf.api.IdentityType type)

equals

This is an implementation of equals(). This implementation overrides the equals() method in java.lang.Object.

Syntax: Here is the method signature:

public boolean equals(java.lang.Object obj)

fromValue

This method is for WSSDK serialization.

Syntax: Here is the method signature:

public static IdentityType fromValue(java.lang.String value)

getValue

Gets the type.

Syntax: Here is the method signature:

public java.lang.String getValue()

hashCode

This is an implementation of hashCode(). This implementation overrides the hashCode() method in java.lang.Object.

Syntax: Here is the method signature:

public int hashCode()

setValue

Sets the type.

Syntax: Here is the method signature:

public void setValue(java.lang.String type)

toString

Implementation of toString() that returns a string representation of the class.

Syntax: Here is the method signature:

public java.lang.String toString()

30.2.16 IdentityTypeDnMap

Class to represent DNs grouped by identity type. Used for SOD violations.

IdentityTypeDnMap

The IdentityTypeDnMap class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

IdentityTypeDnMap()

Syntax 2: Here is the syntax for a constructor that takes a String as a parameter:

IdentityTypeDnMap(IdentityType identityType, DNStringArray dns)

getDns

Gets the DNs associated with the identity type.

Syntax: Here is the method signature:

public DNStringArray getDns()

getIdentityType

Gets identity type (USER, ROLE, GROUP, CONTAINER).

Syntax: Here is the method signature:

public IdentityType getIdentityType()

setDns

Sets the DNs to associate with the identity type.

Syntax: Here is the method signature:

public void setDns(DNStringArray dns)

setIdentityType

Sets the identity type (USER, ROLE, GROUP, or CONTAINER).

Syntax: Here is the method signature:

public void setIdentityType(IdentityType identityType)

30.2.17 IdentityTypeDnMapArray

This section provides reference information on the IdentityTypeDnMapArray class.

IdentityTypeDnMapArray constructors

The IdentityTypeDnMapArray class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

IdentityTypeDnMapArray()

Syntax 2: Here is the syntax for a constructor that takes an array of IdentityTypeDnMap objects as a parameter:

IdentityTypeDnMapArray(IdentityTypeDnMap[] IdentityTypeDnMapVal)

getIdentitytypednmap

Returns an array of IdentityTypeDnMap objects.

Syntax: Here is the method signature:

IdentityTypeDnMap[] getIdentitytypednmap()

setIdentitytypednmap

Sets the array of IdentityTypeDnMap objects associated with the IdentityTypeDnMapArray class.

Syntax: Here is the method signature:

void setIdentitytypednmap(IdentityTypeDnMap[] IdentityTypeDnMapVal)

30.2.18 LocalizedValue

The LocalizedValue class has been added to support management of localized strings for role definitions.

getValue

Returns a localized string value.

Syntax: Here is the method signature:

public String getValue()

setValue

Sets a localized string value.

Syntax: Here is the method signature:

public void setValue(final String value)

getLocale

Returns a string representaton of the Locale object.

Syntax: Here is the method signature:

public String getLocale()

setLocale

Sets a string representation of the Locale object.

Syntax: Here is the method signature:

public void setLocale()

30.2.19 LongArray

This section provides reference information on the LongArray class.

LongArray constructors

The LongArray class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

LongArray()

Syntax 2: Here is the syntax for a constructor that takes an array of Long objects as a parameter:

LongArray(long[] LongVal)

getLong

Returns an array of Long objects.

Syntax: Here is the method signature:

long[] getLong()

setLong

Sets the array of long objects associated with the LongArray class.

Syntax: Here is the method signature:

void setLong(LongArray LongVal)

30.2.20 NrfServiceException

This is the exception thrown by the remote Roles Web Service.

NrfServiceException constructors

The NrfServiceException class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

NrfServiceException()

Syntax 2: Here is the syntax for a constructor that takes a String as a parameter:

NrfServiceException(java.lang.String reason)

getReason

Returns the reason for the exception.

Syntax: Here is the method signature:

public java.lang.String getReason()

setReason

Sets the reason for the exception.

Syntax: Here is the method signature:

public void setReason(java.lang.String reason)

30.2.21 RequestCategoryType

An JAX-RPC friendly representation of com.novell.idm.nrf.persist.RequestCategoryType.

Table 30-4 Field Summary

Type

Name

static RequestCategoryType

ROLE_TO_CONTAINER_ADD

static RequestCategoryType

ROLE_TO_CONTAINER_ADD_SUBTREE

static RequestCategoryType

ROLE_TO_CONTAINER_REMOVE

static RequestCategoryType

ROLE_TO_GROUP_ADD

static RequestCategoryType

ROLE_TO_GROUP_REMOVE

static RequestCategoryType

ROLE_TO_ROLE_ADD

static RequestCategoryType

ROLE_TO_ROLE_REMOVE

static RequestCategoryType

ROLE_TO_USER_ADD

static RequestCategoryType

ROLE_TO_USER_REMOVE

RequestCategoryType constructors

The RequestCategoryType class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

RequestCategoryType()

Syntax 2: Here is the syntax for a constructor that takes a String as a parameter:

RequestCategoryType(java.lang.String value)

equals

Implementation of equals(). This implementation overrides the equals() method in java.lang.Object.

Syntax: Here is the method signature:

public boolean equals(java.lang.Object obj)

fromRPC

Reconstructs an API representation object from an RPC representation.

Syntax: Here is the method signature:

public com.novell.idm.nrf.persist.RequestCategoryType fromRPC() throws com.novell.idm.nrf.exception.NrfException

fromValue

This method is for WSSDK serialization.

Syntax: Here is the method signature:

public static RequestCategoryType fromValue(java.lang.String value)

getValue

Gets the type.

Syntax: Here is the method signature:

public java.lang.String getValue()

hashCode

This implementation overrides the hashCode() method in java.lang.Object.

Syntax: Here is the method signature:

public int hashCode()

setValue

Sets the type.

Syntax: Here is the method signature:

public void setValue(java.lang.String type)

toRPC

Constructs an RPC friendly representation off of an API object.

Syntax: Here is the method signature:

public static RequestCategoryType toRPC(com.novell.idm.nrf.persist.RequestCategoryType type)

toString

Implementation of toString() that returns a string representation of the class.

Syntax: Here is the method signature:

public java.lang.String toString()

30.2.22 RequestStatus

An JAX-RPC friendly representation of com.novell.idm.nrf.persist.RequestStatus.

Table 30-5 Field Summary

Type

Name

static RequestStatus

ACTIVATION_TIME_PENDING

static RequestStatus

APPROVAL_PENDING

static RequestStatus

APPROVAL_START_PENDING

static RequestStatus

APPROVAL_START_SUSPENDED

static RequestStatus

APPROVED

static RequestStatus

CLEANUP

static RequestStatus

DENIED

static RequestStatus

NEW_REQUEST

static RequestStatus

PROVISION

static RequestStatus

PROVISIONED

static RequestStatus

PROVISIONING_ERROR

static RequestStatus

SOD_APPROVAL_START_PENDING

static RequestStatus

SOD_APPROVAL_START_SUSPENDED

static RequestStatus

SOD_EXCEPTION_APPROVAL_PENDING

static RequestStatus

SOD_EXCEPTION_APPROVED

static RequestStatus

SOD_EXCEPTION_DENIED

RequestStatus constructors

The RequestStatus class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

RequestStatus()

Syntax 2: Here is the syntax for a constructor that takes a String as a parameter:

RequestStatus(java.lang.String value)

equals

Implementation of equals().

