Package oracle.iam.provisioning.api

Interface ProvisioningService

public interface ProvisioningService
ProvisioningService application programming interface provides utilities needed to provision and manage user's Account and Entitlement for both connected and disconnected ApplicationInstance. We are introducing this new provisioning API because: - Old provisioning APIs were scattered across the various services, namely, tcUserOperationsIntf, tcProvisioningOperationsIntf, tcFormInstanceOperationsIntf. There is no functional integrity in these provisioning APIs as completing a single action may need invocation of APIs across different interfaces. - Also, in 11.1.2.0.0, Authorization model is changed and we wanted to up-take new security model.
Since:
11.1.2.0.0
Author:
Various
See Also:

  • Method Details

    • provision

      long provision(String userId, Account account) throws UserNotFoundException, ApplicationInstanceNotFoundException, AccessDeniedException, GenericProvisioningException
      This API method provisions an account to a user.
      Parameters:
      userId - The target user to whom the account will be provisioned to.
      account - This Account value object holds the information about ApplicationInstance and AccountData.
      Returns:
      The accountId of the account created.
      Throws:
      UserNotFoundException - if the target user does not exist (i.e deleted) in the system.
      ApplicationInstanceNotFoundException - if the application instance contained in the Account value object does not exist in the system.
      AccessDeniedException - if there is any authorization failure while provisioning the account to the target user. To avoid this exception, the logged in user should at least have ApplicationInstance Authorizer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to provision account.
      GenericProvisioningException - if any other error, connector failures occur.
      Since:
      11.1.2.0.0
      See Also:

    • enable

      void enable(long accountId) throws AccountNotFoundException, ImproperAccountStateException, AccessDeniedException, GenericProvisioningException
      This API method enables an existing disabled account provisioned to a user. The account should be in Disabled state.
      Parameters:
      accountId - The accountId of the account that needs to be enabled.
      Throws:
      AccountNotFoundException - if the account with the specified accountId does not exist.
      AccessDeniedException - if there is any authorization failure while enabling the account provisioned to target user. To avoid this exception, the logged in user should at least have ApplicationInstance Authorizer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to enable account.
      ImproperAccountStateException - if the account is not in disabled state when the enable operation is attempted
      GenericProvisioningException - if any other error, connector failures occur.
      Since:
      11.1.2.0.0
      See Also:
      • AuthorizationService
      • oracle.iam.platform.authopss.api.PolicyConstants.ApplicationInstanceActions.ENABLE_ACCOUNT

    • disable

      void disable(long accountId) throws AccountNotFoundException, ImproperAccountStateException, AccessDeniedException, GenericProvisioningException
      This API method disables an account provisioned to a user. The account should be in Enabled or Provisioned state.
      Parameters:
      accountId - The accountId of the account under consideration
      Throws:
      AccountNotFoundException - if the account with the specified accountId does not exist.
      AccessDeniedException - if there is any authorization failure while disabling the account provisioned to target user. To avoid this exception, the logged in user should at least have ApplicationInstance Authorizer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to disable account.
      ImproperAccountStateException - if the account is not in provisioned/enabled state when the disabled operation is attempted
      GenericProvisioningException - thrown if any other error, connector failures occur.
      Since:
      11.1.2.0.0
      See Also:
      • AuthorizationService
      • oracle.iam.platform.authopss.api.PolicyConstants.ApplicationInstanceActions.DISABLE_ACCOUNT

    • modify

      void modify(Account account) throws AccountNotFoundException, AccessDeniedException, GenericProvisioningException
      This API method modifies an existing provisioned account. The Account value object should contain the modified account profile.
      Parameters:
      account - This Account value object holds the information about ApplicationInstance and modified AccountData.
      Throws:
      AccountNotFoundException - if the account with the specified accountId does not exist.
      AccessDeniedException - if there is any authorization failure while modifying the account provisioned to target user. To avoid this exception, the logged in user should at least have ApplicationInstance Authorizer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to modify account.
      GenericProvisioningException - if any other error, connector failures occur.
      Since:
      11.1.2.0.0
      See Also:

    • revoke

      void revoke(long accountId) throws AccountNotFoundException, AccessDeniedException, GenericProvisioningException
      This API method revokes an account provisioned to a user. The account should be in provisioned, enabled or disabled state state.
      Parameters:
      accountId - The accountId of the account under consideration
      Throws:
      AccountNotFoundException - if the account with the specified accountId does not exist.
      AccessDeniedException - if there is any authorization failure while modifying the account provisioned to target user. To avoid this exception, the logged in user should at least have ApplicationInstance Authorizer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to revoke account.
      GenericProvisioningException - if any other error, connector failures occur.
      Since:
      11.1.2.0.0
      See Also:
      • AuthorizationService
      • oracle.iam.platform.authopss.api.PolicyConstants.ApplicationInstanceActions.REVOKE_ACCOUNT

