Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.novell.nds.dirxml.job
Interface CheckPrivileges

public interface CheckPrivileges

Interface used to check directory privileges for the DirXML-Job object or for another directory object to a target object in the directory.

This is intended to be used primarily in support of the Job.checkConfig() method.

See Also:
Job.checkConfig(com.novell.nds.dirxml.job.JobManager,java.util.Locale), CheckPrivilegesResult

Field Summary
static String ALL_ATTRS_NAME
          "[All Attribute Rights]" - a special attribute name used for determining eDirectory rights.
static int ATTR_COMPARE
          Bit-value indicating a trustee has eDirectory "compare" rights to an attribute.
static int ATTR_INHERIT_CTL
          Bit-value indicating eDirectory attribute rights are inherited by subordinate objects
static int ATTR_READ
          Bit-value indicating a trustee has eDirectory "read" rights to an attribute.
static int ATTR_SELF
          Bit-value indicating a trustee has eDirectory "self" rights to an attribute.
static int ATTR_SUPERVISOR
          Bit-value indicating a trustee has eDirectory "supervisor" rights to an attribute.
static int ATTR_WRITE
          Bit-value indicating a trustee has eDirectory "write" rights to an attribute.
static int DRIVER_CHECK_OBJECT_PASSWORD
          Argument value for checkPrivilegeToDriver.
static int DRIVER_CONFIGURE
          Argument value for checkPrivilegeToDriver.
static int DRIVER_MANAGE
          Argument value for checkPrivilegeToDriver.
static int DRIVER_MIGRATE_APP
          Argument value for checkPrivilegeToDriver.
static int DRIVER_RUN
          Argument value for checkPrivilegeToDriver.
static int DRIVER_SUBMIT_COMMAND
          Argument value for checkPrivilegeToDriver.
static int ENTRY_ADD
          Bit-value indicating a trustee has eDirectory "add" rights to an entry.
static int ENTRY_BROWSE
          Bit-value indicating a trustee has eDirectory "browse" rights to an entry.
static int ENTRY_DELETE
          Bit-value indicating a trustee has eDirectory "delete" rights to an entry.
static int ENTRY_INHERIT_CTL
          Bit-value indicating that eDirectory entry rights are inherited by subordinate objects.
static int ENTRY_RENAME
          Bit-value indicating a trustee has eDirectory "rename" rights to an entry.
static String ENTRY_RIGHTS_NAME
          "[Entry Rights]" - a special attribute name used for determining eDirectory entry rights

Use as an argument to trusteeHasPrivilege
static int ENTRY_SUPERVISOR
          Bit-value indicating a trustee has eDirectory "supervisor" rights to an entry.
 
Method Summary
 boolean checkPrivilegeToDriver(int privileges)
          Return true if the DirXML-Job object definining the job has the specified privilege(s) to its containing DirXML-Driver object (if the job is contained by a driver).
 boolean checkPrivilegeToDriver(int privileges, DirectoryObject driverObject)
          Return true if the DirXML-Job object definining the job has the specified privilege(s) to the specified DirXML-Driver object.
 boolean trusteeHasPrivilege(DirectoryObject target, DirectoryObject trustee, String attrName, int privileges)
          Return true if a trustee object has specified privileges to an eDirectory object.
 boolean trusteeManagesPassword(DirectoryObject target, DirectoryObject trustee)
          Return true if a trustee object has "manage password" rights to an eDirectory object.
 

Field Detail

DRIVER_MIGRATE_APP

static final int DRIVER_MIGRATE_APP
Argument value for checkPrivilegeToDriver. Specifies that the DirXML-Job object has the necessary privileges to queue a query event to the driver represented by the job object's containing DirXML-Driver object. The query event is submitted to DriverInterface.queueEventDocument.

See Also:
DriverInterface.queueEventDocument(com.novell.nds.dirxml.driver.XmlDocument), Constant Field Values

DRIVER_SUBMIT_COMMAND

static final int DRIVER_SUBMIT_COMMAND
Argument value for checkPrivilegeToDriver. Specifies that the DirXML-Job object has the necessary privileges to submit a command to the driver represented by the job object's containing DirXML-Driver object.