Syntax: Here is the method signature:

public boolean equals(java.lang.Object obj)

fromRPC

Reconstructs an API representation object from an RPC representation.

Syntax: Here is the method signature:

public com.novell.idm.nrf.persist.RequestStatus fromRPC() throws com.novell.idm.nrf.exception.NrfException

fromValue

This method is for WSSDK serialization.

Syntax: Here is the method signature:

public static RequestStatus fromValue(java.lang.String value)

getValue

Gets the type.

Syntax: Here is the method signature:

public java.lang.String getValue()

hashCode

This implementation overrides the hashCode() method in java.lang.Object.

Syntax: Here is the method signature:

public int hashCode()

setValue

Sets the type.

Syntax: Here is the method signature:

public void setValue(java.lang.String type)

toRPC

Constructs an RPC friendly representation off of an API object.

Syntax: Here is the method signature:

public static RequestStatus toRPC(com.novell.idm.nrf.persist.RequestStatus type)

toString

Implementation of toString() that returns a string representation of the class.

Syntax: Here is the method signature:

public java.lang.String toString()

30.2.23 ResourceAssociation

Supporting class that holds information about resource associations for a role.

getRole

Returns the DN for the role involved in the association.

public String getRole()

setRole

Sets the DN for the role involved in the association.

public void setRole(String role)

getEntityKey

Returns the entity key for the association.

public String getEntityKey()

setEntityKey

Sets the entity key for the association.

public void setEntityKey(String entityKey)

getResource

Returns the DN for the resource involved in the association.

public String getResource()

setResource

Sets the DN for the resource involved in the association.

public void setResource(String resource)

getDynamicParameters

Returns the list of dynamic parameters for the resource.

public DynamicParameter[] getDynamicParameters()

setDynamicParameters

Sets the list of dynamic parameters for the resource.

public void setDynamicParameters(DynamicParameter[] parameterValues)

getLocalizedDescriptions

Returns the list of localized descriptions.

public LocalizedValue[] getLocalizedDescriptions()

setLocalizedDescriptions

Sets the list of localized descriptions.

public void setLocalizedDescriptions(LocalizedValue[] descriptions)

getApprovalOverride

Returns the boolean flag indicating whether the role approval process overrides the resource approval process.

public boolean getApprovalOverride()

setApprovalOverride

Sets the boolean flag indicating whether the role approval process overrides the resource approval process.

public void setApprovalOverride(boolean override)

getStatus

Returns the status of the association.

public int getStatus()

setStatus

Sets the status of the association.

public void setStatus(int status)

toString

Converts the resource association to a string.

public String toString()

30.2.24 Role

Value class to hold the role information.

Role constructors

The Role class supports a single constructor.

Syntax: Here is the syntax for the constructor:

Role()

getApprovers

Gets the approvers of the role approval.

Syntax: Here is the method signature:

public ApproverArray getApprovers()

getAssociatedRoles

Gets the associated roles.

Syntax: Here is the method signature:

public DNStringArray getAssociatedRoles()

getChildRoles

Gets the children roles.

Syntax: Here is the method signature:

public DNStringArray getChildRoles()

getDescription

Gets the role description.

Syntax: Here is the method signature:

public java.lang.String getDescription()

getEntitlementRef

Gets the entitlement references.

Syntax: Here is the method signature:

public EntitlementArray getEntitlementRef()

getEntityKey

Gets the role entity key.

Syntax: Here is the method signature:

public java.lang.String getEntityKey()

getImplicitContainers

Gets the implicit container DNs.

Syntax: Here is the method signature:

public DNStringArray getImplicitContainers()

getImplicitGroups

Gets implicit group DNs.

Syntax: Here is the method signature:

public DNStringArray getImplicitGroups()

getName

Gets the role name.

Syntax: Here is the method signature:

public java.lang.String getName()

getOwners

Gets the owner DNs.

Syntax: Here is the method signature:

public DNStringArray getOwners()

getParentRoles

Gets the parent roles.

Syntax: Here is the method signature:

public DNStringArray getParentRoles()

getQuorum

Gets the quorum amount.

Syntax: Here is the method signature:

public java.lang.String getQuorum()

getRequestDef

Gets the request definition for approval processing.

Syntax: Here is the method signature:

public java.lang.String getRequestDef()

getRoleAssignments

Gets the role assignments.

Syntax: Here is the method signature:

public RoleAssignmentArray getRoleAssignments()

getRoleCategoryKeys

Gets the role category keys.

Syntax: Here is the method signature:

public CategoryKeyArray getRoleCategoryKeys()

getRoleLevel

Gets the role level object.

Syntax: Here is the method signature:

public RoleLevel getRoleLevel()

getSystemRole

Gets the system role flag.

Syntax: Here is the method signature:

public boolean getSystemRole()

setApprovers

Sets the approvers for role approval processing.

Syntax: Here is the method signature:

public void setApprovers(ApproverArray approvers)

setAssociatedRoles

Sets the associated roles.

Syntax: Here is the method signature:

public void setAssociatedRoles(DNStringArray associatedRoles)

setChildRoles

Sets the children roles.

Syntax: Here is the method signature:

public void setChildRoles(DNStringArray childRoles)

setDescription

Sets the role description.

Syntax: Here is the method signature:

public void setDescription(java.lang.String description)

setEntitlementRef

Sets the entitlement references.

Syntax: Here is the method signature:

public void setEntitlementRef(EntitlementArray entitlementRef)

setEntityKey

Sets the role entity key.

Syntax: Here is the method signature:

public void setEntityKey(java.lang.String entityKey)

setImplicitContainers

Sets the implicit container DNs.

Syntax: Here is the method signature:

public void setImplicitContainers(DNStringArray implicitContainers)

setImplicitGroups

Sets the implicit group DNs.

Syntax: Here is the method signature:

public void setImplicitGroups(DNStringArray implicitGroups)

setName

Sets the role name.

Syntax: Here is the method signature:

public void setName(java.lang.String name)

setOwners

Sets the owner DNs.

Syntax: Here is the method signature:

public void setOwners(DNStringArray owners)

setParentRoles

Sets the parent roles.

Syntax: Here is the method signature:

public void setParentRoles(DNStringArray parentRoles)

setQuorum

Sets the quorum amount.

Syntax: Here is the method signature:

public void setQuorum(java.lang.String quorum)

setRequestDef

Sets the request definition for approval processing.

Syntax: Here is the method signature:

public void setRequestDef(java.lang.String requestDef)

setRoleAssignments

Sets the role assignments.

Syntax: Here is the method signature:

public void setRoleAssignments(RoleAssignmentArray roleAssignments)

setRoleCategoryKeys

Sets the role category keys.

Syntax: Here is the method signature:

public void setRoleCategoryKeys(CategoryKeyArray roleCategoryKeys)

setRoleLevel

Sets the role level object.

