Index

DKAuthorizationMgmtICM

Purpose:

This class represents and implements datastore authorization functions, for example privileges, privilege sets, and access control lists (ACL).

Since: Version 8

Class summary:

class DKEXPORT DKAuthorizationMgmtICM : public dkAuthorizationMgmt 
{
public:
    DKAuthorizationMgmtICM(dkDatastore* ds);
    virtual ~DKAuthorizationMgmtICM();
    virtual void add(dkAccessControlList* aclObj);
    virtual void add(dkPrivilege* privObj);
    virtual void add(dkPrivilegeGroup* privGroupObj);
    virtual void add(dkPrivilegeSet* privSetObj);
    void addACLRule(long aclCode, const char* userId, short patronType, long privSetCode);
    void addDomainACL(const char* domainName, const char** aclNames,long count);
    void addDomainPrivilegeSet(const char* domainName, const char** privSetNames,long count);
    virtual void clearCache();
    virtual dkAccessControlList* createAccessControlList();
    virtual dkPrivilege* createPrivilege();
    virtual dkPrivilegeGroup* createPrivilegeGroup();
    virtual dkPrivilegeSet* createPrivilegeSet();
    virtual void del(dkAccessControlList* acl);
    virtual void del(dkPrivilege* priv);
    virtual void del(dkPrivilegeGroup* privGroup);
    virtual void del(dkPrivilegeSet* privSet);
    void deleteACLRule(long aclCode, const char* userId);
    dkAccessControlList* getAccessControlList(const char* name);
    dkPrivilege* getPrivilege(const char* name);
    dkPrivilegeGroup* getPrivilegeGroup(const char* name);
    dkPrivilegeSet* getPrivilegeSet(const char* name);
    DKBoolean* isAuthorized (char** accessControlListNames,long arrSize, char* privilegeName);
    DKBoolean isTraceEnabled();
    DKString* listAccessControlListNames(const char* domainName,long& arraySize);
    virtual DKString* listAccessControlListNames(long& arraySize);
    virtual dkCollection* listAccessControlLists();
    dkCollection* listAccessControlLists(const char* domainName);
    dkCollection* listACLData(long id);
    dkCollection* listACLData(const char* name);
    dkCollection* listGeneralPrivileges();
    virtual DKString* listPrivilegeGroupNames(long& arraySize);
    virtual dkCollection* listPrivilegeGroups();
    virtual DKString* listPrivilegeNames(long& arraySize);
    virtual dkCollection* listPrivileges();
    DKString* listPrivilegeSetNames(const char* domainName,long& arraySize);
    virtual DKString* listPrivilegeSetNames(long& arraySize);
    virtual dkCollection* listPrivilegeSets();
    dkCollection* listPrivilegeSets(const char* domainName);
    dkCollection* listPrivInGroup(long id);
    dkCollection* listPrivInGroup(const char* name);
    dkCollection* listPrivInSet(long id);
    dkCollection* listPrivInSet(const char* name);
    void removeDomainACL(const char* domainName, const char** aclNames,long count);
    void removeDomainPrivilegeSet(const char* domainName, const char** privSetNames,long count);
    dkAccessControlList* retrieveAccessControlList(long id);
    virtual dkAccessControlList* retrieveAccessControlList(const char* name);
    dkPrivilege* retrievePrivilege(long id);
    virtual dkPrivilege* retrievePrivilege(const char* name);
    dkPrivilegeGroup* retrievePrivilegeGroup(long id);
    virtual dkPrivilegeGroup* retrievePrivilegeGroup(const char* name);
    dkPrivilegeSet* retrievePrivilegeSet(long id);
    virtual dkPrivilegeSet* retrievePrivilegeSet(const char* name);
    dkPrivilegeSet* retrieveUserGroupPrivilegeSet(const char* userGroupId);
    dkPrivilegeSet* retrieveUserPrivilegeSet(const char* userId);
    void setTraceEnabled(DKBoolean isEnabled);
    virtual void update(dkAccessControlList* acl);
    virtual void update(dkPrivilege* priv);
    virtual void update(dkPrivilegeGroup* acl);
    virtual void update(dkPrivilegeSet* privSet);
    void updateACLRule(long aclCode, const char* userId, short patronType, long privSetCode);
};

Members:

Constructors and destructor
DKAuthorizationMgmtICM (dkDatastore* ds);

Constructor that takes a datastore instance as a parameter. The returned admin domain instance is associated with the datastore instance. Equivalent to calling the default constructor followed by the setDatastore method on the created object. Parameters:ds - valid instance of a datastore object. Should be an instance of DKDatastoreICM.

virtual ~DKAuthorizationMgmtICM ();

Destructor for the object.