    • grantEntitlement

      @Deprecated void grantEntitlement(long accountId, Entitlement entitlement) throws AccountNotFoundException, ImproperAccountStateException, EntitlementNotFoundException, EntitlementAlreadyProvisionedException, AccessDeniedException, GenericProvisioningException
      Deprecated.
      This API method grants the specified Entitlement to the specified account
      Parameters:
      accountId - the accountId of the account to which the Entitlement is granted to.
      entitlement - the Entitlement which should be granted to the account.
      Throws:
      AccountNotFoundException - if the account with the specified accountId does not exist.
      ImproperAccountStateException - if the account is already revoked
      EntitlementNotFoundException - if the Entitlement definition does not exist
      EntitlementAlreadyProvisionedException - if the Entitlement has already provisioned to the specified account
      AccessDeniedException - if there is any authorization failure while granting the Entitlement to target user. To avoid this exception, the logged in user should at least have Entitlement Authorizer Admin Role on Organization to which this Entitlement is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to grant entitlement.
      GenericProvisioningException - if any other errors occur
      Since:
      11.1.2.0.0
      See Also:

    • grantEntitlement

      void grantEntitlement(EntitlementInstance entitlementInstance) throws AccountNotFoundException, ImproperAccountStateException, EntitlementNotFoundException, EntitlementAlreadyProvisionedException, AccessDeniedException, GenericProvisioningException
      This API method grants the specified EntitlementInstance to the specified account
      Parameters:
      entitlementInstance - the EntitlementInstance which should be granted to the account.
      Throws:
      AccountNotFoundException - if the account with the specified accountId does not exist.
      ImproperAccountStateException - if the account is already revoked
      EntitlementNotFoundException - if the Entitlement definition does not exist
      EntitlementAlreadyProvisionedException - if the Entitlement has already provisioned to the specified account
      AccessDeniedException - if there is any authorization failure while granting the Entitlement to target user. To avoid this exception, the logged in user should at least have Entitlement Authorizer Admin Role on Organization to which this Entitlement is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to grant entitlement.
      GenericProvisioningException - if any other errors occur
      Since:
      11.1.2.2.0
      See Also:

    • revokeEntitlement

      void revokeEntitlement(EntitlementInstance entitlementInstance) throws AccountNotFoundException, EntitlementNotProvisionedException, AccessDeniedException, GenericProvisioningException
      This API method revokes already granted EntitlementInstance from the specified accounts
      Parameters:
      entitlementInstance - the EntitlementInstance that needs to be revoked. EntitlementInstance is an instance of Entitlement that is granted to a user and is associated to a specific Account.
      Throws:
      AccountNotFoundException - if the specified accountId is not found
      EntitlementNotProvisionedException - if the specified EntitlementInstance is not found as it is not already granted.
      AccessDeniedException - if there is any authorization failure while revoking the EntitlementInstance. To avoid this exception, the logged in user should at least have Entitlement Authorizer Admin Role on Organization to which this Entitlement is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to revoke entitlement instance.
      GenericProvisioningException - if any other errors occur
      Since:
      11.1.2.0.0
      See Also:

    • updateEntitlement

      void updateEntitlement(EntitlementInstance entitlementInstance) throws AccountNotFoundException, EntitlementNotFoundException, AccessDeniedException, GenericProvisioningException
      This API method updates the attributes (child table data) of the specified EntitlementInstance.
      Parameters:
      entitlementInstance - the modified EntitlementInstance
      Throws:
      AccountNotFoundException - if the specified accountId is not found
      EntitlementNotFoundException - if the specified entitlement instance is not found in the system
      AccessDeniedException - if there is any authorization failure while updating the EntitlementInstance. To avoid this exception, the logged in user should at least have Entitlement Authorizer Admin Role on Organization to which this Entitlement is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to update entitlement instance.
      GenericProvisioningException - if any other errors occur while performing entitlement update
      Since:
      11.1.2.0.0
      See Also:

    • grantEntitlements

      @Deprecated void grantEntitlements(long accountId, List<Entitlement> entitlements) throws BulkProvisioningException
      Deprecated.
      This API method grants the list of specified Entitlement to the specified account This is a bulk operation that grants multiple Entitlement to user's account.
      Parameters:
      accountId - the accountId of the account to which the entitlements should be granted.
      entitlements - the list of entitlements that need to be granted to the account
      Throws:
      BulkProvisioningException - if errors occur during bulk operations
      Since:
      11.1.2.0.0

    • revokeEntitlements

      void revokeEntitlements(List<EntitlementInstance> entitlementInstances) throws BulkProvisioningException
      This API method revokes the list of specified EntitlementInstance from the specified accounts
      Parameters:
      entitlementInstances - the list of entitlement instances that need to be revoked
      Throws:
      BulkProvisioningException - if errors occur during bulk operations
      Since:
      11.1.2.0.0

    • updateEntitlements

      void updateEntitlements(List<EntitlementInstance> entitlementInstances) throws BulkProvisioningException
      This API method updates the attributes of the specified entitlement instances
      Parameters:
      entitlementInstances - the list of modified entitlement instances
      Throws:
      BulkProvisioningException - if errors occur during bulk operations
      Since:
      11.1.2.0.0