Syntax: Here is the method signature:

public void setRoleLevel(RoleLevel roleLevel)

setSystemRole

Sets the system role flag.

Syntax: Here is the method signature:

public void setSystemRole(boolean systemRole)

30.2.25 RoleAssignment

Value class to hold role assignment information.

RoleAssignment

The RoleAssignment class supports a single constructor.

Syntax: Here is the syntax for the constructor:

RoleAssignment()

getAssignmentType

Gets the role assignment type.

Syntax: Here is the method signature:

public RoleAssignmentType getAssignmentType()

getCauseIdentities

Gets the cause identities DNs.

Syntax: Here is the method signature:

public IdentityTypeDnMapArray getCauseIdentities()

getEffectiveDate

Gets the effective date.

Syntax: Here is the method signature:

public java.util.Date getEffectiveDate()

getExpirationDate

Gets the expiration date.

Syntax: Here is the method signature:

public java.util.Date getExpirationDate()

getExplicitIdentities

Gets the explicit identities DNs.

Syntax: Here is the method signature:

public DNStringArray getExplicitIdentities()

getRole

Gets the role associated with the assignment.

Syntax: Here is the method signature:

public java.lang.String getRole()

setAssignmentType

Sets the role assignment type.

Syntax: Here is the method signature:

public void setAssignmentType(RoleAssignmentType assignmentType)

setCauseIdentities

Sets the cause identities DNs.

Syntax: Here is the method signature:

public void setCauseIdentities(IdentityTypeDnMapArray causeIdentities)

setEffectiveDate

Sets the effective date.

Syntax: Here is the method signature:

public void setEffectiveDate(java.util.Date effectiveDate)

setExpirationDate

Sets the expiration date.

Syntax: Here is the method signature:

public void setExpirationDate(java.util.Date expirationDate)

setExplicitIdentities

Sets the explicit identities DNs.

Syntax: Here is the method signature:

public void setExplicitIdentities(DNStringArray explicitIdentities)

setRole

Sets role associated with this assignment.

Syntax: Here is the method signature:

public void setRole(java.lang.String role)

30.2.26 RoleAssignmentArray

This section provides reference information on the RoleAssignmentArray class.

RoleAssignmentArray constructors

The RoleAssignmentArray class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

RoleAssignmentArray()

Syntax 2: Here is the syntax for a constructor that takes an array of Attribute objects as a parameter:

RoleAssignmentArray(RoleAssignment[] RoleAssignmentVal)

getRoleassignment

Returns an array of RoleAssignment objects.

Syntax: Here is the method signature:

RoleAssignment[] getRoleassignment()

setRoleassignment

Sets the array of RoleAssignment objects associated with the RoleAssignmentArray class.

Syntax: Here is the method signature:

void setRoleassignment (RoleAssignment[] RoleAssignmentVal)

30.2.27 RoleAssignmentActionType

An JAX-RPC friendly representation of com.novell.idm.nrf.RoleAssignmentActionType.

Table 30-6 Field Summary

Type

Name

static RoleAssignmentActionType

EXTEND

static RoleAssignmentActionType

GRANT

static RoleAssignmentActionType

REVOKE

RoleAssignmentActionType constructors

The RoleAssignmentActionType class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

RoleAssignmentActionType()

Syntax 2: Here is the syntax for a constructor that takes a String as a parameter:

RoleAssignmentActionType(java.lang.String value)

equals

Implementation of equals().

Syntax: Here is the method signature:

public boolean equals(java.lang.Object obj)

fromRPC

Reconstructs an API representation object from an RPC representation.

Syntax: Here is the method signature:

public com.novell.idm.nrf.RoleAssignmentActionType fromRPC()

fromValue

This method is for WSSDK serialization.

Syntax: Here is the method signature:

public static RoleAssignmentActionType fromValue(java.lang.String value)

getValue

Gets the type.

Syntax: Here is the method signature:

public java.lang.String getValue()

hashCode

This is an implementation of hashCode(). This implementation overrides the hashCode() method in java.lang.Object.

Syntax: Here is the method signature:

public int hashCode()

setValue

Sets the type.

Syntax: Here is the method signature:

public void setValue(java.lang.String type)

toRPC

Constructs an RPC friendly representation off of an API object.

Syntax: Here is the method signature:

public static RoleAssignmentActionType toRPC(com.novell.idm.nrf.RoleAssignmentActionType type)

toString

Implementation of toString() that returns a string representation of the class.

Syntax: Here is the method signature:

public java.lang.String toString()

30.2.28 RoleAssignmentRequest

Class to represent a role assignment request.

RoleAssignmentRequest

The RoleAssignmentRequest class supports a single constructor.

Syntax: Here is the syntax for the constructor:

RoleAssignmentRequest()

getActionType

Gets role assignment type (grant, revoke, extend).

Syntax: Here is the method signature:

public RoleAssignmentActionType getActionType()

getAssignmentType

Gets the role assignment type.

Syntax: Here is the method signature:

public RoleAssignmentType getAssignmentType()

getCorrelationID

Gets the correlation ID.

Syntax: Here is the method signature:

public java.lang.String getCorrelationID()

getEffectiveDate

Gets the effective date.

Syntax: Here is the method signature:

public java.util.Date getEffectiveDate()

getExpirationDate

Gets the expiration date.

Syntax: Here is the method signature:

public java.util.Date getExpirationDate()

getIdentity

Gets the identity to assign roles to.

Syntax: Here is the method signature:

public java.lang.String getIdentity()

getReason

Gets the reason for the role assignment.

Syntax: Here is the method signature:

public java.lang.String getReason()

getRoles

Gets the roles to assign to the identity.

Syntax: Here is the method signature:

public DNStringArray getRoles()

getSodOveridesRequested

Gets the SOD DNs and justification to override.

Syntax: Here is the method signature:

public SodJustificationArray getSodOveridesRequested()

setActionType

Sets the action type (grant, revoke, extend).

Syntax: Here is the method signature:

public void setActionType(RoleAssignmentActionType actionType)

setAssignmentType

Sets the role assignment type.

Syntax: Here is the method signature:

public void setAssignmentType(RoleAssignmentType assignmentType)

setCorrelationID

Sets the correlation ID.

Syntax: Here is the method signature:

public void setCorrelationID(java.lang.String correlationID)

setEffectiveDate

Sets the effective date.

Syntax: Here is the method signature:

public void setEffectiveDate(java.util.Date effectiveDate)

setExpirationDate

Sets the expiration date.

Syntax: Here is the method signature:

public void setExpirationDate(java.util.Date expirationDate)

setIdentity

Sets the identity to assign roles to.

Syntax: Here is the method signature:

public void setIdentity(java.lang.String identity)

setReason

Sets the reason for the role assignment.

Syntax: Here is the method signature:

public void setReason(java.lang.String reason)

setRoles

Sets the roles to assign to the identity.

Syntax: Here is the method signature:

public void setRoles(DNStringArray roles)

setSodOveridesRequested

Sets the SOD DNs and justification to override.

Syntax: Here is the method signature:

public void setSodOveridesRequested(SodJustificationArray sodOveridesRequested)

30.2.29 RoleAssignmentRequestStatus

This class represents the status of a role assignment.

