Index
Purpose:
A Content Manager privilege set is a named group of privileges. The
purpose of using privilege sets is to ease system administration.
Content Manager privileges must be grouped into privilege sets before they can
be granted to users or used to define ACLs. Privilege sets granted to
users are called user privileges. They define the individual
users' individual bounds on using the system. When applied to ACL
specifications, the privilege set specifies the limits of the operations
allowed on the bound controlled entity. Only individual users can be
associated with privilege sets. User groups cannot hold privilege sets
for their members.
The DKPrivilegeSetICM class is used to represent Content Manager privilege
sets.
See Also: DKPrivilegetICM, DKPrivilegeGroupICM,
DKAccessControlListICM.
Since: Version 8
Class summary:
class DKEXPORT DKPrivilegeSetICM : public dkPrivilegeSet
{
public:
DKPrivilegeSetICM();
DKPrivilegeSetICM(dkDatastore* ds);
virtual ~DKPrivilegeSetICM();
virtual void addPrivilege(dkPrivilege* privObj);
virtual void addPrivilegeGroup(dkPrivilegeGroup* privGroupObj);
virtual void clearCache ();
long getID();
DKAdminDomainDefICM* getAdminDomain();
DKBoolean isRetrieved();
virtual DKString* listPrivilegeNames(long& arraySize);
virtual dkCollection* listPrivileges();
virtual void removePrivilege(const char* privName);
void removePrivilege(long privId);
void setID(long id);
void setAdminDomain(DKAdminDomainDefICM* domain);
void setRetrieved(DKBoolean isRetrieved);
};
Members:
-
-
- Constructors and destructor
-
DKPrivilegeSetICM();
Default constructor. Constructs and initializes a privilege set
object that is currently not associated with any datastore instance.
DKPrivilegeSetICM(dkDatastore* ds);
Constructor that takes a datastore instance as a parameter. The
returned privilege set instance is associated with the datastore
instance. Equivalent to calling the default constructor followed by the
setDatastore method on the created privilege set instance.
Parameters: ds - datastore reference. Should be an
instance of DKDatastoreICM.
virtual ~DKPrivilegeSetICM();
Destructor for this object.
- Member functions
-
- addPrivilege
- Adds a new privilege to the in-memory (cached) representation of the
privilege set instance. No datastore call is initiated as a result of
calling this method. Parameters: privObj - a valid
DKPriviligeICM instance. Throws:
- DKAlreadyExitsException - if the privObj already exists in this
DKPrivilegeSetICM object.
- DKException - when error occurs .
virtual void addPrivilege(dkPrivilege* privObj);
- addPrivilegeGroup
- Adds a privilege group to the in-memory (cached) representation of the
privilege set instance. No datastore call is initiated as a result of
calling this method. Parameters: privGroupObj -valid
privilege group object as an instance of DKPriviligeGroupICM.
Throws:
- DKAlreadyExitsException - if the privObj already exists in this
DKPrivilegeSetICM object.
- DKException - when error occurs .
virtual void addPrivilegeGroup(dkPrivilegeGroup* privGroupObj);
- clearCache
- Clears the privilege set cache by removing all contained privileges from
the in-memory (cached) representation of this privilege set. No
datastore call is initiated as a result of calling this method.
virtual void clearCache ();
- getID
- Returns the identifier associated with this privilege set instance.
Parameters: id -the new identifier to be associated with this
privilege set instance. Returns: identifier for this
privilege set instance.
long getID();
- getAdminDomains
- Retrieves the collection of domains with which this privilege set instance
is associated. Returns: returned list contains one or
more DKAdminDomainDefICM object instances with which this privilege set is
associated. See Also:DKAdminDomainDefICM.
DKAdminDomainDefICM* getAdminDomain();
- isRetrieved
- Checks to see if the privileges comprising this privilege set have been
retrieved from the persistent store. Returns: true if
the privileges have already retrieved, false otherwise.
DKBoolean isRetrieved();
- listPrivilegeNames
- Retrieves the name of all the privileges associated with this privilege
set from the persistent store. if caching is turned off or if caching
is on but the privilege names have not yet been retrieved into the in-memory
cache. If caching is turned on and the privilege names have already
been retrieved into the in-memory cache, then return the privilege names from
the in-memory cache. Parameters: arraySize - array
size of names of the privileges associated with this privilege set.
Returns: an array of names for all the privileges associated
with this privilege set. Throws: DKException - when
error occurs in the server.
virtual DKString* listPrivilegeNames(long& arraySize);
- listPrivileges
- Retrieves the list of privileges associated with this privilege set from
the persistent store. if caching is turned off or if caching is on but
the privileges have not yet been retrieved into the in-memory cache. If
caching is turned on and the privileges have already been retrieved into the
in-memory cache, then return the privileges from the in-memory cache.
Returns: Each item in the returned collection is an instance
of type DKPrivilegeICM. Throws: DKException - when
error occurs in the server.
virtual dkCollection* listPrivileges();
- removePrivilege
- Removes the privilege object corresponding to the privilege name specified
in the input parameter, from the in-memory representation of this privilege
set instance. No datastore call is initiated as a result of calling
this method. Parameters: privName - name of the
privilege to be removed. Returns: Each item in the
returned collection is an instance of type DKPrivilegeICM.
Throws:
- DKNotExistException - if the privilege name does not exist in this
privilege set.
- DKException - when error occurs in the server.
virtual void removePrivilege(const char* privName);
- removePrivilege
- Removes the privilege object instance corresponding to the privilege
identifier specified in the input parameter, from the in-memory representation
of this privilege set instance. No datastore call is initiated as a
result of calling this method. Parameters: priv_id -
identifier of the privilege to be removed.
Returns:Each item in the returned collection is an instance
of type DKPrivilegeICM. Throws:
- DKNotExistException - if the privilege does not exist in this privilege
set.
- DKException - when error occurs in the server.
virtual void removePrivilege(const char* privName);
- setID
- Sets the privilege group identifier. Parameters:
id -the new identifier to be associated with this privilege set
instance.
void setID(long id);
- setAdminDomains
- Sets the admininstration domains that this privilege set object is
associated with. Parameters: collDomain - collection
of DKAdminDomainDefICM object instances with which this privilege set will
henceforth be associated. See Also:DKAdminDomainDefICM
void setAdminDomain(DKAdminDomainDefICM* domain)
- setRetrieved
- Sets a value that determines whether the privileges comprising this
privilege set was retrieved from the persistent store or not.
Parameters: isRetrieved - if true, the privileges comprising
this privilege set are considered to have been retrieved from the persistent
store; if false, the privileges comprising this privilege set are
considered to not have been retrieved.
void setRetrieved(DKBoolean isRetrieved);
(c) Copyright International Business Machines Corporation 1996, 2003. IBM Corp. All rights reserved.