Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
SAP NetWeaver '04
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

com.sap.netweaver.bc.rf.mi.security.acl
Interface IAclSecurityManager

[contained in: com.sap.netweaver.bc.rf.par - bc.rf.mi_api.jar]
All Superinterfaces:
ISecurityManager
public interface IAclSecurityManager
extends ISecurityManager

Interface describing an access control list security sub manager, short ACL security sub manager. Each resource may have an ACL with many ACL entries. An entry describes for one principal (may be a user, group or whatever is considered an entity) a permission this principal has on the given resource. The ACL itself is just an envelope for many ACL entries.

An ACL entry may define a permission this principal has on the given resource, but it may also define a permission a principal is denied to have (so called negative ACL entry).

ACLs are propagated down from above the resource hierarchy on the fly, i.e. they are not really set on the descendants but derived when accessed. All descendants not having an own ACL inherit one from their next legator having one. Legators are ancestors responsible for the security permissions of their descendants.

ACLs and ACL entries are factored by this security sub manager and thereby assigned to a resource handle (exactly one ACL per resource handle and null to more ACL entries per ACL).

Each resource handle has to be of a certain object type known by the ACL security sub manager and each object type has special supported permissions. Only supported permissions for a given resource handle can be set, others not. This helps identifying, e.g. in GUI, which permissions are allowed to be set and worked on.

Method Summary
 void addSupportedPermission(IObjectType objectType, IAclPermission permission)
          Register permission as supported permission for an object type.
 void assignAcl(IResourceHandle resourceHandle, IAcl acl)
          Assign an existent ACL, i.e. copy and assign it to a resource handle when the resource handle has no ACL and the current user in the resource context is an owner of the source ACL.
 IAcl createAcl(IResourceHandle resourceHandle)
          Create a new ACL for a resource handle when the resource handle has no ACL and the current user in the resource context is an owner of the inherited ACL.
 IAclEntry createAclEntry(com.sap.netweaver.bc.rf.mi.security.acl.IPrincipal principal, IAclPermission permission, boolean negative, boolean readonly, int sortIndex)
          Create a new ACL entry to grant or deny a permission to a principal.
 IAclPermission createPermission(java.lang.String name)
          Register permission with the given name generally for this ACL security sub manager.
 IAcl getAcl(IResourceHandle resourceHandle)
          Get ACL of a given resource handle.
 IAcl getInheritedAcl(IResourceHandle resourceHandle)
          Get ACL of a given resource handle or an inherited ACL if none is defined directly for the given resource handle.
 IObjectType getObjectType(IResourceHandle resourceHandle)
          Get object type this ACL security sub manager interprets the given resource handle.
 IAclPermission getPermission(java.lang.String name)
          Identify and get permission with the given name generally known to this ACL security sub manager.
 java.util.List getSupportedObjectTypes()
          Get list of object types supported by this ACL security sub manager.
 java.util.List getSupportedPermissions(IResourceHandle resourceHandle)
          Get list of permissions which are supported by this ACL security sub manager for the given resource handle, i.e. outcome depends on the object type of the given resource handle, e.g. depends whether the resource is a collection or not.
 boolean isPermissionUsedInAcl(IAclPermission permission)
          Check whether or not a permission is used in an ACL.
 boolean isReadOnly()
          Check whether or not this ACL security sub manager is read only and no creation or modification operations of ACLs are allowed.
 void removeAcl(IAcl acl)
          Remove the given ACL from its resource.
 void removeAcl(IResourceHandle resourceHandle)
          Remove the ACL from the given resource.
 void removePermission(IAclPermission permission)
          Unregister permission with the given name generally from this ACL security sub manager.
 void removeSupportedPermission(IObjectType objectType, IAclPermission permission)
          Unregister permission as no longer supported permission from an object type.
 boolean supportsNegativeAclEntries()
          Check whether or not negative ACL entries are supported by this ACL security sub manager.
 