Member functions

add
Adds a new privilege group definition to the persistent datastore. Parameters: privGroupObj - instance of a privilege group object whose definition is to be added. The parameter should be an instance of DKPrivilegeGroupICM. Throws: DKException if error occurs on the server.
virtual void add(dkPrivilegeGroup* privGroupObj);

add
Adds a new privilege definition to the persistent datastore. Parameters: privObj - instance of a privilege object whose definition is to be added. The parameter should be an instance of DKPrivilegeICM. Throws: DKException if error occurs on the server.
virtual void add(dkPrivilege* privObj);

add
Adds a new privilege set definition to the persistent datastore. Parameters: privSetObj - instance of a privilege set object whose definition is to be added. The parameter should be an instance of DKPrivilegeSetICM. Throws: DKException if error occurs on the server.
virtual void add(dkPrivilegeSet* privSetObj);

add
Adds a new ACL definition to the persistent datastore. Parameters: aclObject - instance of an ACL object whose definition is to be added. The parameter should be an instance of DKAccessControlListICM. Throws: DKException if error occurs on the server.
virtual void add(dkAccessControlList* aclObj); 

addACLRule
Adds an ACL rule to an existing access control list in the persistent datastore. Parameters:
  • aclCode - code of the ACL.
  • userID - user id to be added to the ACL.
  • patronType - type of user. Valid values are:
    • DK_ICM_PATRON_TYPE_PUBLIC
    • DK_ICM_PATRON_TYPE_USER
    • DK_ICM_PATRON_TYPE_GROUP
  • privSetCode - code for the privilege set to be added to the ACL

Throws: DKException if error occurs on the server.

void addACLRule(long aclCode, const char* userId, short patronType, long privSetCode);

addDomainACL
Adds one or more access control lists into a domain in the persistent store. Parameters:
  • domainName - name of the domain to which ACL will be added.
  • aclNames - array of ACL names to be added.
  • count - number of ACL names to be added.

Throws: DKException if error occurs on the server.

void addDomainACL(const char* domainName, const char** aclNames, long count);

addDomainPrivilegeSet
Adds one or more privilege sets into a domain in the persistent store. Parameters:
  • domainName - name of the domain to which the privilege set will be added.
  • privSetNames - array of privilege set names to be added.
  • count - number of privilege set names to be added.

Throws: DKException if error occurs on the server.

void addDomainPrivilegeSet(const char* domainName, const char** privSetNames,long count);

clearCache
Clears all cached data in the in-memory (cached) representation of the DKAuthorizationMgmtICM object instance. No datastore operation is instantiated as a result of this method call.
virtual void clearCache();

createAccessControlList
Creates a new ACL and returns it as an instance of DKAccessControlListICM Returns:Instance of DKAccessControlListICM.
dkAccessControlList* createAccessControlList();

createPrivilege
Creates a new privilege and returns it as an instance of DKPrivilegeICM. Returns: Instance of DKPrivilegeICM.
dkPrivilege* createPrivilege();

createPrivilegeGroup
Creates a new privilege group and returns it as an instance of DKPrivilegeGroupICM. Returns: Instance of DKPrivilegeGroupICM.
dkPrivilegeGroup* createPrivilegeGroup();

createPrivilegeSet
Creates a new privilege set and returns it as an instance of DKPrivilegeSetICM. Returns: Instance of DKPrivilegeSetICM.
dkPrivilegeSet* createPrivilegeSet();

del
Deletes a privilege group definition from the persistent datastore. Parameters: privGroupObject - instance of a privilege group object whose definition is to be deleted. The parameter should be an instance of DKPrivilegeGroupICM. Throws: DKException if error occurs on the server.
virtual void del(dkPrivilegeGroup* privGroupObj);

del
Deletes the definition of a privilege from the persistent datastore. Parameters: privObj - instance of a privilege object. The parameter should be an instance of DKPrivilegeICM. Throws: DKException if error occurs on the server
virtual void del(dkPrivilege* privObj);

del
Deletes the definition of a privilege set from the persistent datastore. Parameters: privSetObj - instance of a privilege set object whose definition is to be deleted. The parameters should be an instance of DKPrivilegeSetICM Throws: DKException if error occurs on the server.
virtual void del(dkPrivilegeSet* privSetObj);

del
Deletes the definition of an ACL from the persistent datastore. Parameters: aclObj - instance of an ACL whose definition is to be deleted. The parameter should be an instance of a DKAccessControlListICM object. Throws: DKException if error occurs on the server.
virtual void del(dkAccessControlList* aclObj);

deleteACLRule
Deletes an ACL rule which is indicated by the userid from an existing access control list in the persistent datastore. Parameters:
  • aclCode - code of the ACL from which the ACL rule is to be removed.
  • userId - userID (ACL rule) to be removed from the ACL in the datastore.

