Package oracle.iam.platformservice.api

Interface AdminRoleService

public interface AdminRoleService
Service interface to query admin roles defined in an OIM installation and manage scoped user memberships in these roles.
Since:
OIM R2 (11.1.2.0.0)
See Also:

  • Method Details

    • getAdminRoles

      List<AdminRole> getAdminRoles()
      Returns list of admin roles available in an installation
      Returns:
      list of admin roles

    • getScopedAdminRoles

      List<AdminRole> getScopedAdminRoles()
      Returns list of admin roles which are usually assigned in the context of non-Top organization. Though these admin roles can be assigned with scope of Top, but due to their entity specific administration capabilities it is best to assign them in scope of non-Top organization.
      Returns:
      list of admin roles which must be asigned within a valid organization scope.

    • getGlobalAdminRoles

      List<AdminRole> getGlobalAdminRoles()
      Returns a list of admin roles which can only be assigned in scope of Top organization. These administration roles can control virtually every aspect of OIM. System Administrator, System Configurator are examples of global admin roles. .
      Returns:
      a list of admin roles which should be assigned within Top organization scope.

    • getAdminRole

      AdminRole getAdminRole(String roleName)
      Returns a a admin role matching the given name (case-insensitive). Null, if admin role is not found for the given name. Partial match is not supported.
      Parameters:
      roleName - name of the admin role, required, not-null
      Returns:
      admin role matching given name, or null

    • getAdminRoleForID

      AdminRole getAdminRoleForID(String roleId)
      Returns a a admin role matching the given name. Null, if admin role is not found for the given name. Partial match is not supported.
      Parameters:
      roleId - id of the admin role, required, not-null
      Returns:
      admin role matching given name, or null

    • addAdminRoleMembership

      AdminRoleMembership addAdminRoleMembership(AdminRoleMembership membership)
      Add a admin role membership.
      Parameters:
      membership - a valid membership to add, required
      Returns:
      membership that got added
      Throws:
      IllegalArgumentException - this runtime exception will be thrown if admin role is global scoped and membership is attempted within a scope.

    • removeAdminRoleMembership

      boolean removeAdminRoleMembership(AdminRoleMembership membership)
      Removes a custom admin role from the application. The admin role passed should be the object returned by the get/list/search APIs to ensure that proper keys are populated in the object, so that correct checks are performed and relationships correctly resolved.
      Parameters:
      adminRole - role to be removed from the application
      Returns:
      true, if role was removed successfuly, otherwise false.

    • listUsersMembership

      List<AdminRoleMembership> listUsersMembership(List<String> lstUserId, String roleName, String scopeId, boolean includeHierarchy, Map<String,Object> paramsMap)
      Returns a list of user's admin role memberships based on the parameters.
      Parameters:
      lstUserId - optional, list of valid user-id
      roleName - optional, the admin role name.
      scopeId - optional, specific scope filter.
      includeHierarchy - this parameter is honored only when a valid scope id is passed. if true then include any user's memberships to scope's parent, otherwise include direct scope assignment.
      paramsMap - optional, other filters like paging, etc ....
      Returns:
      a list of user's admin role membership based on parameters.

    • listUsersMembership

      List<AdminRoleMembership> listUsersMembership(String userId, String roleName, String scopeId, boolean includeHierarchy, Map<String,Object> paramsMap)
      Returns a list of user's admin role memberships based on the parameters.
      Parameters:
      userId - a valid user-id, required
      roleName - - optional, the Admin role name filter
      scopeId - optional, specific scope filter
      includeHierarchy - this parameter is honored only when a valid scope id is passed. If true, then include any user's memberships to scope's parent, otherwise include direct scope assignment.
      Returns:
      a list of user's admin role membership based on parameters.

    • listMembershipsInScope

      List<AdminRoleMembership> listMembershipsInScope(String scopeId, String roleName, boolean includeHierarchy, Map<String,Object> paramsMap)
      Returns a list of admin role membership in the given scope.
      Parameters:
      scopeId - a valid scope id, required
      roleName - - optional, the Admin role name filter
      includeHierarchy - If true, then include any memberships in this scope inherited from the parent of this scope, otherwise include only direct membership to the scope.
      Returns:
      a list of admin role memberships for a given scope

    • updateRoleMemberships

      boolean updateRoleMemberships(AdminRoleMembership roleMembership)
      Method to update the role memberships.
      Parameters:
      rolemembership - that has updated data
      Returns:

    • getAdminRolesForUser

      List<AdminRole> getAdminRolesForUser(String userId, Map<String,Object> paramsMap)
      Get the list of admin roles for passed userId
      Parameters:
      userId - - The user id for which the Admin-roles need to be determined.
      paramsMap - - The additional params for paging, sorting etc ....
      Returns:
      - List of AdminRoles for the passed user.

    • getAdminRolesForUser

      List<AdminRole> getAdminRolesForUser(String userId, Map<String,Object> paramsMap, SearchCriteria criteria)
      Get the list of admin roles for passed userId
      Parameters:
      userId - - The user id for which the Admin-roles need to be determined.
      paramsMap - - The additional params for paging, sorting etc ....
      criteria - - The searchcriteria for filterinh data.
      Returns:
      - List of AdminRoles for the passed user.

