Interface AccessPolicyService


public interface AccessPolicyService
  • Method Details

    • evalutePoliciesForUser

      Trigger access policy evaluation for the given user. This API marks user for policy evaluation by creating/updating an entry in table USER_PROVISIONING_ATTRS. The actual policy evaluation happens via schedule job " Evaluate User Policies"
      Parameters:
      userKey - - Key of the user for whom access policy evaluation is to be triggered.
      Throws:
      NoSuchUserException - if user identified by userKey doesn't exist
      AccessPolicyEvaluationUnauthorizedException - if the user initiating the access policy evaluation doesn't have the necessary privileges.
      AccessPolicyEvaluationException - if an error occurred while evaluating access policies for the user
      AccessPolicyServiceException - if any other generic error occurs. The embedded exception indicates the root cause.
    • getAccessPolicy

      oracle.iam.accesspolicy.vo.AccessPolicy getAccessPolicy(String id, boolean populateDefaultData) throws AccessDeniedException, AccessPolicyServiceException
      Gets an Access Policy.
      Parameters:
      id - - the access policy ID.
      Returns:
      an access policy that matches the access policy ID given, null if there is no access policy with the given ID.
      Throws:
      AccessDeniedException - if logged in user is not authorized to perform this operation.
      AccessPolicyServiceException - if any other generic error occurs. The embedded exception indicates the root cause.
    • findAccessPolicies

      List<oracle.iam.accesspolicy.vo.AccessPolicy> findAccessPolicies(SearchCriteria searchCriteria, Map<String,Object> configParams) throws AccessDeniedException, AccessPolicyServiceException
      Searches Access Policy.
      Parameters:
      searchCriteria - - the search criteria.
      configParams - - the parameters to further configure the search operation. There are four configuration parameters: start, end, sortAttrName, and order.
      Returns:
      list of access policies that matches the search criteria. The access policies return here will not have their default data populated.
      Throws:
      AccessDeniedException - if logged in user is not authorized to perform this operation.
      AccessPolicyServiceException - if any other generic error occurs. The embedded exception indicates the root cause.
    • getAccessPolicyDefaultData

      oracle.iam.accesspolicy.vo.DefaultData getAccessPolicyDefaultData(String policyID, String policyElementID, boolean populateChildData) throws AccessDeniedException, AccessPolicyServiceException
      Gets the default data of an Access Policy element.
      Parameters:
      policyID - - the access policy ID.
      policyElementID - - the access policy element ID.
      populateChildData - - if the child data should be populated. true means it should populate the child data, false otherwise.
      Returns:
      the default data of the specific access policy element.
      Throws:
      AccessDeniedException - if logged in user is not authorized to perform this operation.
      AccessPolicyServiceException - if any other generic error occurs. The embedded exception indicates the root cause.
    • getAccessPolicyDefaultChildData

      List<oracle.iam.accesspolicy.vo.ChildRecord> getAccessPolicyDefaultChildData(String policyID, String policyElementID, long appInstanceID, String childFormName, SearchCriteria searchCriteria, Map<String,Object> configParams) throws AccessDeniedException, AccessPolicyServiceException
      Gets the default child data of a given form of an Access Policy element.
      Parameters:
      policyID - - the access policy ID.
      policyElementID - - the access policy element ID.
      appInstanceID - - the application instance ID.
      childFormName - - the child form name.
      searchCriteria - - the search criteria.
      configParams - - the parameters to further configure the search operation. There are four configuration parameters: start, end, sortAttrName, and order.
      Returns:
      the default child data of the specific form of the specific Access Policy element.
      Throws:
      AccessDeniedException - if logged in user is not authorized to perform this operation.
      AccessPolicyServiceException - if any other generic error occurs. The embedded exception indicates the root cause.
    • createAccessPolicy

      String createAccessPolicy(oracle.iam.accesspolicy.vo.AccessPolicy policy) throws AccessDeniedException, AccessPolicyServiceException
      Creates an Access Policy.
      Parameters:
      policy - - access policy to be created.
      Returns:
      the ID of the newly created access policy.
      Throws:
      AccessDeniedException - if logged in user is not authorized to perform this operation.
      AccessPolicyServiceException - if any other generic error occurs. The embedded exception indicates the root cause.
    • updateAccessPolicy

      void updateAccessPolicy(oracle.iam.accesspolicy.vo.AccessPolicy policy) throws AccessDeniedException, AccessPolicyServiceException
      Updates an Access Policy.
      Parameters:
      policy - - access policy to be updated.
      Throws:
      AccessDeniedException - if logged in user is not authorized to perform this operation.
      AccessPolicyServiceException - if any other generic error occurs. The embedded exception indicates the root cause.
    • deleteAccessPolicy

      void deleteAccessPolicy(String id, boolean revoke) throws AccessDeniedException, AccessPolicyServiceException
      Deletes an Access Policy.
      Parameters:
      id - - ID of the access policy to be deleted.
      revoke - - if accounts granted by this access policy should be revoked.
      Throws:
      AccessDeniedException - if logged in user is not authorized to perform this operation.
      AccessPolicyServiceException - if any other generic error occurs. The embedded exception indicates the root cause.
    • getLowestPriority

      int getLowestPriority() throws AccessPolicyServiceException
      Returns the lowest priority of all access policies defined.
      Returns:
      The lowest priority of all access policies defined.
      Throws:
      AccessPolicyServiceException - if any error occurs. The embedded exception indicates the root cause.
    • getAssignedRoles

      List<Role> getAssignedRoles(long polKey) throws NoSuchPolicyException
      Throws:
      NoSuchPolicyException