Throws: DKException if error occurs on the server.

void deleteACLRule(long aclCode,const char* userId);

getAccessControlList
Retrieves an ACL definition from memory. The returned ACL is an instance of DKAccessControlListICM. Parameters:name - name of the ACL to be retrieved. Returns: ACL definition as an instance of DKAccessControlListICM. Throws: DKException if error occurs on the server.
dkAccessControlList* getAccessControlList(const char* name);

getPrivilege
Retrieves a privilege definition from memory. The returned privilege is an instance of DKPrivilegeICM. Parameters: name - name of the privilege to be retrieved. Returns: Privilege definition as an instance of DKPrivilegeICM. Throws: DKException if error occurs on the server.
dkPrivilege* getPrivilege(const char* name);

getPrivilegeGroup
Retrieves a privilege group definition from memory. The returned privilege group is an instance of DKPrivilegeGroupICM. Parameters: name - name of the privilege group to be returned. Returns: Privilege group definition as an instance of DKPrivilegeGroupICM. Throws: DKException if error occurs on the server.
dkPrivilegeGroup* getPrivilegeGroup(const char* name);

getPrivilegeSet
Retrieves a privilege set definition from memory. The returned privilege set is an instance of DKPrivilegeSetICM. Parameters: name - name of the privilege set to be returned. Returns: Privilege set definition as an instance of DKPrivilegeSetICM. Throws: DKException if error occurs on the server
dkPrivilegeSet* getPrivilegeSet(const char* name);

isAuthorized
Retrieves an array of boolean values of whether the given privilegeName is allowable for the given userid with the given list of access control list names. Parameters:
  • aclNames - array of ACL names.
  • numOfACLs - number of ACLs in the array.
  • privilegeName - name of the privilege to be checked against.

Returns: Array of boolean values that are individually TRUE if the privilegeName is allowable and FALSE otherwise.

DKBoolean* isAuthorized (char** aclnames, long numOfACLs, char* privilegeName)

isTraceEnabled
Checks to determine if tracing is currently enabled. Parameters:
  • aclNames - array of ACL names.
  • numOfACLs - number of ACLs in the array.
  • privilegeName - name of the privilege to be checked against.

Returns:TRUE if tracing is enabled. FALSE otherwise.

DKBoolean isTraceEnabled();

listAccessControlListNames
Retrieves the list of names for all the ACLs in the specified domain from the persistent datastore. Parameters:
  • domainName - name of the domain for which ACL names is to be retrieved.
  • arraySize - size of returned ACL names array

Returns: Array of DKString variables where each instance is the name of an ACL in the specified domain. Throws: DKException if error occurs on the server.

DKString* listAccessControlListNames(const char* domainName, long& arraySize);

listAccessControlListNames
Retrieves the name of all ACLs from the persistent datastore. Parameters: arraySize - size of the retrieved ACL names array. Returns: Array of DKString variables where each instance is the name of an ACL. Throws: DKException if error occurs on the server
virtual DKString* listAccessControlListNames(long& arraySize);

listAccessControlLists
Retrieves a collection of names of all ACLs in the specified domain from the persistent datastore. Parameters:domainName - name of domain for which ACL names is to be retrieved. Returns: Collection of ACL as instances of DKAccessControlListICM in the specified domain. Throws: DKException if error occurs on the server.
dkCollection* listAccessControlLists(const char* domainName);

listAccessControlLists
Lists access control lists from persistent datastore. Returns: Collection of ACL as instances of DKAccessControlListICM. Throws: DKException if error occurs on the server.
virtual dkCollection* listAccessControlLists();

listACLData
Retrieves ACL data for the specified ACL from the persistent datastore. Parameters: name - name of the ACL for which ACL data is to be Returns: Collection of ACL data as instances of DKACLData. Throws: DKException if error occurs on the server.
dkCollection* listACLData(const char* name);

listACLData
Retrieves ACL data for the specified ACL from the persistent datastore. Parameters: id - ID of the ACL for which ACL data is to be retrieved. Returns:Collection of ACL data as instances of DKACLData. Throws: DKException if error occurs on the server.
dkCollection* listACLData(long id); 

listGeneralPrivileges
Retrieves the general privileges for the logon user as a collection of privilege codes. Returns: Collection of privilege codes for the logon user. Throws: DKException if error occurs on the server
dkCollection* listGeneralPrivileges();

