com.sas.hls.security.privilege
Interface GlobalPrivilegeAssignmentService


public interface GlobalPrivilegeAssignmentService

The GlobalPrivilegeAssignmentService provides methods to manage the assignment of global privileges to users. Global privileges are system level privileges that are not associated with contexts. These can be directly granted to users in the system


Method Summary
 Set<UserDescriptor> getAllGrantees(Set<Privilege> privileges)
          Return a list of users which have ANY of the specified privileges granted
 Set<Privilege> getAvailablePrivileges()
          Returns a list of global privileges that are available for global assignment.
 Set<Privilege> getGrantedPrivileges(UserDescriptor user)
          Get the set of privileges which are granted to a user.
 Set<UserDescriptor> getGrantees(Privilege privilege)
          Get the set of users who have been granted the specified privilege
 void grantPrivilege(UserDescriptor user, Privilege privilege)
          Directly grant a privilege to a specified user.
 void grantPrivileges(UserDescriptor user, Set<Privilege> privileges)
          Directly grant privileges to a specified user.
 void grantPrivilegesToPrincipals(Set<? extends UserDescriptor> users, Set<Privilege> privileges)
          Directly grant privileges to the specified principals.
 boolean hasPrivilege(UserDescriptor user, Privilege privilege)
          Does the specified user have a certain privilege
 void revokeAllPrivileges(UserDescriptor user)
          Revoke all privileges directly given to a user.
 void revokePrivilege(UserDescriptor user, Privilege privilege)
          Revoke a privilege directly given to a user.
 void revokePrivileges(UserDescriptor user, Set<Privilege> privileges)
          Revoke a set of privileges directly given to a user.
 void revokePrivilegesFromPrincipals(Set<? extends UserDescriptor> users, Set<Privilege> privileges)
          Revoke a set of privileges directly given to a user.
 void setPrivileges(UserDescriptor user, Set<Privilege> privileges)
          Set what privileges are directly given to a specified user.
 

Method Detail

grantPrivilege

void grantPrivilege(UserDescriptor user,
                    Privilege privilege)
                    throws InvalidPrivilegeException,
                           PrincipalNotFoundException,
                           PrivilegeExistsException
Directly grant a privilege to a specified user.

Parameters:
user - the principal to grant a privilege to (Note: in this version of the API, the principal is restricted to a user and not a group).
privilege - the privilege to grant to the user.
Throws:
InvalidPrivilegeException - thrown when the privilege specified is not defined.
PrincipalNotFoundException - thrown when the principal specified is not found.
PrivilegeExistsException - thrown when the privilege is already directly granted to the specified principal.

grantPrivileges

void grantPrivileges(UserDescriptor user,
                     Set<Privilege> privileges)
                     throws PrincipalNotFoundException,
                            PrivilegeExistsException,
                            InvalidPrivilegeException
Directly grant privileges to a specified user.

Parameters:
user - the principal to grant a privilege to (Note: in this version of the API, the principal is restricted to a user and not a group).
privileges - the set of privileges to grant to the user.
Throws:
InvalidPrivilegeException - thrown when the privilege specified is not defined.
PrincipalNotFoundException - thrown when the principal specified is not found.
PrivilegeExistsException - thrown when the privilege is already directly granted to the specified principal.

grantPrivilegesToPrincipals

void grantPrivilegesToPrincipals(Set<? extends UserDescriptor> users,
                                 Set<Privilege> privileges)
                                 throws InvalidPrivilegeException
Directly grant privileges to the specified principals.

Parameters:
users - The principals to give these privileges to (NOTE: in this version of theAPI this is restricted to users).
privileges - the set of privileges to grant
Throws:
InvalidPrivilegeException - thrown when the privilege specified is not defined.

revokePrivilege

void revokePrivilege(UserDescriptor user,
                     Privilege privilege)
                     throws InvalidPrivilegeException,
                            PrincipalNotFoundException,
                            PrivilegeNotFoundException
Revoke a privilege directly given to a user.