    • getUsersProvisionedToAppInstance

      List<String> getUsersProvisionedToAppInstance(String appInstanceKey, HashMap<String,Object> configparams) throws GenericProvisioningException, ApplicationInstanceNotFoundException, GenericAppInstanceServiceException
      This API method returns the list of users having the specified application instance provisioned.
      Parameters:
      appInstanceKey - . The application instance key which is provisioned to users.
      Returns:
      A list of user keys having the specified application instance provisioned.
      Throws:
      GenericProvisioningException
      ApplicationInstanceNotFoundException
      GenericAppInstanceServiceException

    • getAccountsProvisionedToUser

      List<Account> getAccountsProvisionedToUser(String userId) throws UserNotFoundException, GenericProvisioningException
      This API method returns a list of all the accounts provisioned to the user. By default this method will not return the AccountData in the AccountVO. To get the account data use {@link # getAccountsProvisionedToUser(String userId, boolean populateAccountData)}
      Parameters:
      userId - The target user for whom the list of account is returned.
      Returns:
      A List of Account objects, which contains details about the application instance, the account profile and the entitlements corresponding to the accounts. Logged in user can have permission to view few accounts (i.e ApplicationInstance) out of the specified list. Only those accounts are returned in the list.
      Throws:
      UserNotFoundException - if the target user does not exist (i.e deleted) in the system.
      GenericProvisioningException - if any other errors occur while fetching the accounts provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation.
      Since:
      11.1.2.0.0
      See Also:

    • getAccountsProvisionedToUser

      List<Account> getAccountsProvisionedToUser(String userId, SearchCriteria criteria, HashMap<String,Object> configParams, boolean populateAccountData) throws UserNotFoundException, GenericProvisioningException
      This API method returns a list of all the accounts provisioned to the user. Additionally, one can pass criteria to filter the accounts being returned.
      Parameters:
      userId - The target user for whom the list of account is returned.
      criteria - The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL and NOT_EQUAL. For additional comparisons like contains the SearchCriteria Operator will be EQUAL with value to be searched will be '**'

      The following is a list of attributes supported: ProvisioningConstants.AppInstanceSearchAttribute.DISPLAY_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.OBJ_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.ACCOUNT_STATUS.getId()

      configParams - Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.

      The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched. These parameters are mandatory.

      The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional

      The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING.

      The following is a list of attributes supported: ProvisioningConstants.AppInstanceSearchAttribute.DISPLAY_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.OBJ_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.ACCOUNT_STATUS.getId() ProvisioningConstants.AppInstanceSearchAttribute.PROVISIONED_ON.getId()

      populateAccountData - A boolean to indicate whether account data should be populated in the returned list of Account VO. If set to false, account data will not be populated.
      Returns:
      A List of Account objects, which contains details about the application instance, the account profile and the entitlements corresponding to the accounts. Logged in user can have permission to view few accounts (i.e ApplicationInstance) out of the specified list. Only those accounts are returned in the list.
      Throws:
      UserNotFoundException - if the target user does not exist (i.e deleted) in the system.
      GenericProvisioningException - if any other errors occur while fetching the accounts provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation.
      Since:
      11.1.2.2.0

    • getAccountsProvisionedToUser

      List<Account> getAccountsProvisionedToUser(String userId, SearchCriteria criteria, HashMap<String,Object> configParams) throws UserNotFoundException, GenericProvisioningException
      This API method returns a list of all the accounts provisioned to the user. Additionally, one can pass criteria to filter the accounts being returned. By default this method will not return the AccountData in the AccountVO. To get the account data use {@link # getAccountsProvisionedToUser(String userId, SearchCriteria criteria, HashMap<String, Object> configParams, boolean populateAccountData)}
      Parameters:
      userId - The target user for whom the list of account is returned.
      criteria - The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL and NOT_EQUAL. For additional comparisons like contains the SearchCriteria Operator will be EQUAL with value to be searched will be '**'

      The following is a list of attributes supported: ProvisioningConstants.AppInstanceSearchAttribute.DISPLAY_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.OBJ_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.ACCOUNT_STATUS.getId()

      configParams - Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.

      The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched. These parameters are mandatory.

      The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional

      The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING.

