Package com.sas.metadata.remote

Interface AccessControlEntry

All Superinterfaces:
AccessControl, CMetadata, MdObjectBase, MdObjectBaseUtil, MdObjectBaseXML, PrimaryType, Remote, Root
public interface AccessControlEntry extends AccessControl
The AccessControlEntry metadata type is used to define an access control directly on a resource. The access control is stored with the resource definition and is unique to that resource. That is, the AccessControlEntry (ACE) cannot be applied to another metadata object.

An ACE can specify permissions for both individual users and for groups. If a given identity is referenced more than once in the ACE, for example, both directly and by virtue of membership in one or more groups, the permission assigned directly to the identity will take precedence.

When the SAS Open Metadata Architecture authorization facility evaluates access controls, a permission assigned in an ACE will take precedence over a permission assigned in an AccessConrolTemplate (ACT). A resource-specific access control also takes precedence over any inherited access controls and permissions assigned in the Repository ACT.

An ACE should not be explicitly created or deleted. Access controls are managed programmatically using the SAS Open Metadata Interface ISecurityAdmin server interface, which is documented in the SAS 9.2 Open Metadata Interface: Reference and Usage. ISecurityAdmin provides methods for defining and managing direct access controls as well as access control templates.

Attributes of AccessControlEntry are:

Associations of AccessControlEntry are:

Usage

To create an instance of this AccessControlEntry, use the factory create methods.
Example: create a AccessControlEntry with name "AccessControlEntry_Object", in repository "AAAAAAAA".
 // create a store to contain your objects for this change. If you do not have an existing object
 // or store to use.  You may obtain the store from another object by using Object.getObjectStore().
 MdFactory factory; //where "factory" is a valid MdFactory instance
 MdObjectStore objectStore = factory.createObjectStore();
 AccessControlEntry myObject = (AccessControlEntry) factory.createComplexMetadataObject(objectStore, "AccessControlEntry_Object", MetadataObjects.ACCESSCONTROLENTRY, "AAAAAAAA");
 myObject.updateMetadataAll();  // Write object to server
 objectStore.dispose();  // dispose of the object store if it is no longer needed

Behavior

  • Attributes and associations for this object can be retrieved by using the methods in MdOMIUtil.
  • When changes are made to the object, either by setting an attribute or adding objects to a particular association, they can be persisted to the metadata server with the updateMetadataAll method.
  • If an object needs to be deleted, the delete method can be used. This will flag the object as being deleted on the client, and will require an update call to persist the change to the server.

Dependencies

This class depends on objects being contained in an MdObjectStore. Object stores should be disposed of when they are no longer needed as this will help clean up memory. Disposing an object store will dispose of all objects contained within that store.

Since:
9.0

  • Field Details

    • ASSOCIATION_ASSOCIATEDCONDITION_NAME

      static final String ASSOCIATION_ASSOCIATEDCONDITION_NAME
      Constant used for the name of the AssociatedCondition association.

      AssociatedCondition: The associated condition used to grant or deny access to a resource. 

      See Also:

    • ASSOCIATION_IDENTITIES_NAME

      static final String ASSOCIATION_IDENTITIES_NAME
      Constant used for the name of the Identities association.

      Identities: The identities associated to this access control entry. 

      See Also:

    • ASSOCIATION_PERMISSIONS_NAME

      static final String ASSOCIATION_PERMISSIONS_NAME
      Constant used for the name of the Permissions association.

      Permissions: The permissions that are granted or denied by this access control entry. 

      See Also:

  • Method Details

    • initializeRequiredObjects

      void initializeRequiredObjects() throws RemoteException
      (S) This initializes the Required Objects(Roles) which are:
      Specified by:
      initializeRequiredObjects in interface AccessControl
      Specified by:
      initializeRequiredObjects in interface MdObjectBaseUtil
      Specified by:
      initializeRequiredObjects in interface PrimaryType
      Specified by:
      initializeRequiredObjects in interface Root
      Throws:
      RemoteException - If error connecting/communicating to/with remote object.

    • initializePredObjects

      void initializePredObjects() throws RemoteException
      (S) Adds the Associated objects to the predObjects which are:
      Specified by:
      initializePredObjects in interface AccessControl
      Specified by:
      initializePredObjects in interface MdObjectBase
      Specified by:
      initializePredObjects in interface PrimaryType
      Specified by:
      initializePredObjects in interface Root
      Throws:
      RemoteException - If error connecting/communicating to/with remote object.