listPrivilegeGroupNames
Retrieves array of privilege gropup names from the persistent datastore. Parameters: arraySize - size of returned array of privilege group names. Returns: array of privilege group names as instances of DKString variables. Throws: DKException if error occurs on the server.
virtual DKString* listPrivilegeGroupNames(long& arraySize);

listPrivilegeGroups
Retrieves collection of privilege groups from the persistent datastore. Returns: Collection of privilege groups as DKPrivilegeGroupICM instances. Throws: DKException if error occurs on the server.
virtual dkCollection* listPrivilegeGroups();

listPrivilegeNames
Retrieves array of privilege names from the persistent datastore. Parameters: arraySize - size of returned array of privilege names. Returns: array of privilege names as instances of DKString variables. Throws: DKException if error occurs on the server.
virtual DKString* listPrivilegeNames(long& arraySize);

listPrivileges
Retrieves a collection of privileges from the persistent datastore. Returns: Collection of privileges as instances of DKPrivilegeICM. Throws: DKException if error occurs on the server.
virtual dkCollection* listPrivileges();

listPrivilegeSetNames
Retrieves an array of privilege set names from the persistent datastore. Parameters: arraySize - size of the returned privilege set names array. Returns: array of privilege set names as instances of DKString variables. Throws: DKException if error occurs on the server.
virtual DKString* listPrivilegeSetNames(long& arraySize);

listPrivilegeSets
Retrieves a collection of privilege sets from the persistent datastore. Returns: Collection of privilege sets as instances of DKPrivilegeSetICM. Throws: DKException if error occurs on the server.
virtual dkCollection* listPrivilegeSets();

listPrivInGroup
Retrieves a list of all the privileges in a privilege group from the persistent datastore. Parameters: name - name of the privilege group whose privileges are to be retrieved. Returns: Collection of privileges in specified privilege group as instances of DKPrivilegeICM. Throws: DKException if error occurs on the server.
dkCollection* listPrivInGroup(const char* name);

listPrivInGroup
Retrieves a list of privileges for the specified privilege group from the persistent datastore. Parameters: id - ID of the privilege group whose privileges are to be retrieved. Returns: Collection of privileges in the specified privilege group as instances of DKPrivilegeICM. Throws: DKException if error occurs on the server.
dkCollection* listPrivInGroup(long id);

listPrivInSet
Retrieves a list of privileges for the specified privilege set from the persistent datastore Parameters: name - name of the privilege set whose privileges are to be retrieved. Returns: Collection of privileges in the specified privilege set as instances of DKPrivilegeICM. Throws: DKException if error occurs on the server.
dkCollection* listPrivInSet(const char* name);

listPrivInSet
Retrieves a list of privileges for the specified privilege set from the persistent datastore. Parameters: id - ID of the privilege set whose privileges are to be returned. Returns: Collection of privileges in the specified privilege set as instances of DKPrivilegeICM. Throws: DKException if error occurs on the server.
dkCollection* listPrivInSet(long id);

removeDomainACL
Remove one or more access control lists from the specified domain in the persistent datastore. Parameters:
  • domainName - name of the domain whose ACLs are to be removed.
  • aclNames - array of names of ACLs to be removed from the specified domain
  • count - number of items in the aclNames array.

Throws: DKException if error occurs on the server.

void removeDomainACL(const char* domainName, const char** aclNames,long count);

removeDomainPrivilegeSet
Removes one or more privilege sets from the specified domain in the persistent datastore. Parameters:
  • domainName - name of the domain whose privilege sets are to be removed.
  • privSetNames - array of names of privilege sets to be removed from the specified domain
  • count - number of items in the privSetNames array.

Throws: DKException if error occurs on the server

void removeDomainPrivilegeSet(const char* domainName, const char** privSetNames,long count);

retrieveAccessControlList
Retrieves the specified access control list from the persistent datastore. Parameters: name - name of the ACL to be retrieved. Returns: ACL as instance of DKAccessControlListICM. Throws:DKException if error occurs on the server.
virtual dkAccessControlList* retrieveAccessControlList(const char* name);

retrieveAccessControlList
Retrieves the specified access control list from the persistent datastore. Parameters: id - ID of the ACL to be retrieved. Returns: ACL as instance of DKAccessControlListICM. Throws:DKException if error occurs on the server.
dkAccessControlList* retrieveAccessControlList(long id);

retrievePrivilege
Retrieves the specified privilege from the persistent datastore. Parameters:name - name of the privilege to be retrieved Returns:Privilege as instance of DKPrivilegeICM. Throws: DKException if error occurs on the server.
virtual dkPrivilege* retrievePrivilege(const char* name);