RoleAssignmentRequestStatus

The RoleAssignmentRequestStatus class supports a single constructor.

Syntax: Here is the syntax for the constructor:

RoleAssignmentRequestStatus()

getCategory

Gets the request category.

Syntax: Here is the method signature:

public RequestCategoryType getCategory()

getCorrelationId

Gets the correlation ID.

Syntax: Here is the method signature:

public java.lang.String getCorrelationId()

getEffectiveDate

Gets the effective date.

Syntax: Here is the method signature:

public java.util.Date getEffectiveDate()

getEntityKey

Gets the entity key.

Syntax: Here is the method signature:

public java.lang.String getEntityKey()

getExpirationDate

Gets the expiration date.

Syntax: Here is the method signature:

public java.util.Date getExpirationDate()

getReason

Gets the reason for the role assignment.

Syntax: Here is the method signature:

public java.lang.String getReason()

getRequestDate

Gets the request date.

Syntax: Here is the method signature:

public java.util.Date getRequestDate()

getRequester

Gets the request DN.

Syntax: Here is the method signature:

public java.lang.String getRequester()

getSource

Gets the source Role DN.

Syntax: Here is the method signature:

public java.lang.String getSource()

getStatus

Gets the request status.

Syntax: Here is the method signature:

public RequestStatus getStatus()

getTarget

Gets the targeted identity DN.

Syntax: Here is the method signature:

public java.lang.String getTarget()

setCategory

Sets the request category.

Syntax: Here is the method signature:

public void setCategory(RequestCategoryType category)

setCorrelationId

Sets the correlation ID.

Syntax: Here is the method signature:

public void setCorrelationId(java.lang.String correlationId)

setEffectiveDate

Sets the effective date.

Syntax: Here is the method signature:

public void setEffectiveDate(java.util.Date effectiveDate)

setEntityKey

Sets the entity key.

Syntax: Here is the method signature:

public void setEntityKey(java.lang.String entityKey)

setExpirationDate

Sets the expiration date.

Syntax: Here is the method signature:

public void setExpirationDate(java.util.Date expirationDate)

setReason

Sets the reason for the role assignment.

Syntax: Here is the method signature:

public void setReason(java.lang.String reason)

setRequestDate

Sets the request date.

Syntax: Here is the method signature:

public void setRequestDate(java.util.Date requestDate)

setRequester

Sets the requester DN.

Syntax: Here is the method signature:

public void setRequester(java.lang.String requester)

setSource

Sets the source Role DN.

Syntax: Here is the method signature:

public void setSource(java.lang.String source)

setStatus

Sets the request status.

Syntax: Here is the method signature:

public void setStatus(RequestStatus status)

setTarget

Sets the identity targeted DN.

Syntax: Here is the method signature:

public void setTarget(java.lang.String target)

30.2.30 RoleAssignmentType

An JAX-RPC friendly representation of com.novell.idm.nrf.RoleAssignmentType.

Table 30-7 Field Summary

Type

Name

static RoleAssignmentType

CONTAINER_TO_ROLE

static RoleAssignmentType

CONTAINER_WITH_SUBTREE_TO_ROLE

static RoleAssignmentType

GROUP_TO_ROLE

static RoleAssignmentType

ROLE_TO_ROLE

static RoleAssignmentType

USER_TO_ROLE

RoleAssignmentType constructors

The CategoryKey class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

CategoryKey()

Syntax 2: Here is the syntax for a constructor that takes a String as a parameter:

CategoryKey(java.lang.String categoryKey)

convertToAPI

Reconstructs an API representation object from an RPC representation.

Syntax: Here is the method signature:

public com.novell.idm.nrf.RoleAssignmentType convertToAPI()

convertToRPC

Constructs an RPC friendly representation off of an API object.

Syntax: Here is the method signature:

public static RoleAssignmentType convertToRPC(com.novell.idm.nrf.RoleAssignmentType type)

equals

Implementation of equals().

Syntax: Here is the method signature:

public boolean equals(java.lang.Object obj)

fromValue

This method is for WSSDK serialization.

Syntax: Here is the method signature:

public static RoleAssignmentType fromValue(java.lang.String value)

getValue

Gets the type.

Syntax: Here is the method signature:

public java.lang.String getValue()

hashCode

This is an implementation of hashCode(). This implementation overrides the hashCode() method in java.lang.Object.

Syntax: Here is the method signature:

public int hashCode()

setValue

Sets the type.

Syntax: Here is the method signature:

public void setValue(java.lang.String type)

toString

Implementation of toString() that returns a string representation of the class.

Syntax: Here is the method signature:

public java.lang.String toString()

30.2.31 RoleAssignmentTypeInfo

An JAX-RPC friendly representation of the details of the com.novell.idm.nrf.RoleAssignmentType enumeration.

RoleAssignmentTypeInfo

The RoleAssignmentTypeInfo class supports a single constructor.

Syntax: Here is the syntax for the constructor:

RoleAssignmentTypeInfo()

convertToRPC

Constructs an RPC friendly representation from an API object.

Syntax: Here is the method signature:

public static RoleAssignmentTypeInfo convertToRPC(com.novell.idm.nrf.RoleAssignmentType type)

getIdentityType

Returns the JAX-RPC friendly identity type.

Syntax: Here is the method signature:

public IdentityType getIdentityType()

getSubtreeIncluded

Determines whether the sub is included.

Syntax: Here is the method signature:

public boolean getSubtreeIncluded()

getSupportsApproval

Determines whether the assignment supports approval.

Syntax: Here is the method signature:

public boolean getSupportsApproval()

getSupportsEffectiveDate

Determines whether the assignment supports an effective date.

Syntax: Here is the method signature:

public boolean getSupportsEffectiveDate()

getSupportsExpiration

Determines whether the assignment supports expiration.

Syntax: Here is the method signature:

public boolean getSupportsExpiration()

getSupportsSODApproval

Determines whether the assignment supports SOD approval.

Syntax: Here is the method signature:

public boolean getSupportsSODApproval()

setIdentityType

Sets the JAX-RPC friendly identity type.

Syntax: Here is the method signature:

public void setIdentityType(IdentityType type)

setSubtreeIncluded

Sets whether the sub is included.

Syntax: Here is the method signature:

public void setSubtreeIncluded(boolean bool)

setSupportsApproval

Sets whether the assignment supports approval.

Syntax: Here is the method signature:

public void setSupportsApproval(boolean bool)

setSupportsEffectiveDate

Sets whether the assignment supports effective date.

Syntax: Here is the method signature:

public void setSupportsEffectiveDate(boolean bool)

setSupportsExpiration

Sets whethers the assignment supports expiration.

Syntax: Here is the method signature:

public void setSupportsExpiration(boolean bool)

setSupportsSODApproval

Sets whether the assignment supports SOD approval.

Syntax: Here is the method signature:

public void setSupportsSODApproval(boolean bool)

30.2.32 RoleInfo

Value class to hold main role information. This is a small subset of the role value class.

RoleInfo constructors

The RoleInfo class supports a single constructor.

Syntax: Here is the syntax for the constructor:

RoleInfo()

getDescription

Gets the role description.