    • getAssociatedConditions

      AssociationList getAssociatedConditions() throws RemoteException, MdException
      Gets the Association list of AssociatedConditions
      Returns:
      The AssociationList of AssociatedConditions which can be of type:
      PermissionCondition
      Throws:
      RemoteException - If error connecting/communicating to/with remote object.
      MdException - If error getting/setting part of the object.

    • getAssociatedCondition

      PermissionCondition getAssociatedCondition() throws RemoteException, MdException
      Gets the PermissionCondition for AssociatedCondition
      Returns:
      The PermissionCondition ( null if not set ) of AssociatedCondition which can be of type:
      PermissionCondition
      Throws:
      RemoteException - If error connecting/communicating to/with remote object.
      MdException - If error getting/setting part of the object.

    • getIdentities

      AssociationList getIdentities() throws RemoteException, MdException
      Gets the Association list of Identities
      Returns:
      The AssociationList of Identities which can be of type:
      Identity
      IdentityGroup
      Person
      Throws:
      RemoteException - If error connecting/communicating to/with remote object.
      MdException - If error getting/setting part of the object.

    • getPermissions

      AssociationList getPermissions() throws RemoteException, MdException
      Gets the Association list of Permissions
      Returns:
      The AssociationList of Permissions which can be of type:
      Permission
      Throws:
      RemoteException - If error connecting/communicating to/with remote object.
      MdException - If error getting/setting part of the object.

    • getAssociatedConditions

      AssociationList getAssociatedConditions(boolean fGoToServer) throws RemoteException, MdException
      Gets the Associationlist of AssociatedConditions
      Parameters:
      fGoToServer - boolean Get the value from the server.
      Returns:
      Returns the AssociatedConditions which can be of type:
      PermissionCondition
      Throws:
      RemoteException - If error connecting/communicating to/with remote object.
      MdException - If error getting/setting part of the object.

    • getIdentities

      AssociationList getIdentities(boolean fGoToServer) throws RemoteException, MdException
      Gets the Associationlist of Identities
      Parameters:
      fGoToServer - boolean Get the value from the server.
      Returns:
      Returns the Identities which can be of type:
      Identity
      IdentityGroup
      Person
      Throws:
      RemoteException - If error connecting/communicating to/with remote object.
      MdException - If error getting/setting part of the object.

    • getPermissions

      AssociationList getPermissions(boolean fGoToServer) throws RemoteException, MdException
      Gets the Associationlist of Permissions
      Parameters:
      fGoToServer - boolean Get the value from the server.
      Returns:
      Returns the Permissions which can be of type:
      Permission
      Throws:
      RemoteException - If error connecting/communicating to/with remote object.
      MdException - If error getting/setting part of the object.

    • setAssociatedConditions

      void setAssociatedConditions(AssociationList list) throws RemoteException
      Sets the AssociatedConditions list to be list. Objects of which can be of type:
      PermissionCondition
      Parameters:
      list - AssociationList
      Throws:
      RemoteException - If error communicating with remote object.

    • setAssociatedConditions

      void setAssociatedConditions(AssociationList list, int state) throws RemoteException
      Sets the AssociatedConditions list to be list. Objects of which can be of type:
      PermissionCondition
      Parameters:
      list - AssociationList
      state - int
      Throws:
      RemoteException - If error communicating with remote object.

    • setAssociatedCondition

      void setAssociatedCondition(PermissionCondition inObject) throws RemoteException
      Sets the AssociatedConditions list 0th element to be inObject.
      Parameters:
      inObject - PermissionCondition
      Throws:
      RemoteException - If error communicating with remote object.

    • setIdentities

      void setIdentities(AssociationList list) throws RemoteException
      Sets the Identities list to be list. Objects of which can be of type:
      Identity
      IdentityGroup
      Person
      Parameters:
      list - AssociationList
      Throws:
      RemoteException - If error communicating with remote object.

    • setIdentities

      void setIdentities(AssociationList inObjects, int state) throws RemoteException
      Sets the entire Identities list to match the passed in AssociationList, sets the state of the Identities
      Parameters:
      inObjects - AssociationList
      state - int
      Throws:
      RemoteException - If error communicating with remote object.

    • setPermissions

      void setPermissions(AssociationList list) throws RemoteException
      Sets the Permissions list to be list. Objects of which can be of type:
      Permission
      Parameters:
      list - AssociationList
      Throws:
      RemoteException - If error communicating with remote object.

    • setPermissions

      void setPermissions(AssociationList inObjects, int state) throws RemoteException
      Sets the entire Permissions list to match the passed in AssociationList, sets the state of the Permissions
      Parameters:
      inObjects - AssociationList
      state - int
      Throws:
      RemoteException - If error communicating with remote object.