      The following is a list of attributes supported: ProvisioningConstants.AppInstanceSearchAttribute.DISPLAY_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.OBJ_NAME.getId() ProvisioningConstants.AppInstanceSearchAttribute.ACCOUNT_STATUS.getId() ProvisioningConstants.AppInstanceSearchAttribute.PROVISIONED_ON.getId()

      Returns:
      A List of Account objects, which contains details about the application instance, the account profile and the entitlements corresponding to the accounts. Logged in user can have permission to view few accounts (i.e ApplicationInstance) out of the specified list. Only those accounts are returned in the list.
      Throws:
      UserNotFoundException - if the target user does not exist (i.e deleted) in the system.
      GenericProvisioningException - if any other errors occur while fetching the accounts provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation.
      Since:
      11.1.2.0.0

    • getAccountsProvisionedToUser

      List<Account> getAccountsProvisionedToUser(String userId, boolean populateAccountData) throws UserNotFoundException, GenericProvisioningException
      This API method returns a list of all the accounts provisioned to the user
      Parameters:
      userId - The target user for whom the list of account is returned.
      populateAccountData - boolean to indicate if account data should be populated in the returned Account VO. If set to false, account data will not be populated.
      Returns:
      A List of Account objects, which contains details about the application instance, the account profile and the entitlements corresponding to the accounts. Logged in user can have permission to view few accounts (i.e ApplicationInstance) out of the specified list. Only those accounts are returned in the list.
      Throws:
      UserNotFoundException - if the target user does not exist (i.e deleted) in the system.
      GenericProvisioningException - if any other errors occur while fetching the accounts provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation.
      Since:
      11.1.2.0.0
      See Also:

    • getEntitlementInstanceForEntitlement

      List<EntitlementInstance> getEntitlementInstanceForEntitlement(Entitlement entitlement, SearchCriteria searchcriteria, HashMap<String,Object> configParams) throws GenericProvisioningException, AccessDeniedException, EntitlementNotFoundException, GenericEntitlementServiceException
      This API method returns the entitlement instances for the given entitlement.
      Parameters:
      entitlement - Entitlement object for which entitlement instances has to be returned.
      searchcriteria - The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operator supported is EQUAL

      Following is the attribute supported: ProvisioningConstants.EntitlementInstanceSearchAttribute.ENT_ASSIGN_STATUS.getId() Following are the list of possible values supported for status ProvisioningConstants.ENT_PROVISIONED_STATUS ProvisioningConstants.ENT_PROV_IN_PROGRESS_STATUS ProvisioningConstants.ENT_FUTURE_GRANT_STATUS

      configParams - Parameters to further configure the search operation. There are two configuration parameters. STARTROW and ENDROW.

      The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.

      Returns:
      A list of EntitlementInstance objects which contains details about entitlements.
      Throws:
      GenericProvisioningException - if any other errors occur while fetching the entitlement instances for the given entitlement.
      AccessDeniedException - if there is any authorization failure while getting the EntitlementInstance. To avoid this exception, the logged in user should at least have Entitlement Authorizer Admin Role on Organization to which this Entitlement is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view entitlement.
      EntitlementNotFoundException - if the entitlement instance does not exist.
      GenericEntitlementServiceException - if any failure while finding the entitlement.

    • getEntitlementInstance

      EntitlementInstance getEntitlementInstance(long entitlementInstanceKey) throws AccessDeniedException, EntitlementInstanceNotFoundException, GenericProvisioningException
      This API method returns an entitlement instance provisioned to the user corresponding to the edlntitlement key
      Parameters:
      entitlementInstanceKey - The entitlement instance key.
      Returns:
      An EntitlementInstance object which contains details about entitlement provisioned to the user.
      Throws:
      EntitlementInstanceNotFoundException - if the entitlement instance does not exist.
      AccessDeniedException - if there is any authorization failure while getting the EntitlementInstance. To avoid this exception, the logged in user should at least have Entitlement Authorizer Admin Role on Organization to which this Entitlement is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view entitlement.
      GenericProvisioningException - if any other errors occur while fetching entitlement details.
      Since:
      11.1.2.0.0
      See Also:

    • getEntitlementInstances

      List<EntitlementInstance> getEntitlementInstances(long[] entitlementInstanceKeys) throws GenericProvisioningException
      This API method returns a list of entitlement instances provisioned to the user corresponding to the list of entitlement instances key.
      Parameters:
      userId - The target user for whom the entitlement instance is returned.
      Returns:
      A list of EntitlementInstance objects which contains details about entitlements provisioned to the user.
      Throws:
      GenericProvisioningException - if any other errors occur while fetching the entitlement instances provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation. Logged in user can have permission to view few entitlements out of the specified list. Only those entitlement instance are returned in the list.
      Since:
      11.1.2.0.0

    • getEntitlementsForUser

      List<EntitlementInstance> getEntitlementsForUser(String userId) throws UserNotFoundException, GenericProvisioningException
      This API method returns a list of all the entitlements provisioned to the user.
      Parameters:
      userId - The target user for whom the entitlement instances are returned.
      Returns:
      A List of EntitlementInstance objects, which contains details about the entitlements. Logged in user can have permission to view few accounts (i.e ApplicationInstance) out of the specified list. Only those EntitlementInstances are returned in the list.
      Throws:
      UserNotFoundException - if the target user does not exist (i.e deleted) in the system.
      GenericProvisioningException - if any other errors occur while fetching the entitlement instances provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation. Logged in user can have permission to view few entitlements out of the specified list. Only those entitlement instance are returned in the list.
      Since:
      11.1.2.0.0

