Package oracle.iam.platform.authopss.api
Interface AdminRoleService
- All Known Subinterfaces:
AdminRoleServiceInternal
public interface AdminRoleService
Service interface to query admin roles defined in an OIM installation and
manage scoped user memberships in these roles.
- Since:
- OIM R2 (11.1.2.0.0)
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionaddAdminRoleMembership
(AdminRoleMembership membership) Adds an admin role membership.createAdminRole
(AdminRoleVO compAdminRole) The API creates the Admin Role based on AdminRoleVO.getAdminRole
(String roleName) Returns a a admin role matching the given name (case-insensitive).getAdminRoleForID
(String roleId) Returns a a admin role matching the given name (case-insensitive).Returns list of admin roles available in an installationgetAdminRoles
(String scopeId) Returns list of admin roles available within the context of the passed scope-id.getAdminRolesForUser
(String userId, Map<String, Object> paramsMap) Get the list of admin roles for passed userIdgetAdminRolesForUser
(String userId, Map<String, Object> paramsMap, SearchCriteria criteria) Get the list of admin roles for passed userIdgetAdminRoleVO
(String adminRoleId) Returns the admin-role value object for the given admin role Id.getCapabilities
(PolicyConstants.Resources resourceType, List<String> actions) Returns the list of capabilities for a given resource-type and actions.getCapabilities
(PolicyConstants.Resources resourceType, Capability.Type capType) Returns list of capabilities available in an installation for the given capability-type.getCapabilitiess
(String adminRoleName) This method will return the associated capability with an admin role.getCapabilitiess
(PolicyConstants.Resources resourceType) Returns list of capabilities available in an installation for a given resource-type.getCapabilitiess
(PolicyConstants.Resources resourceType, PolicyConstants.Actions action) Returns list of capabilities available in an installation for a given resourceType and actiongetCapability
(String resourceType, String action) Returns list of capabilities available in an installation for a given resourceType and actiongetCapabilityForID
(String capabilityId) Returns list of capabilities available in an installation for a given resourceType and actionReturns a list of admin roles which can only be assigned in scope of Top organization.Returns list of admin roles which are usually assigned in the context of non-Top organization.Returns the list of User identities assigned to the admin-rolegetUsersAssignedWithScope
(String adminRoleId, Set<String> retAttrs, HashMap<String, Object> configParams, String scopeId) Returns the list of User identities assigned to the admin-roleboolean
Convenience method to check if Authorization checks are required or not.listMembershipsForUserByRoleName
(String userId, List<String> roleName) Returns a list of user's admin role memberships based on role names..listMembershipsInScope
(String scopeId, String roleName, boolean includeHierarchy, Map<String, Object> paramsMap) Returns a list of admin role membership in the given scope.listUsersMembership
(String userId, String roleName, String scopeId, boolean includeHierarchy, Map<String, Object> paramsMap) Returns a list of user's admin role memberships based on the parameters.Returns a list of user's admin role memberships based on the parameters.listUsersMembership
(List<String> lstUserId, String roleName, String scopeId, boolean includeHierarchy, Map<String, Object> paramsMap) Returns a list of user's admin role memberships based on the parameters.void
modifyAdminRole
(AdminRoleVO compAdminRole) The API modifies the adminRole data.void
modifyAdminRole
(AdminRoleVO compAdminRole, boolean ddmUpdateObject) The API modifies the adminRole data.boolean
removeAdminRole
(AdminRole adminRole) Removes a custom admin role from the application.boolean
removeAdminRoleMembership
(AdminRoleMembership membership) Removes a admin role membership.search
(SearchCriteria sc, Map<String, Object> controlParams) Returns a list of admin roles as per the organization scoping based on the parameters.boolean
updateRoleMemberships
(AdminRoleMembership roleMembership) Method to update the role memberships.
-
Method Details
-
getAdminRoles
Returns list of admin roles available in an installation- Returns:
- list of admin roles
-
getScopedAdminRoles
Returns list of admin roles which are usually assigned in the context of non-Top organization. Though these admin roles can be assigned with scope of Top, but due to their entity specific administration capabilities it is best to assign them in scope of non-Top organization.- Returns:
- list of admin roles which must be asigned within a valid organization scope.