Parameters:
user - the user who was given the privilege
privilege - the privilege to revoke from the user
Throws:
InvalidPrivilegeException - thrown when the privilege specified is not granted to the principal.
PrincipalNotFoundException - thrown when the principal (user) specified is not found
PrivilegeNotFoundException - thrown when the privilege specified is not defined

revokePrivileges

void revokePrivileges(UserDescriptor user,
                      Set<Privilege> privileges)
                      throws PrincipalNotFoundException,
                             PrivilegeNotFoundException,
                             InvalidPrivilegeException
Revoke a set of privileges directly given to a user.

Parameters:
user - the user who was given the privilege
privileges - the set of privileges to revoke from the user
Throws:
InvalidPrivilegeException - thrown when the privilege specified is not granted to the principal.
PrincipalNotFoundException - thrown when the principal (user) specified is not found
PrivilegeNotFoundException - thrown when the privilege specified is not defined

revokeAllPrivileges

void revokeAllPrivileges(UserDescriptor user)
                         throws PrincipalNotFoundException
Revoke all privileges directly given to a user.

Parameters:
user - the user who was given the privilege
Throws:
PrincipalNotFoundException - thrown when the principal (user) specified is not found

revokePrivilegesFromPrincipals

void revokePrivilegesFromPrincipals(Set<? extends UserDescriptor> users,
                                    Set<Privilege> privileges)
                                    throws PrivilegeNotFoundException,
                                           InvalidPrivilegeException
Revoke a set of privileges directly given to a user.

Parameters:
users - the users
privileges - the set of privileges to revoke from the users
Throws:
InvalidPrivilegeException - thrown when the privilege specified is not granted to the principal.
PrincipalNotFoundException - thrown when the principal (user) specified is not found
PrivilegeNotFoundException - thrown when the privilege specified is not defined

setPrivileges

void setPrivileges(UserDescriptor user,
                   Set<Privilege> privileges)
                   throws PrincipalNotFoundException,
                          InvalidPrivilegeException
Set what privileges are directly given to a specified user.

Parameters:
user - the user who is given the privileges
privileges - the set of privileges to revoke from the user
Throws:
InvalidPrivilegeException - thrown when the privilege specified is not granted to the principal.
PrincipalNotFoundException - thrown when the principal (user) specified is not found

getGrantedPrivileges

Set<Privilege> getGrantedPrivileges(UserDescriptor user)
                                    throws PrincipalNotFoundException
Get the set of privileges which are granted to a user.

Parameters:
user - the user in question
Returns:
the set of privileges granted to the user.
Throws:
PrincipalNotFoundException - thrown when the principal (user) specified is not found

getGrantees

Set<UserDescriptor> getGrantees(Privilege privilege)
                                throws InvalidPrivilegeException
Get the set of users who have been granted the specified privilege

Parameters:
privilege - the privilege in question
Returns:
the set of users who are granted the privilege
Throws:
InvalidPrivilegeException - thrown when the privilege specified is not granted to the principal.
PrincipalNotFoundException - thrown when the principal (user) specified is not found

getAllGrantees

Set<UserDescriptor> getAllGrantees(Set<Privilege> privileges)
                                   throws InvalidPrivilegeException
Return a list of users which have ANY of the specified privileges granted

Parameters:
privileges - the privileges in question
Returns:
the set of users who have any of the provided privileges granted to them
Throws:
InvalidPrivilegeException - the privilege specified is not defined on the server

hasPrivilege

boolean hasPrivilege(UserDescriptor user,
                     Privilege privilege)
                     throws InvalidPrivilegeException,
                            PrincipalNotFoundException
Does the specified user have a certain privilege

Parameters:
user - the user in question
privilege - the privilege in question
Returns:
boolean value indicating if the user has that privilege
Throws:
InvalidPrivilegeException - The privilege specified is not defined on the server
PrincipalNotFoundException - The user specified is not defined on the server

getAvailablePrivileges

Set<Privilege> getAvailablePrivileges()
Returns a list of global privileges that are available for global assignment.

Returns:
list of Privilege objects that are available for global assignment.


Copyright (c) 2016, SAS Institute Inc., Cary, NC, USA