    • getEntitlementsForUser

      List<EntitlementInstance> getEntitlementsForUser(String userId, SearchCriteria criteria, HashMap<String,Object> configParams) throws UserNotFoundException, GenericProvisioningException
      This API method searches for entitlement instances provisioned to a user matching the specified SearchCriteria
      Parameters:
      userId - The target user for whom the entitlement instances are returned.
      criteria - The search criteria based on which entries will be retrieved from the backend. The SearchCriteria Operators supported are AND, OR, NOT, GREATER_THAN, GREATER_EQUAL, LESS_THAN, LESS_EQUAL, EQUAL and NOT_EQUAL. For additional comparisons like contains the SearchCriteria Operator will be EQUAL with value to be searched will be '**'

      The following is a list of search attributes supported: ProvisioningConstants.EntitlementSearchAttribute.ENTITLEMENT_DISPLAYNAME.getId() ProvisioningConstants.EntitlementSearchAttribute.ENT_ASSIGN_STATUS.getId();

      configParams - Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.

      The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched. These parameters are mandatory.

      The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted. This parameter is optional

      The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING.

      The following is a list of search attributes supported: ProvisioningConstants.EntitlementSearchAttribute.ENTITLEMENT_DISPLAYNAME.getId()

      Returns:
      A List of EntitlementInstance objects, which contains details about entitlements provisioned to the user.
      Throws:
      UserNotFoundException - if the target user does not exist (i.e deleted) in the system.
      GenericProvisioningException - if any other errors occur while fetching the entitlement instances provisioned to user. This API does not throw AccessDeniedException since this is a bulk operation. Logged in user can have permission to view few entitlements out of the specified list. Only those entitlement instance are returned in the list.
      Since:
      11.1.2.0.0

    • isApplicationInstanceProvisionedToUser

      boolean isApplicationInstanceProvisionedToUser(String userId, ApplicationInstance appInstance) throws UserNotFoundException, ApplicationInstanceNotFoundException, GenericProvisioningException, AccessDeniedException
      This API method returns a boolean indicating weather the specified user has an account in the specified application instance.
      Parameters:
      userId - The target user for whom operation is performed.
      appInstance - The ApplicationInstance which needs to be checked if it is provisioned to user.
      Returns:
      true if the user has an account in the application instance in Provisioned/Enabled/Disabled state. false otherwise.
      Throws:
      UserNotFoundException - if a user with the specified userId is not found in the system
      ApplicationInstanceNotFoundException - if the specified Application instance is not found in the system.
      AccessDeniedException - if there is any authorization failure while checking if the ApplicationInstance is provisioned to user. To avoid this exception, the logged in user should at least have ApplicationInstance Viewer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view ApplicationInstance.
      GenericProvisioningException - if any other errors occur while checking if the ApplicationInstance is provisioned to user.
      Since:
      11.1.2.0.0

    • isEntitlementProvisionedToUser

      boolean isEntitlementProvisionedToUser(String userId, Entitlement entitlement) throws UserNotFoundException, EntitlementNotFoundException, AccessDeniedException, GenericProvisioningException
      This API method returns a boolean indicating whether the specified user has been granted the specific entitlement.
      Parameters:
      userId - The target user for whom operation is performed.
      entitlement - The Entitlement which needs to be checked if it is provisioned to user.
      Returns:
      true if the user has an been granted the specified entitlement. false otherwise.
      Throws:
      UserNotFoundException - if a user with the specified userId is not found in the system
      EntitlementNotFoundException - if the specified Entitlement is not found in the system.
      AccessDeniedException - if there is any authorization failure while checking if the Entitlement is provisioned to user. To avoid this exception, the logged in user should at least have Entitlement Viewer Admin Role on Organization to which this Entitlement is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view Entitlement.
      GenericProvisioningException - if any other errors occur while checking if the Entitlement is provisioned to user.
      Since:
      11.1.2.0.0

    • getAccountDetails

      Account getAccountDetails(long accountId) throws AccountNotFoundException, AccessDeniedException, GenericProvisioningException
      This API method returns an Account value object which contains detailed information about the account corresponding to the specified account ID. The value object will contain information regarding the application instance, the account profile and all the entitlements corresponding to the accounts.
      Parameters:
      accountId - The account id of account whose details to be fetched.
      Returns:
      An Account value object.
      Throws:
      AccountNotFoundException - if no account is found corresponding to the specified accountId.
      AccessDeniedException - if there is any authorization failure fetching account details. To avoid this exception, the logged in user should at least have ApplicationInstance Viewer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view ApplicationInstance.
      GenericProvisioningException - if any other errors occur while fetching account details.
      Since:
      11.1.2.0.0

    • getMinimalAccountDetails

      Account getMinimalAccountDetails(long accountId) throws AccountNotFoundException, AccessDeniedException, GenericProvisioningException
      This API method returns an Account value object corresponding to the specified account ID. The AccountVO will not return the AccountData if this API is called. To retrieve the account data use {@link # getAccountDetails(long accountId)}
      Parameters:
      accountId - The account id of account whose details to be fetched.
      Returns:
      An Account value object.
      Throws:
      AccountNotFoundException - if no account is found corresponding to the specified accountId.
      AccessDeniedException - if there is any authorization failure fetching account details. To avoid this exception, the logged in user should at least have ApplicationInstance Viewer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view ApplicationInstance.
      GenericProvisioningException - if any other errors occur while fetching account details.
      Since:
      11.1.2.0.0