Methods inherited from interface com.sap.netweaver.bc.rf.mi.security.ISecurityManager
isAllowed, isAllowed, isAllowed, isAllowed
 

Method Detail

getAcl

public IAcl getAcl(IResourceHandle resourceHandle)
            throws AclPersistenceException,
                   ResourceException
Get ACL of a given resource handle. Inherited ACLs are not returned. Please call getInheritedAcl() for that purpose.
Parameters:
resourceHandle - resource handle
Returns:
ACL of a given resource handle
Throws:
AclPersistenceException - when a problem with the storage where the ACLs are persisted occurred
ResourceException - when the resource handle was invalid

getInheritedAcl

public IAcl getInheritedAcl(IResourceHandle resourceHandle)
                     throws AclPersistenceException,
                            ResourceException
Get ACL of a given resource handle or an inherited ACL if none is defined directly for the given resource handle. A call to this method may involve calling all legators until an ACL is found.
Parameters:
resourceHandle - resource handle
Returns:
the inherited ACL
Throws:
AclPersistenceException - when a problem with the storage where the ACLs are persisted occurred
ResourceException - when the resource handle was invalid

createAclEntry

public IAclEntry createAclEntry(com.sap.netweaver.bc.rf.mi.security.acl.IPrincipal principal,
                                IAclPermission permission,
                                boolean negative,
                                boolean readonly,
                                int sortIndex)
                         throws AclPersistenceException,
                                java.lang.UnsupportedOperationException
Create a new ACL entry to grant or deny a permission to a principal. The ACL entry must be assigned to an ACL in order to be activated.
Parameters:
principal - principal
permission - permission
negative - true if the entry denies a permission, false if it grants one
readonly - true if the entry is read only, false otherwise
sortIndex - position of the ACL entry in the ACL (important only with denials)
Returns:
ACL entry
Throws:
AclPersistenceException - when a problem with the storage where the ACLs are persisted occurred
java.lang.UnsupportedOperationException - when a negative ACL entry is requested but not supported

createAcl

public IAcl createAcl(IResourceHandle resourceHandle)
               throws AclPersistenceException,
                      AclNotAuthorizedException,
                      AclExistsException,
                      ResourceException
Create a new ACL for a resource handle when the resource handle has no ACL and the current user in the resource context is an owner of the inherited ACL. This user will become the initial owner of the newly created ACL. All ACL entries from the inherited ACL will be copied when applicable to the object type of the given resource handle; all others will be ignored.
Parameters:
resourceHandle - resource handle
Returns:
ACL
Throws:
AclPersistenceException - when a problem with the storage where the ACLs are persisted occurred
AclExistsException - when an ACL already exists for the resource handle
ResourceException - when the resource handle was invalid
AclNotAuthorizedException - Exception raised in failure situation

assignAcl

public void assignAcl(IResourceHandle resourceHandle,
                      IAcl acl)
               throws AclPersistenceException,
                      AclNotAuthorizedException,
                      AclExistsException,
                      ResourceException
Assign an existent ACL, i.e. copy and assign it to a resource handle when the resource handle has no ACL and the current user in the resource context is an owner of the source ACL. All users of the source ACL will become the initial owners of the newly copied and assigned ACL. All ACL entries from the source ACL will be copied when applicable to the object type and ACL security sub manager implementation of the given resource handle; all others will be ignored.
Parameters:
resourceHandle - resource handle
acl - ACL
Throws:
AclPersistenceException - when a problem with the storage where the ACLs are persisted occurred
AclExistsException - when an ACL already exists for the resource handle
ResourceException - when the resource handle was invalid
AclNotAuthorizedException - Exception raised in failure situation

removeAcl

public void removeAcl(IResourceHandle resourceHandle)
               throws AclPersistenceException,
                      AclNotAuthorizedException,
                      ResourceException
Remove the ACL from the given resource.
Parameters:
resourceHandle - resource handle
Throws:
AclPersistenceException - when a problem with the storage where the ACLs are persisted occurred
ResourceException - when the resource handle was invalid
AclNotAuthorizedException - Exception raised in failure situation

removeAcl

public void removeAcl(IAcl acl)
               throws AclPersistenceException,
                      AclNotAuthorizedException,
                      ResourceException
Remove the given ACL from its resource.
Parameters:
acl - ACL
Throws:
AclPersistenceException - when a problem with the storage where the ACLs are persisted occurred
ResourceException - when the resource handle assigned to the ACL was invalid
AclNotAuthorizedException - Exception raised in failure situation

getPermission

public IAclPermission getPermission(java.lang.String name)
                             throws AclPersistenceException
Identify and get permission with the given name generally known to this ACL security sub manager.
Parameters:
name - permission name
Returns:
permission with the given name
Throws:
AclPersistenceException - when a problem with the storage where the ACLs are persisted occurred

