com.sas.hls.security.acl
Interface AclService


public interface AclService

Service that provides a way to manipulate owner and permission information of an object. The owner and permission information are defined in an access control list or Acl. An acl can only be defined for an object that is AclSecurable. An acl contains a set of AclEntry objects which define permissions for a specific AclPrincipal. By default, an acl has an AclEntry for the AclOwner and one for AclMembers. Each acl is required to have these two entries. The AclMembers entry represents the members of the parent context of the AclSecurable object. AclEntries for specific users and groups may also be added to an acl. Each AclEntry consists of a principal and five permissions: ADMIN, READ, WRITE_PROPERTIES, WRITE_CONTENT, and DELETE. Note that read and admin permissions can not be taken away from the AclOwner.

Permissions can be set at several levels. Permissions assigned at a specific level override permissions assigned at a more general level. Here are the levels from specific to general:

  • owner
  • individual
  • group
  • member of the organization, a project or an analysis

  • Method Summary
     Acl getAcl(AclSecurable aclSecurable)
              Gets the acl for the object.
     AclContainer getAclContainer(AclContainerSecurable aclContainerSecurable)
              Gets the AclContainer for the specified container
     Acl updateAcl(AclSecurable aclSecurable, Acl acl)
              Updates the specified object with the acl
     AclContainer updateAclContainer(AclContainerSecurable aclContainerSecurable, AclContainer aclContainer)
              Updates the specified container with the aclContainer
     

    Method Detail

    getAcl

    Acl getAcl(AclSecurable aclSecurable)
               throws ObjectNotFoundException,
                      PrincipalNotFoundException
    Gets the acl for the object. By default, each acl has two acl entries, one for the owner, and one representing the members of the parent context.

    Parameters:
    aclSecurable - securable object in which to get the acl
    Returns:
    Acl for the specified object
    Throws:
    ObjectNotFoundException - Thrown if the specified object no longer exists
    PrincipalNotFoundException - Thrown if a user or group associated with the acl no longer exists

    getAclContainer

    AclContainer getAclContainer(AclContainerSecurable aclContainerSecurable)
                                 throws ObjectNotFoundException,
                                        PrincipalNotFoundException
    Gets the AclContainer for the specified container

    Parameters:
    aclContainerSecurable - securable container in which to get the acl
    Returns:
    AclContainer for the specified container
    Throws:
    ObjectNotFoundException - Thrown if the specified object no longer exists
    PrincipalNotFoundException - Thrown if a user or group associated with the acl no longer exists

    updateAcl

    Acl updateAcl(AclSecurable aclSecurable,
                  Acl acl)
                  throws AclUpdateException
    Updates the specified object with the acl

    Parameters:
    aclSecurable - the object whose acl will be updated
    acl - acl to set on the specified object
    Returns:
    Acl The updated acl for the specified object
    Throws:
    AclUpdateException - Thrown if the specified acl can not be updated for the given object

    updateAclContainer

    AclContainer updateAclContainer(AclContainerSecurable aclContainerSecurable,
                                    AclContainer aclContainer)
                                    throws AclUpdateException
    Updates the specified container with the aclContainer

    Parameters:
    aclContainerSecurable - the container whose acl will be updated
    aclContainer - aclContainer to set on the specified container
    Returns:
    AclContainer The updated aclContainer for the specified container
    Throws:
    AclUpdateException - Thrown if the specified acl can not be updated for the given container


    Copyright (c) 2013, SAS Institute Inc., Cary, NC, USA