-
getGlobalAdminRoles
Returns a list of admin roles which can only be assigned in scope of Top organization. These administration roles can control virtually every aspect of OIM. System Administrator, System Configurator are examples of global admin roles. .- Returns:
- a list of admin roles which should be assigned within Top organization scope.
-
getAdminRole
Returns a a admin role matching the given name (case-insensitive). Null, if admin role is not found for the given name. Partial match is not supported.- Parameters:
roleName
- name of the admin role, required, not-null- Returns:
- admin role matching given name, or null
-
getAdminRoleForID
Returns a a admin role matching the given name (case-insensitive). Null, if admin role is not found for the given name. Partial match is not supported.- Parameters:
roleId
- id of the admin role, required, not-null- Returns:
- admin role matching given name, or null
-
removeAdminRole
Removes a custom admin role from the application. The admin role passed should be the object returned by the get/list/search APIs to ensure that proper keys are populated in the object, so that correct checks are performed and relationships correctly resolved.- Parameters:
adminRole
- role to be removed from the application- Returns:
- true, if role was removed successfuly, otherwise false.
-
addAdminRoleMembership
Adds an admin role membership.- Parameters:
membership
- a valid membership to add, required- Returns:
- membership that got added
- Throws:
IllegalArgumentException
- this runtime exception will be thrown if admin role is global scoped and membership is attempted within a non-Top scope.
-
removeAdminRoleMembership
Removes a admin role membership. The admin role membership object passed should be the object returned by the get/list/search APIs to ensure that proper keys are populated in the object, so that correct checks are performed and relationships correctly resolved.- Parameters:
membership
- a valid membership to be removed, required- Returns:
- -true, if delete successful, false otherwise.
-
listUsersMembership
List<AdminRoleMembership> listUsersMembership(List<String> lstUserId, String roleName, String scopeId, boolean includeHierarchy, Map<String, Object> paramsMap) Returns a list of user's admin role memberships based on the parameters.- Parameters:
lstUserId
- optional, list of valid user-idroleName
- optional, the admin role name.scopeId
- optional, specific scope filter.includeHierarchy
- this parameter is honored only when a valid scope id is passed. if true then include any user's memberships to scope's parent, otherwise include direct scope assignment.paramsMap
- optional, other filters like paging, etc ....- Returns:
- a list of user's admin role membership based on parameters.
-
listUsersMembership
List<AdminRoleMembership> listUsersMembership(String userId, String roleName, String scopeId, boolean includeHierarchy, Map<String, Object> paramsMap) Returns a list of user's admin role memberships based on the parameters.- Parameters:
userId
- a valid user-id, requiredroleName
- - optional, the Admin role name filterscopeId
- optional, specific scope filterincludeHierarchy
- this parameter is honored only when a valid scope id is passed. If true, then include any user's memberships to scope's parent, otherwise include direct scope assignment.- Returns:
- a list of user's admin role membership based on parameters.
-
listMembershipsInScope
List<AdminRoleMembership> listMembershipsInScope(String scopeId, String roleName, boolean includeHierarchy, Map<String, Object> paramsMap) Returns a list of admin role membership in the given scope.- Parameters:
scopeId
- a valid scope id, requiredroleName
- - optional, the Admin role name filterincludeHierarchy
- If true, then include any memberships in this scope inherited from the parent of this scope, otherwise include only direct membership to the scope.- Returns:
- a list of admin role memberships for a given scope
-
updateRoleMemberships
Method to update the role memberships.- Parameters:
rolemembership
- that has updated data- Returns:
-
getAdminRolesForUser
Get the list of admin roles for passed userId- Parameters:
userId
- - The user id for which the Admin-roles need to be determined.paramsMap
- - The additional params for paging, sorting etc ....- Returns:
- - List of AdminRoles for the passed user.
-
getAdminRolesForUser
List<AdminRole> getAdminRolesForUser(String userId, Map<String, Object> paramsMap, SearchCriteria criteria) Get the list of admin roles for passed userId- Parameters:
userId
- - The user id for which the Admin-roles need to be determined.paramsMap
- - The additional params for paging, sorting etc ....criteria
- - The search criteria used for filtering.- Returns:
- - List of AdminRoles for the passed user.