Syntax: Here is the method signature:

public java.lang.String getDescription()

getEntityKey

Gets the role entity key.

Syntax: Here is the method signature:

public java.lang.String getEntityKey()

getName

Gets the role name.

Syntax: Here is the method signature:

public java.lang.String getName()

getRoleCategoryKeys

Gets the role category keys.

Syntax: Here is the method signature:

public CategoryKeyArray getRoleCategoryKeys()

getRoleLevel

Gets the role level object.

Syntax: Here is the method signature:

public RoleLevel getRoleLevel()

setDescription

Sets the role description.

Syntax: Here is the method signature:

public void setDescription(java.lang.String description)

setEntityKey

Sets the role entity key.

Syntax: Here is the method signature:

public void setEntityKey(java.lang.String entityKey)

setName

Sets the role name.

Syntax: Here is the method signature:

public void setName(java.lang.String name)

setRoleCategoryKeys

Sets the role category keys.

Syntax: Here is the method signature:

public void setRoleCategoryKeys(CategoryKeyArray roleCategoryKeys)

setRoleLevel

Sets role level object.

Syntax: Here is the method signature:

public void setRoleLevel(RoleLevel roleLevel)

30.2.33 RoleInfoArray

This section provides reference information on the RoleInfoArray class.

RoleInfoArray constructors

The RoleInfoArray class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

RoleInfoArray()

Syntax 2: Here is the syntax for a constructor that takes an array of Attribute objects as a parameter:

RoleInfoArray(RoleInfo[] RoleInfoVal)

getRoleinfo

Returns an array of RoleInfo objects.

Syntax: Here is the method signature:

RoleInfo[] getRoleinfo()

setRoleinfo

Sets the array of RoleInfo objects associated with the RoleInfoArray class.

Syntax: Here is the method signature:

void setRoleinfo (RoleInfo[] RoleInfoVal)

30.2.34 RoleLevel

This class represent a role level.

RoleLevel constructors

The RoleLevel class supports a single constructor.

Syntax: Here is the syntax for the constructor:

RoleLevel()

getContainer

Gets the role level container.

Syntax: Here is the method signature:

public java.lang.String getContainer()

getDescription

Gets the role level description.

Syntax: Here is the method signature:

public java.lang.String getDescription()

getLevel

Gets the role level.

Syntax: Here is the method signature:

public long getLevel()

getName

Gets the role level name.

Syntax: Here is the method signature:

public java.lang.String getName()

setContainer

Sets the role level container.

Syntax: Here is the method signature:

public void setContainer(java.lang.String container)

setDescription

Sets the role level description.

Syntax: Here is the method signature:

public void setDescription(java.lang.String description)

setLevel

Sets the role level.

Syntax: Here is the method signature:

public void setLevel(long level)

setName

Sets the role level name.

Syntax: Here is the method signature:

public void setName(java.lang.String name)

30.2.35 RoleLevelArray

This section provides reference information on the RoleLevelArray class.

RoleLevelArray constructors

The RoleLevelArray class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

RoleLevelArray()

Syntax 2: Here is the syntax for a constructor that takes an array of Attribute objects as a parameter:

RoleLevelArray(RoleLevel[] RoleLevelVal)

getRolelevel

Returns an array of RoleLevel objects.

Syntax: Here is the method signature:

RoleLevel[] getRolelevel()

setRolelevel

Sets the array of RoleLevel objects associated with the RoleLevelArray class.

Syntax: Here is the method signature:

void setRolelevel (RoleLevel[] RoleLevelVal)

30.2.36 RoleRequest

The Role Request class has been added to support the creation of roles. The Role Request class is a value class used to hold information about a request to create a role.

getName

Gets the role name.

Syntax: Here is the method signature:

public String getName()

getDescription

Gets the role description.

Syntax: Here is the method signature:

public String getDescription()

getEntityKey

Gets the entity key for the role.

Syntax: Here is the method signature:

public String getEntityKey()

getRoleLevel

Gets the role level object.

Syntax: Here is the method signature:

public long getRoleLevel()

getRoleCategoryKeys

Gets the role category keys.

Syntax: Here is the method signature:

public CategoryKey[] getRoleCategoryKeys()

getQuorum

Gets the quorum amount.

Syntax: Here is the method signature:

public String getQuorum()

getRequestDef

Gets the provisioning request definition for approval processing.

Syntax: Here is the method signature:

public String getRequestDef()

getApprovers

Gets the approvers for the role definition.

Syntax: Here is the method signature:

public Approver[] getApprovers()

getOwners

Gets the owner DNs.

Syntax: Here is the method signature:

public DNString[] getOwners()

getRoleAssignments

Gets the associated roles.

Syntax: Here is the method signature:

public String getRoleAssignments()

getSystemRole

Gets the system role flag, which indicates whether this is a system role.

Syntax: Here is the method signature:

public boolean getSystemRole()

getContainer

Gets the name of the role container.

Syntax: Here is the method signature:

public String getContainer()

setName

Sets the role name.

Syntax: Here is the method signature:

public void setName()

setDescription

Sets the role description.

Syntax: Here is the method signature:

public void setDescription()

setEntityKey

Sets the entity key for the role.

Syntax: Here is the method signature:

public void setEntityKey()

setRoleLevel

Sets the role level object.

Syntax: Here is the method signature:

public void setRoleLevel()

setRoleCategoryKeys

Sets the role category keys.

Syntax: Here is the method signature:

public void setRoleCategoryKeys()

setQuorum

Sets the quorum amount.

Syntax: Here is the method signature:

public void setQuorum()

setRequestDef

Sets the provisioning request definition for approval processing.

Syntax: Here is the method signature:

public void setRequestDef()

setApprovers

Sets the approvers for role approval processing.

Syntax: Here is the method signature:

public void setApprovers()

setOwners

Sets the owner DNs.

Syntax: Here is the method signature:

public void setOwners()

setSystemRole

Sets the system role flag, which determines whether this is a system role.

Syntax: Here is the method signature:

public void setSystemRole()

setContainer

Sets the role container.

Syntax: Here is the method signature:

public void setContainer()

30.2.37 RoleServiceDelegate

Delegate class to perform the actual call to the API layer. Should be used by all skeleton classes.

RoleServiceDelegate constructors

The RoleServiceDelegate class supports a single constructor.

Syntax: Here is the syntax for the constructor:

RoleServiceDelegate(com.novell.srvprv.spi.security.ISecurityContext ctx, java.util.Locale locale)

findSodByExample

Finds all SoD objects based on the search criteria in the given SOD object.

Syntax: Here is the method signature:

SodArray findSodByExample(Sod sod) throws NrfServiceException, java.rmi.RemoteException

findSodByExampleWithOperator

Finds all SoD objects based on the search criteria found in the given SOD object

Syntax: Here is the method signature:

SodArray findSodByExampleWithOperator(Sod searchCriteria, boolean useAndForMultiValueSearch) throws NrfServiceException, java.rmi.RemoteException 

findSodById

Find by key.

Syntax: Here is the method signature:

Sod findSodById(java.lang.String entityKey) throws NrfServiceException, java.rmi.RemoteException 

getAssignedIdentities

Returns a list of role assignments for a specified identity.