    • getAccountDetails

      List<Account> getAccountDetails(long[] accountIds) throws GenericProvisioningException
      This API method returns a list of Account value object given the accountIds.The account object contains detailed information about the account corresponding to the specified account ID.
      Parameters:
      accountId - The list of account id of accounts whose details to be fetched.
      Returns:
      A list of Account value objects which have passed the authorization check. If an account is not found for a specified accountId, those accounts are also not returned in the list.
      Throws:
      GenericProvisioningException - if any other errors occur while fetching account details.
      Since:
      11.1.2.0.0

    • getUserAccountDetailsInApplicationInstance

      List<Account> getUserAccountDetailsInApplicationInstance(String userId, long appInstanceKey) throws UserNotFoundException, ApplicationInstanceNotFoundException, AccessDeniedException, GenericProvisioningException
      This API method checks if the user has an account in the specified application instance. If an account is found, this API will return a List of Account provisioned (accounts in Provisioned/Enabled/Disabled status) to the specified userId. The value object will contain information regarding the application instance, the account profile and all the entitlements corresponding to the accounts.
      Parameters:
      userId - The target user for whom operation is performed.
      appInstanceKey - ApplicationInstance key in which accounts are provisioned.
      Returns:
      List of Account value object. User can have multiple accounts in application instance and hence the list of Account
      Throws:
      UserNotFoundException - if no user is found in the system.
      ApplicationInstanceNotFoundException - if the specified Application instance is not found in the system.
      AccessDeniedException - if there is any authorization failure fetching account details. To avoid this exception, the logged in user should at least have ApplicationInstance Viewer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view ApplicationInstance.
      GenericProvisioningException - if any other errors occur while fetching account details.
      Since:
      11.1.2.0.0

    • getUserAccountDetailsInApplicationInstance

      List<Account> getUserAccountDetailsInApplicationInstance(String userId, long appInstanceKey, boolean populateAccountData) throws UserNotFoundException, ApplicationInstanceNotFoundException, AccessDeniedException, GenericProvisioningException
      This API method checks if the user has an account in the specified application instance. If an account is found, this API will return a List of Account provisioned (accounts in Provisioned/Enabled/Disabled status) to the specified userId. The value object will contain information regarding the application instance, the account profile and all the entitlements corresponding to the accounts.
      Parameters:
      userId - The target user for whom operation is performed.
      appInstanceKey - ApplicationInstance key in which accounts are provisioned.
      populateAccountData - boolean to indicate if account data should be populated in the returned Account VO. If set to false, account data will not be populated.
      Returns:
      List of Account value object. User can have multiple accounts in application instance and hence the list of Account
      Throws:
      UserNotFoundException - if no user is found in the system.
      ApplicationInstanceNotFoundException - if the specified Application instance is not found in the system.
      AccessDeniedException - if there is any authorization failure fetching account details. To avoid this exception, the logged in user should at least have ApplicationInstance Viewer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view ApplicationInstance.
      GenericProvisioningException - if any other errors occur while fetching account details.
      Since:
      11.1.2.2.0

    • getNumberOfUserAccounts

      int getNumberOfUserAccounts(String userId, long appInstanceKey) throws UserNotFoundException, ApplicationInstanceNotFoundException, AccessDeniedException, GenericProvisioningException
      This API method checks if the user has an account in the specified application instance. If an account is found, this API will return the number of Account provisioned (accounts in Provisioned/Enabled/Disabled status) to the specified userId. The value object will contain information regarding the application instance, the account profile and all the entitlements corresponding to the accounts.
      Parameters:
      userId - The target user for whom operation is performed.
      appInstanceKey - ApplicationInstance key in which accounts are provisioned.
      Returns:
      int User can have multiple accounts in application instance and hence the number of Accounts
      Throws:
      UserNotFoundException - if no user is found in the system.
      ApplicationInstanceNotFoundException - if the specified Application instance is not found in the system.
      AccessDeniedException - if there is any authorization failure fetching account details. To avoid this exception, the logged in user should at least have ApplicationInstance Viewer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view ApplicationInstance.
      GenericProvisioningException - if any other errors occur while fetching account details.
      Since:
      12.2.2.1.0

    • changeAccountPassword

      void changeAccountPassword(long accountId, char[] newPassword) throws AccessDeniedException, AccountNotFoundException, GenericProvisioningException
      This API method is used to change user's account password. It validates if new account password is in accordance with defined password policies for a given account.
      Parameters:
      accountId - - This is OIU_KEY for the account
      newPassword - - Character array containing new password
      Throws:
      AccountNotFoundException - if the account with the specified accountId does not exist.
      AccessDeniedException - if there is any authorization failure while changing the account password. To avoid this exception, the logged in user should at least have ApplicationInstance Authorizer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to modify account password.
      GenericProvisioningException - if any other error, connector failures occur.
      Since:
      11.1.2.0.0
      See Also:

    • changeAccountStatus

      void changeAccountStatus(long accountId, String newStatus) throws AccessDeniedException, AccountNotFoundException, GenericProvisioningException, Exception
      Throws:
      AccessDeniedException
      AccountNotFoundException
      GenericProvisioningException
      Exception

    • updateAccountDataForRevokeRejectedServiceNow

      void updateAccountDataForRevokeRejectedServiceNow(long accountId) throws AccessDeniedException, AccountNotFoundException, GenericProvisioningException, Exception
      Throws:
      AccessDeniedException
      AccountNotFoundException
      GenericProvisioningException
      Exception

    • getPasswordResettableAccountsForUser

      List<Account> getPasswordResettableAccountsForUser(String userID) throws UserNotFoundException, GenericProvisioningException
      This API method returns a list of accounts provisioned to the user for which password can be reset. That is, it returns only those accounts that have user defined password field in process form. i.e sdc_field_type = passwordField && sdc_name = FormName_PASSWORD The returned list will not contain disconnected account or accounts that are revoked.
      Parameters:
      userId - The target user id for whom operation is performed.
      Returns:
      A List of Account objects, which contains details about the application instance, the account profile and the entitlements corresponding to the accounts
      Throws:
      UserNotFoundException - if no user is found in the system.
      GenericProvisioningException - if any other errors occur while fetching account details.
      Since:
      11.1.2.0.0

    • changeAccountType

      void changeAccountType(long accountId, Account.ACCOUNT_TYPE accountType) throws AccessDeniedException, AccountNotFoundException, GenericProvisioningException
      This API is used to change the account type of the account.
      Parameters:
      accountId - - This is OIU_KEY for the account
      accountType - - The values can be Account.ACCOUNT_TYPE.Primary, Account.ACCOUNT_TYPE.Secondery, Account.ACCOUNT_TYPE.Admin, Account.ACCOUNT_TYPE.Other, Account.ACCOUNT_TYPE.ServiceAccount An account can not change from Primary to any other type However, any other type can be changed into primary account.
      Throws:
      AccountNotFoundException - thrown if no account is found corresponding to the specified accountId.
      AccessDeniedException - if there is any authorization failure while modifying the account type. To avoid this exception, the logged in user should at least have ApplicationInstance Authorizer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to modify account.
      GenericProvisioningException - thrown if any error in db, connector failures occur.
      Since:
      11.1.2.0.0

    • getEntitlementInstance

      EntitlementInstance getEntitlementInstance(long accountId, long entitlemenkey) throws AccessDeniedException, EntitlementInstanceNotFoundException, GenericProvisioningException
      This API method returns an entitlement instance provisioned to the user corresponding to the entitlement key and account id
      Parameters:
      accountId - The accountId of the account to which the Entitlement is granted to.
      entitlementKey - The entitlement key
      Returns:
      An EntitlementInstance object which contains details about entitlement provisioned to the user.
      Throws:
      EntitlementInstanceNotFoundException - if the entitlement instance does not exist.
      AccessDeniedException - if there is any authorization failure while getting the EntitlementInstance. To avoid this exception, the logged in user should at least have Entitlement Authorizer Admin Role on Organization to which this Entitlement is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to view entitlement.
      GenericProvisioningException - if any other errors occur while fetching entitlement details.
      Since:
      11.1.2.2.0
      See Also:

    • grantEntitlements

      void grantEntitlements(List<EntitlementInstance> entitlementInstances) throws BulkProvisioningException
      This API method grants the list of specified EntitlementInstance to the specified account This is a bulk operation that grants multiple EntitlementInstance to user's account.
      Parameters:
      entitlementInstances - the list of entitlementInstances that need to be granted to the account
      Throws:
      BulkProvisioningException - if errors occur during bulk operations
      Since:
      11.1.2.2.0

    • findEntitlementsForRole

      List<Entitlement> findEntitlementsForRole(String roleKey) throws AccessDeniedException, GenericProvisioningException
      This API method returns the list of entitlements for the given role key. It finds the access policies associated with this role and then returns a list of entitlements associated to such access policies.
      Parameters:
      roleKey - roleKey for which associated Entitlements need to be fetched.
      Returns:
      List A list of Entitlement value objects.
      Throws:
      AccessDeniedException - if there is any authorization failure while getting the Entitlements. only user with capability "Role-View/Search" which allows user to view and search roles can access this API.
      GenericProvisioningException - if any other errors occur while fetching entitlement details.

    • getEntitlementsForAccessPolicies

      List<Entitlement> getEntitlementsForAccessPolicies(List<String> policyKeys, Map<String,Object> configParams) throws AccessDeniedException, GenericProvisioningException
      This API method returns the list of Entitlements for the given access policy Keys.
      Parameters:
      policyKeys - list of policyKeys for which associated Entitlements (as child access policy default data) need to be fetched.
      configParams - Parameters to further configure the search operation. There are four configuration parameters. STARTROW, ENDROW, SORTEDBY and SORTORDER.