createPermission

public IAclPermission createPermission(java.lang.String name)
                                throws AclPersistenceException,
                                       AclPermissionExistsException
Register permission with the given name generally for this ACL security sub manager.
Parameters:
name - permission name
Returns:
newly created permission with the given name
Throws:
AclPersistenceException - when a problem with the storage where the ACLs are persisted occurred
AclPermissionExistsException - Exception raised in failure situation

removePermission

public void removePermission(IAclPermission permission)
                      throws AclPersistenceException,
                             AclPredefinedPermissionException,
                             AclPermissionUsedException
Unregister permission with the given name generally from this ACL security sub manager. It can only be unregistered if it is not predefined and not used in an ACL.
Parameters:
permission - the permission
Throws:
AclPersistenceException - when a problem with the storage where the ACLs are persisted occurred
AclPredefinedPermissionException - Exception raised in failure situation
AclPermissionUsedException - Exception raised in failure situation

getSupportedObjectTypes

public java.util.List getSupportedObjectTypes()
                                       throws AclPersistenceException
Get list of object types supported by this ACL security sub manager.
Returns:
list of the IObjectTypes
Throws:
AclPersistenceException - when a problem with the storage where the ACLs are persisted occurred

getObjectType

public IObjectType getObjectType(IResourceHandle resourceHandle)
                          throws AclPersistenceException,
                                 ResourceException
Get object type this ACL security sub manager interprets the given resource handle.
Parameters:
resourceHandle - resource handle
Returns:
IObjectType
Throws:
AclPersistenceException - when a problem with the storage where the ACLs are persisted occurred
ResourceException - when the resource handle was invalid

getSupportedPermissions

public java.util.List getSupportedPermissions(IResourceHandle resourceHandle)
                                       throws ResourceException
Get list of permissions which are supported by this ACL security sub manager for the given resource handle, i.e. outcome depends on the object type of the given resource handle, e.g. depends whether the resource is a collection or not.
Specified by:
getSupportedPermissions in interface ISecurityManager
Parameters:
resourceHandle - resource handle
Returns:
list of supported permissions of type IAclPermission
Throws:
ResourceException - when the resource handle was invalid

addSupportedPermission

public void addSupportedPermission(IObjectType objectType,
                                   IAclPermission permission)
                            throws AclPersistenceException,
                                   AclPredefinedPermissionException
Register permission as supported permission for an object type.
Parameters:
objectType - object type
permission - permission
Throws:
AclPersistenceException - when a problem with the storage where the ACLs are persisted occurred
AclPredefinedPermissionException - Exception raised in failure situation

removeSupportedPermission

public void removeSupportedPermission(IObjectType objectType,
                                      IAclPermission permission)
                               throws AclPersistenceException,
                                      AclPredefinedPermissionException,
                                      AclPermissionUsedException
Unregister permission as no longer supported permission from an object type. It can only be unregistered if it is not predefined and not used in an ACL.
Parameters:
objectType - object type
permission - permission
Throws:
AclPersistenceException - when a problem with the storage where the ACLs are persisted occurred
AclPredefinedPermissionException - Exception raised in failure situation
AclPermissionUsedException - Exception raised in failure situation

isPermissionUsedInAcl

public boolean isPermissionUsedInAcl(IAclPermission permission)
                              throws AclPersistenceException
Check whether or not a permission is used in an ACL.
Parameters:
permission - permission
Returns:
true if the permission is used in an ACL
Throws:
AclPersistenceException - when a problem with the storage where the ACLs are persisted occurred

supportsNegativeAclEntries

public boolean supportsNegativeAclEntries()
Check whether or not negative ACL entries are supported by this ACL security sub manager.
Returns:
true if negative ACL entries are supported by this ACL security sub manager

isReadOnly

public boolean isReadOnly()
                   throws AclPersistenceException
Check whether or not this ACL security sub manager is read only and no creation or modification operations of ACLs are allowed.
Returns:
true if this ACL security sub manager is read only
Throws:
AclPersistenceException - when a problem with the storage where the ACLs are persisted occurred
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
SAP NetWeaver '04
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
Copyright © 2004 by SAP AG. All Rights Reserved.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.

These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.