Package oracle.iam.accesspolicy.api
Interface AccessPolicyService
public interface AccessPolicyService
-
Method Summary
Modifier and TypeMethodDescriptioncreateAccessPolicy
(oracle.iam.accesspolicy.vo.AccessPolicy policy) Creates an Access Policy.void
deleteAccessPolicy
(String id, boolean revoke) Deletes an Access Policy.void
evalutePoliciesForUser
(String userKey) Trigger access policy evaluation for the given user.List<oracle.iam.accesspolicy.vo.AccessPolicy>
findAccessPolicies
(SearchCriteria searchCriteria, Map<String, Object> configParams) Searches Access Policy.oracle.iam.accesspolicy.vo.AccessPolicy
getAccessPolicy
(String id, boolean populateDefaultData) Gets an Access Policy.List<oracle.iam.accesspolicy.vo.ChildRecord>
getAccessPolicyDefaultChildData
(String policyID, String policyElementID, long appInstanceID, String childFormName, SearchCriteria searchCriteria, Map<String, Object> configParams) Gets the default child data of a given form of an Access Policy element.oracle.iam.accesspolicy.vo.DefaultData
getAccessPolicyDefaultData
(String policyID, String policyElementID, boolean populateChildData) Gets the default data of an Access Policy element.getAssignedRoles
(long polKey) int
Returns the lowest priority of all access policies defined.void
updateAccessPolicy
(oracle.iam.accesspolicy.vo.AccessPolicy policy) Updates an Access Policy.
-
Method Details
-
evalutePoliciesForUser
void evalutePoliciesForUser(String userKey) throws NoSuchUserException, AccessPolicyEvaluationUnauthorizedException, AccessPolicyServiceException, AccessPolicyEvaluationException Trigger access policy evaluation for the given user. This API marks user for policy evaluation by creating/updating an entry in table USER_PROVISIONING_ATTRS. The actual policy evaluation happens via schedule job " Evaluate User Policies"- Parameters:
userKey
- - Key of the user for whom access policy evaluation is to be triggered.- Throws:
NoSuchUserException
- if user identified by userKey doesn't existAccessPolicyEvaluationUnauthorizedException
- if the user initiating the access policy evaluation doesn't have the necessary privileges.AccessPolicyEvaluationException
- if an error occurred while evaluating access policies for the userAccessPolicyServiceException
- if any other generic error occurs. The embedded exception indicates the root cause.
-
getAccessPolicy
oracle.iam.accesspolicy.vo.AccessPolicy getAccessPolicy(String id, boolean populateDefaultData) throws AccessDeniedException, AccessPolicyServiceException Gets an Access Policy.- Parameters:
id
- - the access policy ID.- Returns:
- an access policy that matches the access policy ID given, null if there is no access policy with the given ID.
- Throws:
AccessDeniedException
- if logged in user is not authorized to perform this operation.AccessPolicyServiceException
- if any other generic error occurs. The embedded exception indicates the root cause.
-
findAccessPolicies
List<oracle.iam.accesspolicy.vo.AccessPolicy> findAccessPolicies(SearchCriteria searchCriteria, Map<String, Object> configParams) throws AccessDeniedException, AccessPolicyServiceExceptionSearches Access Policy.- Parameters:
searchCriteria
- - the search criteria.configParams
- - the parameters to further configure the search operation. There are four configuration parameters: start, end, sortAttrName, and order.- Returns:
- list of access policies that matches the search criteria. The access policies return here will not have their default data populated.
- Throws:
AccessDeniedException
- if logged in user is not authorized to perform this operation.AccessPolicyServiceException
- if any other generic error occurs. The embedded exception indicates the root cause.
-
getAccessPolicyDefaultData
oracle.iam.accesspolicy.vo.DefaultData getAccessPolicyDefaultData(String policyID, String policyElementID, boolean populateChildData) throws AccessDeniedException, AccessPolicyServiceException Gets the default data of an Access Policy element.- Parameters:
policyID
- - the access policy ID.policyElementID
- - the access policy element ID.populateChildData
- - if the child data should be populated. true means it should populate the child data, false otherwise.- Returns:
- the default data of the specific access policy element.
- Throws:
AccessDeniedException
- if logged in user is not authorized to perform this operation.AccessPolicyServiceException
- if any other generic error occurs. The embedded exception indicates the root cause.
-
getAccessPolicyDefaultChildData
List<oracle.iam.accesspolicy.vo.ChildRecord> getAccessPolicyDefaultChildData(String policyID, String policyElementID, long appInstanceID, String childFormName, SearchCriteria searchCriteria, Map<String, Object> configParams) throws AccessDeniedException, AccessPolicyServiceExceptionGets the default child data of a given form of an Access Policy element.- Parameters:
policyID
- - the access policy ID.policyElementID
- - the access policy element ID.appInstanceID
- - the application instance ID.childFormName
- - the child form name.searchCriteria
- - the search criteria.configParams
- - the parameters to further configure the search operation. There are four configuration parameters: start, end, sortAttrName, and order.- Returns:
- the default child data of the specific form of the specific Access Policy element.
- Throws:
AccessDeniedException
- if logged in user is not authorized to perform this operation.AccessPolicyServiceException
- if any other generic error occurs. The embedded exception indicates the root cause.
-
createAccessPolicy
String createAccessPolicy(oracle.iam.accesspolicy.vo.AccessPolicy policy) throws AccessDeniedException, AccessPolicyServiceException Creates an Access Policy.- Parameters:
policy
- - access policy to be created.- Returns:
- the ID of the newly created access policy.
- Throws:
AccessDeniedException
- if logged in user is not authorized to perform this operation.AccessPolicyServiceException
- if any other generic error occurs. The embedded exception indicates the root cause.
-
updateAccessPolicy
void updateAccessPolicy(oracle.iam.accesspolicy.vo.AccessPolicy policy) throws AccessDeniedException, AccessPolicyServiceException Updates an Access Policy.- Parameters:
policy
- - access policy to be updated.- Throws:
AccessDeniedException
- if logged in user is not authorized to perform this operation.AccessPolicyServiceException
- if any other generic error occurs. The embedded exception indicates the root cause.
-
deleteAccessPolicy
void deleteAccessPolicy(String id, boolean revoke) throws AccessDeniedException, AccessPolicyServiceException Deletes an Access Policy.- Parameters:
id
- - ID of the access policy to be deleted.revoke
- - if accounts granted by this access policy should be revoked.- Throws:
AccessDeniedException
- if logged in user is not authorized to perform this operation.AccessPolicyServiceException
- if any other generic error occurs. The embedded exception indicates the root cause.
-
getLowestPriority
Returns the lowest priority of all access policies defined.- Returns:
- The lowest priority of all access policies defined.
- Throws:
AccessPolicyServiceException
- if any error occurs. The embedded exception indicates the root cause.
-
getAssignedRoles
- Throws:
NoSuchPolicyException
-