      The STARTROW and ENDROW search configuration parameters indicates which subset of the complete search result is to be fetched.

      The SORTEDBY search configuration parameter indicates the attribute on which search result is to be sorted.

      The SORTORDER search configuration parameter indicates the order of sorting. There are two possible values for this parameter. To sort the result in ascending order use SortOrder.ASCENDING and to sort the result in descending order use SortOrder.DESCENDING.

      Returns:
      List List of Entitlment value objects.
      Throws:
      AccessDeniedException - if there is any authorization failure while getting the Entitlements. only user with the capability "Role-Create" which allowes user to create a role can access this api.
      GenericProvisioningException - if any other errors occur while fetching entitlement details.

    • getProvisionedAccountsForAppInstance

      List<Account> getProvisionedAccountsForAppInstance(String appInstance, SearchCriteria crit, HashMap<String,Object> configParams) throws GenericProvisioningException, AccessDeniedException
      This API method rethrns the list of accounts for a given application instance name. The account VOs returned will be the light-weight VOs.
      Parameters:
      appInstance -
      searchCriteria - The search criteria based on which entries will be retrieved from the backend. The possible SearchCriteria are ProvisioningConstants.AccountSearchAttribute.ACCOUNT_STATUS ProvisioningConstants.AccountSearchAttribute.ACCOUNT_TYPE
      configParams - Parameters to further configure the search operation. There are four configuration parameters. ApplicationInstance.STARTROW, Applicationunstance.ENDROW, ApplicationInstance SORTEDBY, ApplicationInstance SORTORDER
      Returns:
      List of accounts
      Throws:
      GenericProvisioningException
      AccessDeniedException

    • confirmAccountPassword

      boolean confirmAccountPassword(long accountId, char[] existingAccountPassword) throws AccessDeniedException, AccountNotFoundException, GenericProvisioningException
      This API method is used to verify and confirm account password.
      Parameters:
      accountId - - This is OIU_KEY for the account
      accountPassword - - Character array containing existing password that needs to be verified
      Throws:
      AccountNotFoundException - if the account with the specified accountId does not exist.
      AccessDeniedException - if there is any authorization failure while verifying existing the account password. To avoid this exception, the logged in user should at least have ApplicationInstance Authorizer Admin Role on Organization to which this ApplicationInstance is published to. If default permissions to admin roles are changed, then make sure user's admin role should have permission to modify account password.
      GenericProvisioningException - if any other error, connector failures occur.
      Since:
      11.1.2.2.0
      See Also:

    • provisionRoleToOrg

      long provisionRoleToOrg(String appInstanceName, Role role) throws AccessDeniedException, GenericProvisioningException
      This API is used to create role in target LDAP in OAM-OIM Integrated setup
      Parameters:
      appInstanceName - Name of application instance created for target LDAP Resource
      role - Role vo created in OIM and to be created in target LDAP
      Returns:
      processinstancekey corresponding to the role created in LDAP
      Throws:
      GenericProvisioningException
      AccessDeniedException

    • modifyRole

      long modifyRole(String appInstanceName, Role role) throws AccessDeniedException, GenericProvisioningException
      This API is used to modify role in target LDAP in OAM-OIM Integrated setup
      Parameters:
      appInstanceName - Name of application instance created for target LDAP Resource
      role - Role vo corresponding to the group in target LDAP that is to be modified
      Returns:
      processinstanceKey corresponding to the role modified in LDAP
      Throws:
      AccessDeniedException
      GenericProvisioningException

    • deleteRole

      long deleteRole(String appInstanceName, Role role) throws AccessDeniedException, GenericProvisioningException
      This API is used to delete role in target LDAP in OAM-OIM Integrated setup
      Parameters:
      appInstanceName - Name of application instance created for target LDAP Resource
      role - Role vo corresponding to the group in target LDAP that is to be deleted
      Returns:
      processinstanceKey corresponding to the role deleted in LDAP
      Throws:
      AccessDeniedException
      GenericProvisioningException

    • addRoleRelationship

      long addRoleRelationship(String appInstanceName, Role parentRole, Role childRole) throws AccessDeniedException, GenericProvisioningException
      Parameters:
      appInstanceName -
      parentRole -
      childRole -
      Returns:
      Throws:
      AccessDeniedException
      GenericProvisioningException

    • removeRoleRelationship

      void removeRoleRelationship(String appInstanceName, Role parentRole, Role childRole) throws AccessDeniedException, GenericProvisioningException
      Parameters:
      appInstanceName -
      parentRole -
      childRole -
      Throws:
      AccessDeniedException
      GenericProvisioningException

    • findUserEndDate

      Date findUserEndDate(String usrKey) throws GenericProvisioningException
      Parameters:
      usrKey -
      Throws:
      GenericProvisioningException