Syntax: Here is the method signature:

RoleAssignmentArray   getAssignedIdentities(java.lang.String identityDn, IdentityType type, boolean direct) throws NrfServiceException, java.rmi.RemoteException

getConfiguration

Returns the role system configuration defined in the role vault root (nrfConfiguration)

Syntax: Here is the method signature:

Configuration getConfiguration() throws NrfServiceException,                          java.rmi.RemoteException

getContainer

Gets container and role information for a given container DN.

Syntax: Here is the method signature:

Container getContainer(java.lang.String containerDn)                       throws NrfServiceException, java.rmi.RemoteException

getExceptionList

Returns a list of Sod instances for all SOD violations found for a specific identity and type.

Syntax: Here is the method signature:

SodArray getExceptionsList(java.lang.String identity, IdentityType identityType) throws NrfServiceException, java.rmi.RemoteException

getGroup

Gets group and role information for a given group DN.

Syntax: Here is the method signature:

Group getGroup(java.lang.String groupDn) throws NrfServiceException, java.rmi.RemoteException

getIdentitiesInViolation

Returns a map of identities which are in violation of a given SoD.

Syntax: Here is the method signature:

IdentityTypeDnMapArray getIdentitiesInViolation(java.lang.String sodDn) throws NrfServiceException, java.rmi.RemoteException

getIdentityRoleConflicts

Returns a list of Sod instances for all SOD conflicts found for a given list of roles for a given identity.

Syntax: Here is the method signature:

SodArray getIdentityRoleConflicts(java.lang.String identity, IdentityType identityType, DNStringArray requestedRoles) throws NrfServiceException, java.rmi.RemoteException

getRole

Retrieves a role object defined by a role DN

Syntax: Here is the method signature:

Role getRole(java.lang.String roleDn) throws NrfServiceException, java.rmi.RemoteException  

getRoleAssignmentRequestStatus

Returns a list of role assignment request status instances given a correlation ID.

Syntax: Here is the method signature:

RoleAssignmentRequestStatusArray getRoleAssignmentRequestStatus(java.lang.String correlationId) throws NrfServiceException, java.rmi.RemoteException 

getRoleAssignmentRequestStatusByIdentityType

Returns a list of role assignment request status instances given an identity and an identity type.

Syntax: Here is the method signature:

RoleAssignmentRequestStatusArray getRoleAssignmentRequestStatusByIdentityType(java.lang.String identityDn, IdentityType identityType) throws NrfServiceException, java.rmi.RemoteException

getRoleAssignmentTypeInfo

Retrieves details about a RoleAssignmentType.

Syntax: Here is the method signature:

RoleAssignmentTypeInfo getRoleAssignmentTypeInfo(RoleAssignmentType type) throws NrfServiceException, java.rmi.RemoteException 

getRoleCategories

Gets role categories.

Syntax: Here is the method signature:

CategoryArray getRoleCategories() throws NrfServiceException, java.rmi.RemoteException 

getRoleConflicts

Returns a list of Sod instances found for all given roles. This method always returns a list.

Syntax: Here is the method signature:

SodArray getRoleConflicts(DNStringArray roles) throws NrfServiceException, java.rmi.RemoteException

getRoleLevels

Gets role levels.

Syntax: Here is the method signature:

RoleLevelArray getRoleLevels() throws NrfServiceException, java.rmi.RemoteException

getRolesInfo

Returns a list of RoleInfo instances given a list of role DNs.

Syntax: Here is the method signature:

RoleInfoArray getRolesInfo(DNStringArray roleDns) throws NrfServiceException, java.rmi.RemoteException

getRolesInfoByCategory

Returns a list of RoleInfo instances given a list of role category keys.

Syntax: Here is the method signature:

RoleInfoArray getRolesInfoByCategory(CategoryKeyArray roleCategoryKeys) throws NrfServiceException, java.rmi.RemoteException

getRolesInfoByLevel

Returns a list of RoleInfo instances given a list of role levels.

Syntax: Here is the method signature:

RoleInfoArray getRolesInfoByLevel(LongArray roleLevels) throws NrfServiceException, java.rmi.RemoteException

getTargetSourceConflicts

Returns a list of Sod instances for all SOD conflicts defined between the target role DN and the source role DN.

Syntax: Here is the method signature:

SodArray getTargetSourceConflicts(java.lang.String targetName, java.lang.String sourceName) throws NrfServiceException, java.rmi.RemoteException 

getUser

Gets user info including all role assignments for a given user DN stored in a UserIdentity object.

Syntax: Here is the method signature:

User getUser(java.lang.String userDn) throws NrfServiceException, java.rmi.RemoteException

getVersion

Returns the version of this Web Service.

Syntax: Here is the method signature:

VersionVO getVersion() throws java.rmi.RemoteException

isUserInRole

Returns boolean flag; true if role has been assigned to a User identity

Syntax: Here is the method signature:

boolean isUserInRole(java.lang.String userDn, java.lang.String roleDn)

requestRoleAssignment

Returns a list of request DNs created by the role assignment. Be aware that the role assignment expires only if the role is assigned to a user and not when it is assigned to a group or a container.

Syntax: Here is the method signature:

DNStringArray requestRolesAssignment(RoleAssignmentRequest roleAssignmentRequest) throws NrfServiceException, java.rmi.RemoteException

30.2.38 RoleServiceSkeletonImpl

Class to represent the skeleton server side implementation of the Role Based offered services.

RoleServiceSkeletonImpl

The RoleServiceSkeletonImpl class supports a single constructor.

Syntax: Here is the syntax for the constructor:

RoleServiceSkeletonImpl()

findSodByExample

Finds all SoD objects based on the search criteria in the given SOD object.

Syntax: Here is the method signature:

SodArray findSodByExample(Sod sod) throws NrfServiceException, java.rmi.RemoteException

findSodByExampleWithOperator

Finds all SoD objects based on the search criteria found in the given SOD object

Syntax: Here is the method signature:

SodArray findSodByExampleWithOperator(Sod searchCriteria, boolean useAndForMultiValueSearch) throws NrfServiceException, java.rmi.RemoteException 

findSodById

Find by key.

Syntax: Here is the method signature:

Sod findSodById(java.lang.String entityKey) throws NrfServiceException, java.rmi.RemoteException 

getAssignedIdentities

Returns a list of role assignments for a specified identity.

Syntax: Here is the method signature:

RoleAssignmentArray   getAssignedIdentities(java.lang.String identityDn, IdentityType type, boolean direct) throws NrfServiceException, java.rmi.RemoteException

getConfiguration

Returns the role system configuration defined in the role vault root (nrfConfiguration)

Syntax: Here is the method signature:

Configuration getConfiguration() throws NrfServiceException,                          java.rmi.RemoteException

getContainer

Gets container and role information for a given container DN.

Syntax: Here is the method signature:

Container getContainer(java.lang.String containerDn)                       throws NrfServiceException, java.rmi.RemoteException

getExceptionList

Returns a list of Sod instances for all SOD violations found for a specific identity and type.

Syntax: Here is the method signature:

SodArray getExceptionsList(java.lang.String identity, IdentityType identityType) throws NrfServiceException, java.rmi.RemoteException

getGroup

Gets group and role information for a given group DN.