retrievePrivilege
Retrieves the specified privilege from the persistent datastore. Parameters: id - ID of the privilege to be retrieved. Returns:Privilege as instance of DKPrivilegeICM. Throws: DKException if error occurs on the server.
dkPrivilege* retrievePrivilege(long id);

retrievePrivilegeGroup
Retrieves the specified privilege group from the persistent datastore. Parameters: name - name of the privilege group to be retrieved. Returns: Privilege group as instance of DKPrivilegeGroupICM. Throws: DKException if error occurs on the server.
virtual dkPrivilegeGroup* retrievePrivilegeGroup(const char* name);

retrievePrivilegeGroup
Retrieves the specified privilege group from the persistent datastore Parameters: id - ID of the privilege group to be retrieved. Returns: Privilege group as instance of DKPrivilegeGroupICM. Throws: DKException if error occurs on the server.
dkPrivilegeGroup* retrievePrivilegeGroup(long id);

retrievePrivilegeSet
Retrieves the specified privilege set from the persistent datastore. Parameters: name - name of the privilege set to be retrieved. Returns:Privilege set as instance of DKPrivilegeSetICM. Throws:DKException if error occurs on the server.
virtual dkPrivilegeSet* retrievePrivilegeSet(const char* name);

retrievePrivilegeSet
Retrieves a privilege set from the persistent store. Parameters:id - Id of the privilege set to be retrieved. Returns:Privilege set as instance of DKPrivilegeSetICM. Throws:DKException if error occurs on the server.
dkPrivilegeSet* retrievePrivilegeSet(long id);

retrieveUserGroupPrivilegeSet
Retrieves the privilege set object from the persistent datastore based on the specified user group. Parameters: userGroupId - user group id to retrieve the privilege set for. Returns: Privilege set as instance of DKPrivilegeSetICM. Throws:DKException if error occurs on the server.
dkPrivilegeSet* retrieveUserGroupPrivilegeSet(const char* userGroupId);

retrieveUserPrivilegeSet
Retrieves the privilege set object from persistent datastore based on the specified user. Parameters: userId - user Id to retrieve the privilege set for. Returns: Privilege set as instance of DKPrivilegeSetICM. Throws: DKException if error occurs on the server.
dkPrivilegeSet* retrieveUserPrivilegeSet(const char* userId);

setTraceEnabled
Determines whether tracing is to be enabled for debugging purposes. Parameters: isEnabled - flag that enables/disables tracing based on whether its value is TRUE or FALSE. Throws: DKException if error occurs on the server.
void setTraceEnabled(DKBoolean isEnabled);

update
Updates the definition of the privilege group in the persistent datastore. Parameters: privGroupObj - instance of a privilege group whose definition is to be updated. The parameter should be an instance of DKPrivilegeGroupICM. Throws:DKException if error occurs on the server.
virtual void update(dkPrivilegeGroup* privGroupObj);

update
Updates the definition of the privilege in the persistent datastore. Parameters: privObj - instance of the privilege group whose definition is to be updated. The parameter should be an instance of DKPrivilegeICM. Throws: DKException if error occurs on the server.
virtual void update(dkPrivilege* privObj);

update
Updates the definition of the privilege set in the persistent datastore. Parameters: privSetObj - instance of the privilege set whose definition is to be updated. The parameter should be an instance of DKPrivilegeSetICM. Throws: DKException if error occurs on the server.
virtual void update(dkPrivilegeSet* privSetObj);

update
Updates the definition of the ACL in the persistent datastore. Parameters: aclObj - instance of an ACL whose definition is to be updated. The parameter should be an instance of DKAccessControlListICM. Throws: DKException if error occurs on the server.
virtual void update(dkAccessControlList* aclObj);

updateACLRule
Updates patron type and privilege set associated with a userid in an existing access control list in the persistent datastore. Parameters:
  • aclCode -the acl code of the access control list
  • userId - the user id of which the associated user kind and privilege set are to be updated.
  • patronType - the type of the user to be updated. The valid types are as follows:
    • DK_CM_PATRON_TYPE_USER
    • DK_CM_PATRON_TYPE_GROUP
    • DK_CM_PATRON_TYPE_PUBLIC
  • privSetCode -the privilege set code to be updated in the access control list.

Throws: DKException if error occurs on the server.

void updateACLRule(long aclCode,const char* userId, short patronType, long privSetCode);

(c) Copyright International Business Machines Corporation 1996, 2003. IBM Corp. All rights reserved.