    • listMembershipsForUserByRoleName

      List<AdminRoleMembership> listMembershipsForUserByRoleName(String userId, List<String> roleName)
      Returns a list of user's admin role memberships based on role names..
      Parameters:
      userId - a valid user-id, required
      roleName - - required, the Admin role name filter
      Returns:
      a list of user's admin role membership based on parameters.

    • getAdminRoles

      List<AdminRole> getAdminRoles(String scopeId)
      Returns list of admin roles available within the context of the passed scope-id.
      Returns:
      list of admin roles

    • getCapabilitiess

      List<Capability> getCapabilitiess(PolicyConstants.Resources resourceType, PolicyConstants.Actions action)
      Returns list of capabilities available in an installation for a given resourceType and action
      Parameters:
      resourceType - resource for which the search.
      action - the action.
      Returns:
      list of capabilities

    • getCapabilitiess

      List<Capability> getCapabilitiess(PolicyConstants.Resources resourceType)
      Returns list of capabilities available in an installation for a particular resource type
      Parameters:
      resourceType - the resource name.
      Returns:
      list of capabilities

    • getCapabilities

      List<Capability> getCapabilities(PolicyConstants.Resources resourceType, Capability.Type capType)
      Returns list of capabilities available in an installation for the given capability-type.
      Parameters:
      resourceType - the resource name.
      capType - the capability type. Capability type can be admin/self/all.
      Returns:
      list of capabilities

    • removeAdminRole

      boolean removeAdminRole(AdminRole adminRole)
      Remove a custom admin role from the application.
      Parameters:
      adminRole - role to be removed from the application
      Returns:
      true, if role was removed successfuly, otherwise false.

    • getCapabilitiess

      List<Capability> getCapabilitiess(String adminRoleName)
      This method will return the associated capability with an admin role.
      Parameters:
      adminRoleName - selected admin role name.
      Returns:
      list of capabilities associated with an admin-role

    • search

      List<AdminRole> search(SearchCriteria sc, Map<String,Object> controlParams) throws Exception
      Returns a list of admin roles as per the organization scoping based on the parameters.
      Parameters:
      sc - optional, search criteria
      controlParams - optional, other filters like paging,sorting etc ....
      Returns:
      a list of admin roles.
      Throws:
      Exception

    • createAdminRole

      AdminRoleVO createAdminRole(AdminRoleVO compAdminRole)
      The API creates the Admin Role based on AdminRoleVO. The AdminRoleVO represents the train based data setup on the UI. The API also sets up Admin Role relationship with user, SoC, publication and capability.
      Parameters:
      AdminRoleVO - admin role value object
      Returns:
      adminrole that is successfully created.
      Throws:
      AccessDeniedException - if user does not have proper access required to create a role
      SuperRuntimeException - if encounter an error during validation of admin role
      PreviewFailedException - if encounter an error in preview stage
      ValidationFailedException - if encounter an error in validation stage
      AsyncEventException - if process runs in synchronous mode but an event handler is set to run asynchronously
      OrchestrationException - if encounter a system error
      NoSuchServiceException - if encounter an error during service initialisation
      BeanCreationException - if encounter an error during service initialisation
      ServiceInitializationException - if encounter an error during service initialisation
      SystemConfigurationServiceException - if encounter an error during service initialisation
      RuntimeException - if encounter any system exceptions

    • getAdminRoleVO

      AdminRoleVO getAdminRoleVO(String adminRoleId)
      Returns the admin-role value object for the given admin role Id.
      Parameters:
      adminRoleId - admin-role key.
      Returns:
      adminRoleVO object

    • modifyAdminRole

      void modifyAdminRole(AdminRoleVO compAdminRole)
      The API modifies the adminRole data. This API helps in modifying the capability, SOC, users, publications for the admin role.
      Parameters:
      compAdminRole - - the admin-role details that needs to be modified.
      Throws:
      AccessDeniedException - if user does not have proper access required to create a role
      SuperRuntimeException - if encounter an error during validation of admin role
      PreviewFailedException - if encounter an error in preview stage
      ValidationFailedException - if encounter an error in validation stage
      AsyncEventException - if process runs in synchronous mode but an event handler is set to run asynchronously
      OrchestrationException - if encounter a system error
      NoSuchServiceException - if encounter an error during service initialisation
      BeanCreationException - if encounter an error during service initialisation
      ServiceInitializationException - if encounter an error during service initialisation
      SystemConfigurationServiceException - if encounter an error during service initialisation
      RuntimeException - if encounter any system exceptions

    • listUsersMembership

      List<AdminRoleMembership> listUsersMembership(String userId, String roleName, String scopeId, Map<String,Object> paramsMap)
      Returns a list of user's admin role memberships based on the parameters.
      Parameters:
      userId - a valid user-id, required
      roleName - - optional, the Admin role name filter
      scopeId - optional, specific scope filter
      Returns:
      a list of user's admin role membership based on parameters.