Syntax: Here is the method signature:

Group getGroup(java.lang.String groupDn) throws NrfServiceException, java.rmi.RemoteException

getIdentitiesInViolation

Returns a map of identities which are in violation of a given SoD.

Syntax: Here is the method signature:

IdentityTypeDnMapArray getIdentitiesInViolation(java.lang.String sodDn) throws NrfServiceException, java.rmi.RemoteException

getIdentityRoleConflicts

Returns a list of Sod instances for all SOD conflicts found for a given list of roles for a given identity.

Syntax: Here is the method signature:

SodArray getIdentityRoleConflicts(java.lang.String identity, IdentityType identityType, DNStringArray requestedRoles) throws NrfServiceException, java.rmi.RemoteException

getRole

Retrieves a role object defined by a role DN

Syntax: Here is the method signature:

Role getRole(java.lang.String roleDn) throws NrfServiceException, java.rmi.RemoteException  

getRoleAssignmentRequestStatus

Returns a list of role assignment request status instances given a correlation ID.

Syntax: Here is the method signature:

RoleAssignmentRequestStatusArray getRoleAssignmentRequestStatus(java.lang.String correlationId) throws NrfServiceException, java.rmi.RemoteException 

getRoleAssignmentRequestStatusByIdentityType

Returns a list of role assignment request status instances given an identity and an identity type.

Syntax: Here is the method signature:

RoleAssignmentRequestStatusArray getRoleAssignmentRequestStatusByIdentityType(java.lang.String identityDn, IdentityType identityType) throws NrfServiceException, java.rmi.RemoteException

getRoleAssignmentTypeInfo

Retrieves details about a RoleAssignmentType.

Syntax: Here is the method signature:

RoleAssignmentTypeInfo getRoleAssignmentTypeInfo(RoleAssignmentType type) throws NrfServiceException, java.rmi.RemoteException 

getRoleCategories

Gets role categories.

Syntax: Here is the method signature:

CategoryArray getRoleCategories() throws NrfServiceException, java.rmi.RemoteException 

getRoleConflicts

Returns a list of Sod instances found for all given roles. This method always returns a list.

Syntax: Here is the method signature:

SodArray getRoleConflicts(DNStringArray roles) throws NrfServiceException, java.rmi.RemoteException

getRoleLevels

Gets role levels.

Syntax: Here is the method signature:

RoleLevelArray getRoleLevels() throws NrfServiceException, java.rmi.RemoteException

getRolesInfo

Returns a list of RoleInfo instances given a list of role DNs.

Syntax: Here is the method signature:

RoleInfoArray getRolesInfo(DNStringArray roleDns) throws NrfServiceException, java.rmi.RemoteException

getRolesInfoByCategory

Returns a list of RoleInfo instances given a list of role category keys.

Syntax: Here is the method signature:

RoleInfoArray getRolesInfoByCategory(CategoryKeyArray roleCategoryKeys) throws NrfServiceException, java.rmi.RemoteException

getRolesInfoByLevel

Returns a list of RoleInfo instances given a list of role levels.

Syntax: Here is the method signature:

RoleInfoArray getRolesInfoByLevel(LongArray roleLevels) throws NrfServiceException, java.rmi.RemoteException

getTargetSourceConflicts

Returns a list of Sod instances for all SOD conflicts defined between the target role DN and the source role DN.

Syntax: Here is the method signature:

SodArray getTargetSourceConflicts(java.lang.String targetName, java.lang.String sourceName) throws NrfServiceException, java.rmi.RemoteException 

getUser

Gets user info including all role assignments for a given user DN stored in a UserIdentity object.

Syntax: Here is the method signature:

User getUser(java.lang.String userDn) throws NrfServiceException, java.rmi.RemoteException

getVersion

Returns the version of this Web Service.

Syntax: Here is the method signature:

VersionVO getVersion() throws java.rmi.RemoteException

isUserInRole

Returns boolean flag; true if role has been assigned to a User identity

Syntax: Here is the method signature:

boolean isUserInRole(java.lang.String userDn, java.lang.String roleDn)

requestRoleAssignment

Returns a list of request DNs created by the role assignment

Syntax: Here is the method signature:

DNStringArray requestRolesAssignment(RoleAssignmentRequest roleAssignmentRequest) throws NrfServiceException, java.rmi.RemoteException

30.2.39 Sod

Value object to hold SOD information.

Sod constructors

The Sod class supports a single constructor.

Syntax: Here is the syntax for the constructor:

Sod()

getApprovalType

Gets the SOD approval type.

Syntax: Here is the method signature:

public SodApprovalType getApprovalType()

getApprovers

Gets SOD approvers.

Syntax: Here is the method signature:

public ApproverArray getApprovers()

getDescription

Gets the SOD description.

Syntax: Here is the method signature:

public java.lang.String getDescription()

getEntityKey

Gets the SOD entity key.

Syntax: Here is the method signature:

public java.lang.String getEntityKey()

getName

Gets the SOD name.

Syntax: Here is the method signature:

public java.lang.String getName()

getQuorum

Gets the SOD quorum amount.

Syntax: Here is the method signature:

public java.lang.String getQuorum()

getRequestDef

Gets the request definition for approval processing.

Syntax: Here is the method signature:

public java.lang.String getRequestDef()

getRoles

Gets the SOD roles.

Syntax: Here is the method signature:

public DNStringArray getRoles()

setApprovalType

Sets the SOD approval type.

Syntax: Here is the method signature:

public void setApprovalType(SodApprovalType approvalType)

setApprovers

Sets the SOD approvers.

Syntax: Here is the method signature:

public void setApprovers(ApproverArray approvers)

setDescription

Sets the SOD description.

Syntax: Here is the method signature:

public void setDescription(java.lang.String description)

setEntityKey

Sets the SOD entity key.

Syntax: Here is the method signature:

public void setEntityKey(java.lang.String entityKey)

setName

Sets the SOD name.

Syntax: Here is the method signature:

public void setName(java.lang.String name)

setQuorum

Sets the SOD quorum amount.

Syntax: Here is the method signature:

public void setQuorum(java.lang.String quorum)

setRequestDef

Sets the request definition for approval processing.

Syntax: Here is the method signature:

public void setRequestDef(java.lang.String requestDef)

setRoles

Sets the SOD roles.

Syntax: Here is the method signature:

public void setRoles(DNStringArray roles)

30.2.40 SodArray

This section provides reference information on the SodArray class.

SodArray constructors

The SodArray class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

SodArray()

Syntax 2: Here is the syntax for a constructor that takes an array of Attribute objects as a parameter:

SodArray(Sod[] SodVal)

getSod

Returns an array of Sod objects.

Syntax: Here is the method signature:

Sod[] getSod()

setSod

Sets the array of Sod objects associated with the SodArray class.

Syntax: Here is the method signature:

void setSod (Sod[] SodVal)

30.2.41 SodApprovalType

An JAX-RPC friendly representation of com.novell.idm.nrf.api.SodApprovalType.

