Index

DKAccessControlListICM

Purpose:

The Content Manager version 8 access control model is applied at the level of the controlled entity. A controlled entity is a unit of protected user data. In different Content Manager installations, the controlled entity can be an individual item, item-type, or the entire library. Operations on the controlled entities are regulated by one or more control rules. The access control list (ACL) is the container for these control rules. The DKAccessControlListICM class represents a Content Manager Version 8 ACL.

Every controlled entity in a Content Manager system must be bound to an ACL. Default settings can be configured by the system administrator, if appropriate. An ACL is associated with an item type to enforce access control at the item type level. Similarly, an item level access control is established by binding an ACL to the desired item when the item is created. When a user initiates an operation on the item, the system will check the user's privilege and the ACL associated with this item to determine if this user has the right to perform such an operation on this item. The right to access an item also requires the right to access the item type.

An ACL is created by calling one of its multiple constructors. If the datastore with which this ACL shall be associated is known at the time of object creation, then one of the constructors that take a datastore parameter is used. Otherwise, the default constructor is used and the setDatastore method is called on the created ACL instance once the datastore instance has also been created.

See Also: DKPrivilegeSetICM

Since: Version 8

Class summary:

class DKEXPORT DKAccessControlListICM: public dkAccessControlList
{
 public:
     DKAccessControlListICM();
     DKAccessControlListICM(dkDatastore * ds);
     DKAccessControlListICM(dkDatastore * ds,const char* name);
     virtual ~DKAccessControlListICM();
     virtual dkCollection* listACLData();
     virtual DKString* listUsrGrps(long& arraySize);
     virtual DKString* listUsers(long& arraySize);
     virtual DKString* listGroups(long& arraySize);
     virtual void addACLData(DKACLData* aclData);
     virtual void removeACLData(DKACLData* aclData);
     virtual void clearCache(); 
     void setID(long id);
     long getID();
     DKBoolean isRetrieved();
     void setRetrieved(DKBoolean isRetrieved);
     void setAdminDomain(DKAdminDomainDefICM* domain);
     DKAdminDomainDefICM* getAdminDomain();
 };

Members:

Constructors and destructor
DKAccessControlListICM();

Default constructor. Constructs and initializes an access control list class that is not currently associated with any datastore instance. The name of the access control list is initialized to an empty string. The Id of the ACL list is initialized to -1.

DKAccessControlListICM(dkDatastore * ds);

Constructor that takes a datastore instance as a parameter. The returned ACL instance is associated with the datastore instance. Equivalent to calling the default constructor followed by the setDatastore method on the created object. Parameters: ds - datastore reference. Should be an instance of DKDatastoreICM.

DKAccessControlListICM(dkDatastore * ds,const char* name);

Constructor that takes a datastore instance and a name as a parameter. The returned ACL instance is associated with the datastore instance and has a name. Equivalent to calling the default constructor, followed by the setDatastore and setName methods on the created object. Parameters:

  • ds - datastore reference. Should be an instance of DKDatastoreICM.
  • name - name for the created access control list.

virtual ~DKAccessControlListICM();

Destructor for the object.

Member functions

listACLData
Retrieves the access control data associated with this object from the persistent store. If caching is turned off a collection of DKACLData objects will be returned to the caller.

If caching is turned on and the cache has not been populated yet, the method retrieves the data from the persistent store, caches it and returns a copy of the cached DKACLData objects to the caller.

If the DKACLData objects are already cached (i.e., caching is turned on) a collection of DKACLData objects are cloned and returned from the cache. Returns: a collection of DKACLData objects. Throws: DKException - if error occurs.

virtual dkCollection* listACLData();   

listUsrGrps
Retrieves the list of user groups associated with this ACL from the in-memory (cached) representation of this object instance. A Call to this method does not invoke the datastore. Parameters: arraySize - size of the user group names array returned. Returns: user group names as an array of DKString objects. Throws: DKException - if error occurs.

virtual DKString* listUsrGrps(long& arraySize);

listUsers
Retrieves the list of users associated with this ACL from the in-memory (cached) representation of this object instance. No datastore call is initiated as a result of calling this method. Parameters: arraySize - size of the retrieved user names array. Returns: an array of user identifier as DKString variables. Throws: DKException - if error occurs.
virtual DKString* listUsers(long& arraySize);

listGroups
Retrieves the list of user groups associated with this ACL from the in-memory (cached) representation of this object instance. No datastore call is initiated as a result of calling this method. Parameters: arraySize - size of the retrieved group names array. Returns: an array of group names as DKString variables. Throws: DKException - if error occurs.
virtual DKString* listGroups(long& arraySize);

addACLData
Adds the specified access control rule to the in-memory (cached) representation of this ACL object instance. Parameters: aclData - an access control rule as an instance of DKACLData Throws:
  • DKAlreadyExistException - if the user/user group specified in this ACL rule already exists in the other ACL rules already associated with this object.
  • DKException - if error occurs.

virtual void addACLData(DKACLData* aclData);

removeACLData
Removes the specified access control rule from the in-memory (cached) representation of this ACL object instance. Parameters: aclData - the access control rule as an instance of DKACLData to be removed. Throws:
  • DKNotExistException - if the user/user group specified in this ACL rule does not exist in any of the other ACL rules already associated with this object.
  • DKException - if error occurs.

virtual void removeACLData(DKACLData* aclData);

clearCache
Removes all the access control rules from the in-memory (cached) representation of this ACL object instance.
virtual void clearCache();

setID
Sets the identifier for this access control list. Parameters: id - new identifier value for this ACL object.
void setID(long id);

getID
Retrieves the identifier for this ACL. Returns: identifier for this ACL object.
long getID();

setRetrieved
Sets the value that determines whether the ACL was retrieved from the persistent store or not. Parameters: isRetrieved - if true, indicates that this ACL has already been retrieved; if false, indicates that the privilege group has not yet been retrieved.
void setRetrieved(DKBoolean isRetrieved);

isRetrieved
Checks to see if the ACL retrieved from the persistent store. Returns: true if the ACL already retrieved, false otherwise.
DKBoolean isRetrieved();

setAdminDomain
Sets the administration domains that this ACL object instance is associated with. The input parameter is a collection of DKAdminDomainDefICM object instances with which this ACL will henceforth be associated. Parameters: collDomain - a collection of DKAdminDomainDefICM objects that this ACL object will be associated with.
void setACLData(void* dataLst);

getAdminDomains
Retrieves the collection of domains with which this ACL instance is associated. The returned list contains one or more DKAdminDomainDefICM object instances with which this ACL is associated. Parameters: collDomain - a collection of DKAdminDomainDefICM objects that this ACL object will be associated with. Returns: the collection of DKAdminDomainDefICM objects that this ACL object is associated with.
void* getACLData(); 

(c) Copyright International Business Machines Corporation 1996, 2003. IBM Corp. All rights reserved.