Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

com.sap.security.api.acl
Interface IAcl

public interface IAcl

ACL Context Interface

Definition of an Access Control List object

This interface defines an Access Control List object (ACL object). It can contain zero or more ACE's which specify the principals and the permissions.

Version:
1.0

Method Summary
 boolean addOwner(IPrincipal caller, IPrincipal principal)
          This method adds a new ACL owner to current ACL object.
 boolean changeObjectID(IPrincipal caller, java.lang.String objectID)
          This method changes the object ID for the current ACL.
 void commit()
          Commits any changes made to this ACL (i.e.
 IAclEntry createAclEntry(IPrincipal caller, IPrincipal principal, java.lang.String permission, boolean isInherited)
          This method creates a new ACE object to current ACL.
 java.util.List getAclEntries()
          This method returns a List of ACE objects which are assigned to the current ACL object.
 java.util.List getAclEntries(IPrincipal principal)
          This method returns a List of ACE objects which are assigned to the current ACL object concerning a specific user (principal).
 java.lang.String getObjectId()
          This methode returns the ID of the object which is assigned to current ACL object.
 java.util.List getOwners()
          This method returns a list of ACL owners.
 boolean hasPermission(IPrincipal principal, java.lang.String permission)
          This method checks if an user (principal) is authorized for a specific permission.
 boolean isAllowed(IPrincipal principal, java.lang.String permission)
          This method checks if an user (principal) is authorised for a specific permission.
 boolean isOwner(IPrincipal principal)
          This method checks, if an user (principal) is an ACL owner.
 IAcl prepare()
          Prepares this ACL for update.
 boolean removeAclEntry(IPrincipal caller, IAclEntry aclEntry)
          This method removes an existing ACE object from the current ACL object.
 boolean removeOwner(IPrincipal caller, IPrincipal principal)
          This method removes an ACL owner from current ACL object.
 void resetAcl(IPrincipal caller)
          This method removes all existing ACE objects from the current ACL object except the ACE's with the owner permission, but does not delete the ACL.
 

Method Detail

addOwner

public boolean addOwner(IPrincipal caller,
                        IPrincipal principal)
                 throws UMException
This method adds a new ACL owner to current ACL object.
Parameters:
caller - a current ACL owner.
principal - new ACL owner (principal, for example user).
Returns:
true when the new ACL owner was set successfully false otherwise
Throws:
UMException - if the data cannot be added.

removeOwner

public boolean removeOwner(IPrincipal caller,
                           IPrincipal principal)
                    throws UMException
This method removes an ACL owner from current ACL object.
Parameters:
caller - an ACL owner.
principal - another ACL owner (principal, for example user)
Returns:
true when the ACL owner was removed successfully false otherwise
Throws:
UMException - if the data cannot be removed.

isOwner

public boolean isOwner(IPrincipal principal)
                throws UMException
This method checks, if an user (principal) is an ACL owner.
Parameters:
principal - the checked user (principal).
Returns:
true when the user is an ACL owner false otherwise
Throws:
UMException - if the data cannot be read.

getOwners

public java.util.List getOwners()
                         throws UMException
This method returns a list of ACL owners.
Returns:
the owners of the ACL (List of IPrincipals).
Throws:
UMException - if the data cannot be read.

createAclEntry

public IAclEntry createAclEntry(IPrincipal caller,
                                IPrincipal principal,
                                java.lang.String permission,
                                boolean isInherited)
                         throws UMException
This method creates a new ACE object to current ACL. If an IAclEntry is inherited, it represents the parent ACE's of the object.
Parameters:
caller - an ACL owner.
principal - principal for ACE
permission - permission for the ACE qparam isInherited if the ACE is inherited
Returns:
IAclEntry the ACE object null if it is not possible to create an ACE
Throws:
UMException - if the data cannot be created.

removeAclEntry

public boolean removeAclEntry(IPrincipal caller,
                              IAclEntry aclEntry)
                       throws UMException
This method removes an existing ACE object from the current ACL object.
Parameters:
caller - an ACL owner.
aclEntry - an ACE object.
Returns:
true when the new ACE object was removed successfully false otherwise
Throws:
UMException - if the data cannot be removed.

resetAcl

public void resetAcl(IPrincipal caller)
              throws UMException
This method removes all existing ACE objects from the current ACL object except the ACE's with the owner permission, but does not delete the ACL.
Parameters:
caller - an ACL owner.
Throws:
UMException - if the data cannot be reseted.

getAclEntries

public java.util.List getAclEntries()
                             throws UMException
This method returns a List of ACE objects which are assigned to the current ACL object.
Returns:
a List of ACE objects
Throws:
UMException - if the data cannot be read.

getAclEntries

public java.util.List getAclEntries(IPrincipal principal)
                             throws UMException
This method returns a List of ACE objects which are assigned to the current ACL object concerning a specific user (principal).
Parameters:
principal - user (principal).
Returns:
a List of ACE objects concerning a specific user (principal).
Throws:
UMException - if the data cannot be read.

isAllowed

public boolean isAllowed(IPrincipal principal,
                         java.lang.String permission)
                  throws UMException
This method checks if an user (principal) is authorised for a specific permission.
Parameters:
principal - user (principal).
permission - checked permission.
Returns:
true if the principal is authorised for the specified permission false otherwise
Throws:
UMException - if the data cannot be read.

hasPermission

public boolean hasPermission(IPrincipal principal,
                             java.lang.String permission)
                      throws UMException
This method checks if an user (principal) is authorized for a specific permission. but doesn't write an entry in the security audit log.
Parameters:
principal - user or group
permission - checked permission
Returns:
true if the principal is authorized for the specified permission false otherwise
Throws:
UMException - if the data cannot be read.

getObjectId

public java.lang.String getObjectId()
                             throws UMException
This methode returns the ID of the object which is assigned to current ACL object.
Returns:
an object ID.
Throws:
UMException - if the data cannot be read.

changeObjectID

public boolean changeObjectID(IPrincipal caller,
                              java.lang.String objectID)
                       throws UMException
This method changes the object ID for the current ACL.
Returns:
true if the object ID was changed successfully false otherwise
Throws:
UMException - if the data cannot be changed.

prepare

public IAcl prepare()
             throws UMException
Prepares this ACL for update.
Returns:
the concerning ACL Object.
Throws:
UMException - if the data cannot be prepared.

commit

public void commit()
            throws UMException
Commits any changes made to this ACL (i.e. add/remove AclEntry/Owner).
Throws:
UMException - if the data cannot be commited.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
Copyright © 2002 SAP AG All Rights Reserved.