Purpose:
The Content Manager version 8 access control model is applied at the level of the controlled entity. A controlled entity is a unit of protected user data. In different Content Manager installations, the controlled entity can be an individual item, item-type, or the entire library. Operations on the controlled entities are regulated by one or more control rules. The access control list (ACL) is the container for these control rules. The DKAccessControlListICM class represents a Content Manager Version 8 ACL.
Every controlled entity in a Content Manager system must be bound to an ACL. Default settings can be configured by the system administrator, if appropriate. An ACL is associated with an item type to enforce access control at the item type level. Similarly, an item level access control is established by binding an ACL to the desired item when the item is created. When a user initiates an operation on the item, the system will check the user's privilege and the ACL associated with this item to determine if this user has the right to perform such an operation on this item. The right to access an item also requires the right to access the item type.
An ACL is created by calling one of its multiple constructors. If the datastore with which this ACL shall be associated is known at the time of object creation, then one of the constructors that take a datastore parameter is used. Otherwise, the default constructor is used and the setDatastore method is called on the created ACL instance once the datastore instance has also been created.
See Also: DKPrivilegeSetICM
Since: Version 8
Class summary:
class DKEXPORT DKAccessControlListICM: public dkAccessControlList { public: DKAccessControlListICM(); DKAccessControlListICM(dkDatastore * ds); DKAccessControlListICM(dkDatastore * ds,const char* name); virtual ~DKAccessControlListICM(); virtual dkCollection* listACLData(); virtual DKString* listUsrGrps(long& arraySize); virtual DKString* listUsers(long& arraySize); virtual DKString* listGroups(long& arraySize); virtual void addACLData(DKACLData* aclData); virtual void removeACLData(DKACLData* aclData); virtual void clearCache(); void setID(long id); long getID(); DKBoolean isRetrieved(); void setRetrieved(DKBoolean isRetrieved); void setAdminDomain(DKAdminDomainDefICM* domain); DKAdminDomainDefICM* getAdminDomain(); };
Members:
DKAccessControlListICM();
Default constructor. Constructs and initializes an access control list class that is not currently associated with any datastore instance. The name of the access control list is initialized to an empty string. The Id of the ACL list is initialized to -1.
DKAccessControlListICM(dkDatastore * ds);
Constructor that takes a datastore instance as a parameter. The returned ACL instance is associated with the datastore instance. Equivalent to calling the default constructor followed by the setDatastore method on the created object. Parameters: ds - datastore reference. Should be an instance of DKDatastoreICM.
DKAccessControlListICM(dkDatastore * ds,const char* name);
Constructor that takes a datastore instance and a name as a parameter. The returned ACL instance is associated with the datastore instance and has a name. Equivalent to calling the default constructor, followed by the setDatastore and setName methods on the created object. Parameters:
virtual ~DKAccessControlListICM();
Destructor for the object.
If caching is turned on and the cache has not been populated yet, the method retrieves the data from the persistent store, caches it and returns a copy of the cached DKACLData objects to the caller.
If the DKACLData objects are already cached (i.e., caching is turned on) a collection of DKACLData objects are cloned and returned from the cache. Returns: a collection of DKACLData objects. Throws: DKException - if error occurs.
virtual dkCollection* listACLData();
virtual DKString* listUsrGrps(long& arraySize);
virtual DKString* listUsers(long& arraySize);
virtual DKString* listGroups(long& arraySize);
virtual void addACLData(DKACLData* aclData);
virtual void removeACLData(DKACLData* aclData);
virtual void clearCache();
void setID(long id);
long getID();
void setRetrieved(DKBoolean isRetrieved);
DKBoolean isRetrieved();
void setACLData(void* dataLst);
void* getACLData();
(c) Copyright International Business Machines Corporation 1996, 2003. IBM Corp. All rights reserved.