Table 30-8 Field Summary

Type

Name

static SodApprovalType

ALLOW_WITH_WORKFLOW

static SodApprovalType

ALWAYS_ALLOW

SodApprovalType constructors

The SodApprovalType class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

SodApprovalType()

Syntax 2: Here is the syntax for a constructor that takes a String as a parameter:

SodApprovalType(java.lang.String value)

equals

Implementation of equals().

Syntax: Here is the method signature:

public boolean equals(java.lang.Object obj)

fromRPC

Reconstructs an API representation object from an RPC representation.

Syntax: Here is the method signature:

public com.novell.idm.nrf.api.SodApprovalType fromRPC() throws com.novell.idm.nrf.exception.NrfException

fromValue

This method is for WSSDK serialization.

Syntax: Here is the method signature:

public static SodApprovalType fromValue(java.lang.String value)

getValue

Gets the type.

Syntax: Here is the method signature:

public java.lang.String getValue()

hashCode

This is an implementation of hashCode(). This implementation overrides the hashCode() method in java.lang.Object.

Syntax: Here is the method signature:

public int hashCode()

setValue

Sets the type.

Syntax: Here is the method signature:

public void setValue(java.lang.String type)

toRPC

Reconstructs an API representation object from an RPC representation.

Syntax: Here is the method signature:

public com.novell.idm.nrf.api.SodApprovalType fromRPC() throws com.novell.idm.nrf.exception.NrfException

toString

Implementation of toString() that returns a string representation of the class.

Syntax: Here is the method signature:

public java.lang.String toString()

30.2.42 SodJustification

Class to represent an SOD DN to override with a justification. Used for assignment of roles to be able to pass in a justification for overrides of SODs.

SodJustification constructors

The SodJustification class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

SodJustification()

Syntax 2: Here is the syntax for a constructor that takes two String values as parameters:

SodJustification(java.lang.String sodDN, java.lang.String justification)

getJustification

Gets the SOD justification for override.

Syntax: Here is the method signature:

public java.lang.String getJustification()

getSodDN

Gets the SOD DN for override.

Syntax: Here is the method signature:

public java.lang.String getSodDN()

setJustification

Sets the justification for override.

Syntax: Here is the method signature:

public void setJustification(java.lang.String justification)

setSodDN

Sets the SOD DN for override.

Syntax: Here is the method signature:

public void setSodDN(java.lang.String sodDN)

30.2.43 SodJustificationArray

This section provides reference information on the SodJustificationArray class.

SodJustificationArray constructors

The SodJustificationArray class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

SodJustificationArray()

Syntax 2: Here is the syntax for a constructor that takes an array of Attribute objects as a parameter:

SodJustificationArray(SodJustification[] SodJustificationVal)

getSodjustification

Returns an array of SodJustification objects.

Syntax: Here is the method signature:

SodJustification[] getSodjustification()

setSodjustification

Sets the array of SodJustification objects associated with the SodJustificationArray class.

Syntax: Here is the method signature:

void setSodjustification (SodJustification[] SodJustificationVal)

30.2.44 User

Value class to hold user identity information.

User constructors

The User class supports a single constructor.

Syntax: Here is the syntax for the constructor:

User()

getAssociatedRoles

Gets the associated roles for this identity.

Syntax: Here is the method signature:

public DNStringArray getAssociatedRoles()

getCn

Gets the cn.

Syntax: Here is the method signature:

public java.lang.String getCn()

getContainerRoles

Gets the container roles.

Syntax: Here is the method signature:

public DNStringArray getContainerRoles()

getEmail

Gets the email address.

Syntax: Here is the method signature:

public java.lang.String getEmail()

getEntityKey

Gets the identity entity key.

Syntax: Here is the method signature:

public java.lang.String getEntityKey()

getExplicitAssignments

Gets the explicit role assignments.

Syntax: Here is the method signature:

public RoleAssignmentArray getExplicitAssignments()

getFirstName

Gets the first name.

Syntax: Here is the method signature:

public java.lang.String getFirstName()

getGroupRoles

Gets the group roles.

Syntax: Here is the method signature:

public DNStringArray getGroupRoles()

getIdentityType

Gets identity type.

Syntax: Here is the method signature:

public IdentityType getIdentityType()

getImplicitAssignments

Gets the implicit role assignments.

Syntax: Here is the method signature:

public RoleAssignmentArray getImplicitAssignments()

getInheritedAssignments

Gets the inherited role assignments.

Syntax: Here is the method signature:

public RoleAssignmentArray getInheritedAssignments()

getInheritedRoles

Gets the inherited roles.

Syntax: Here is the method signature:

public DNStringArray getInheritedRoles()

getLastName

Gets the last name.

Syntax: Here is the method signature:

public java.lang.String getLastName()

getRoleAssignments

Gets the role assignments for this identity.

Syntax: Here is the method signature:

public RoleAssignmentArray getRoleAssignments()

setAssociatedRoles

Sets the associated roles for this identity.

Syntax: Here is the method signature:

public void setAssociatedRoles(DNStringArray associatedRoles)

setCn

Sets the CN.

Syntax: Here is the method signature:

public void setCn(java.lang.String cn)

setContainerRoles

Sets the container roles.

Syntax: Here is the method signature:

public void setContainerRoles(DNStringArray containerRoles)

setEmail

Sets the email address.

Syntax: Here is the method signature:

public void setEmail(java.lang.String email)

setEntityKey

Sets the identity entity key.

Syntax: Here is the method signature:

public void setEntityKey(java.lang.String entityKey)

setExplicitAssignments

Sets the explicit role assignments.

Syntax: Here is the method signature:

public void setExplicitAssignments(RoleAssignmentArray explicitAssignments)

setFirstName

Sets the first name.

Syntax: Here is the method signature:

public void setFirstName(java.lang.String firstName)

setGroupRoles

Sets the group roles.

Syntax: Here is the method signature:

public void setGroupRoles(DNStringArray groupRoles)

setIdentityType

Sets the identity type.

Syntax: Here is the method signature:

public void setIdentityType(IdentityType identityType)

setImplicitAssignments

Sets the implicit role assignments.

Syntax: Here is the method signature:

public void setImplicitAssignments(RoleAssignmentArray implicitAssignments)

setInheritedAssignments

Sets the inherited role assignments.

Syntax: Here is the method signature:

public void setInheritedAssignments(RoleAssignmentArray inheritedAssignments)

setInheritedRoles

Sets the inherited roles.

Syntax: Here is the method signature:

public void setInheritedRoles(DNStringArray inheritedRoles)

setLastName

Sets the last name.

Syntax: Here is the method signature:

public void setLastName(java.lang.String lastName)

setRoleAssignments

Sets the role assignments for this identity.

Syntax: Here is the method signature:

public void setRoleAssignments(RoleAssignmentArray roleAssignments)

30.2.45 VersionVO

A value object for Version.

VersionVO constructors

The VersionVO class has two constructors.

Syntax 1: Here is the syntax for a constructor that takes no parameters:

VersionVO()

Syntax 2: Here is the syntax for a constructor that takes a String as a parameter:

VersionVO(java.lang.String version)

getValue

Gets the version.

Syntax: Here is the method signature:

public java.lang.String getValue()

setValue

Sets the version.

Syntax: Here is the method signature:

public void setValue(java.lang.String version)