-
listMembershipsForUserByRoleName
Returns a list of user's admin role memberships based on role names..- Parameters:
userId
- a valid user-id, requiredroleName
- - required, the Admin role name filter- Returns:
- a list of user's admin role membership based on parameters.
-
getAdminRoles
Returns list of admin roles available within the context of the passed scope-id.- Returns:
- list of admin roles
-
isAuthorizationRequired
boolean isAuthorizationRequired()Convenience method to check if Authorization checks are required or not.- Returns:
-
getCapabilitiess
List<Capability> getCapabilitiess(PolicyConstants.Resources resourceType, PolicyConstants.Actions action) Returns list of capabilities available in an installation for a given resourceType and action- Parameters:
resourceType
- resource for which the search.action
- the action.- Returns:
- list of capabilities
-
getCapabilitiess
Returns list of capabilities available in an installation for a given resource-type.- Parameters:
resourceType
- the resource name.- Returns:
- list of capabilities
-
getCapabilities
Returns list of capabilities available in an installation for the given capability-type.- Parameters:
resourceType
- the resource name.capType
- the capability type. Capability type can be admin/self/all.- Returns:
- list of capabilities
-
getCapabilitiess
This method will return the associated capability with an admin role.- Parameters:
adminRoleName
- select admin role name.- Returns:
- list of capabilities associated with an admin-role
-
search
Returns a list of admin roles as per the organization scoping based on the parameters.- Parameters:
sc
- optional, search criteriacontrolParams
- optional, and filters like paging,sorting etc ....- Returns:
- a list of admin roles.
- Throws:
Exception
-
getCapability
Returns list of capabilities available in an installation for a given resourceType and action- Returns:
- list of capabilities
-
getCapabilityForID
Returns list of capabilities available in an installation for a given resourceType and action- Returns:
- list of capabilities
-
createAdminRole
The API creates the Admin Role based on AdminRoleVO. The AdminRoleVO represents the train based data setup on the UI. The API also sets up Admin Role relationship with user, SoC, publication and capability.- Parameters:
AdminRoleVO
- admin role value object- Returns:
- adminrole that is successfully created.
-
getAdminRoleVO
Returns the admin-role value object for the given admin role Id.- Parameters:
adminRoleId
- admin-role key.- Returns:
- adminRoleVO object
-
modifyAdminRole
The API modifies the adminRole data. This API helps in modifying the capability, SOC, users, publications for the admin role.- Parameters:
compAdminRole
- - the admin-role details that needs to be modified.
-
modifyAdminRole
The API modifies the adminRole data. This API helps in modifying the capability, SOC, users, publications for the admin role.- Parameters:
compAdminRole
- - the admin-role details that needs to be modified.ddmUppdateOject
- - True if DDM import is updating the admin role
-
getUsersAssigned
List<String> getUsersAssigned(String adminRoleId, Set<String> retAttrs, HashMap<String, Object> configParams) Returns the list of User identities assigned to the admin-role- Parameters:
adminRoleId
- role-key for the admin-role.retAttrs
- the user attributes need to be returnedconfigParams
- the comfigparams.- Returns:
- List of Users identity.
-
getUsersAssignedWithScope
List<String> getUsersAssignedWithScope(String adminRoleId, Set<String> retAttrs, HashMap<String, Object> configParams, String scopeId) Returns the list of User identities assigned to the admin-role- Parameters:
adminRoleId
- role-key for the admin-role.retAttrs
- the user attributes need to be returnedconfigParams
- the comfigparams.ScopeId
- associated with admin role.- Returns:
- List of Users identity.
-
listUsersMembership
List<AdminRoleMembership> listUsersMembership(String userId, String roleName, String scopeId, Map<String, Object> paramsMap) Returns a list of user's admin role memberships based on the parameters.- Parameters:
userId
- a valid user-id, requiredroleName
- - optional, the Admin role name filterscopeId
- optional, specific scope filter- Returns:
- a list of user's admin role membership based on parameters.
-
getCapabilities
Returns the list of capabilities for a given resource-type and actions.- Parameters:
resourceType
-actions
-- Returns:
-