A command is any document submitted to DriverInterface.submitCommandDocument and any non-query event submitted to DriverInterface.queueEventDocument.

See Also:
DriverInterface.submitCommandDocument(com.novell.nds.dirxml.driver.XmlDocument), DriverInterface.queueEventDocument(com.novell.nds.dirxml.driver.XmlDocument), Constant Field Values

DRIVER_RUN

static final int DRIVER_RUN
Argument value for checkPrivilegeToDriver. Specifies that the DirXML-Job object has the necessary privileges to start or stop the driver represented by the job object's containing DirXML-Driver object.

See Also:
Constant Field Values

DRIVER_CONFIGURE

static final int DRIVER_CONFIGURE
Argument value for checkPrivilegeToDriver. Specifies that the DirXML-Job object has the necessary privileges to configure the represented by the job object's containing DirXML-Driver object.

See Also:
Constant Field Values

DRIVER_CHECK_OBJECT_PASSWORD

static final int DRIVER_CHECK_OBJECT_PASSWORD
Argument value for checkPrivilegeToDriver. Specifies that the DirXML-Job object has the necessary privileges to check an object's password in the driver's connected system.

See Also:
Constant Field Values

DRIVER_MANAGE

static final int DRIVER_MANAGE
Argument value for checkPrivilegeToDriver. Specifies that the DirXML-Job object has the necessary privileges to "manage" a driver (e.g., manipulate the driver's cache).

See Also:
Constant Field Values

ALL_ATTRS_NAME

static final String ALL_ATTRS_NAME
"[All Attribute Rights]" - a special attribute name used for determining eDirectory rights.

Use as an argument to trusteeHasPrivilege

See Also:
Constant Field Values

ENTRY_RIGHTS_NAME

static final String ENTRY_RIGHTS_NAME
"[Entry Rights]" - a special attribute name used for determining eDirectory entry rights

Use as an argument to trusteeHasPrivilege

See Also:
Constant Field Values

ENTRY_BROWSE

static final int ENTRY_BROWSE
Bit-value indicating a trustee has eDirectory "browse" rights to an entry.

See Also:
Constant Field Values

ENTRY_ADD

static final int ENTRY_ADD
Bit-value indicating a trustee has eDirectory "add" rights to an entry.

See Also:
Constant Field Values

ENTRY_DELETE

static final int ENTRY_DELETE
Bit-value indicating a trustee has eDirectory "delete" rights to an entry.

See Also:
Constant Field Values

ENTRY_RENAME

static final int ENTRY_RENAME
Bit-value indicating a trustee has eDirectory "rename" rights to an entry.

See Also:
Constant Field Values

ENTRY_SUPERVISOR

static final int ENTRY_SUPERVISOR
Bit-value indicating a trustee has eDirectory "supervisor" rights to an entry.

See Also:
Constant Field Values

ENTRY_INHERIT_CTL

static final int ENTRY_INHERIT_CTL
Bit-value indicating that eDirectory entry rights are inherited by subordinate objects.

See Also:
Constant Field Values

ATTR_COMPARE

static final int ATTR_COMPARE
Bit-value indicating a trustee has eDirectory "compare" rights to an attribute.

See Also:
Constant Field Values

ATTR_READ

static final int ATTR_READ
Bit-value indicating a trustee has eDirectory "read" rights to an attribute.

See Also:
Constant Field Values

ATTR_WRITE

static final int ATTR_WRITE
Bit-value indicating a trustee has eDirectory "write" rights to an attribute.

See Also:
Constant Field Values

ATTR_SELF

static final int ATTR_SELF
Bit-value indicating a trustee has eDirectory "self" rights to an attribute.

See Also:
Constant Field Values

ATTR_SUPERVISOR

static final int ATTR_SUPERVISOR
Bit-value indicating a trustee has eDirectory "supervisor" rights to an attribute.

See Also:
Constant Field Values

ATTR_INHERIT_CTL

static final int ATTR_INHERIT_CTL
Bit-value indicating eDirectory attribute rights are inherited by subordinate objects

See Also:
Constant Field Values
Method Detail

checkPrivilegeToDriver

boolean checkPrivilegeToDriver(int privileges)
Return true if the DirXML-Job object definining the job has the specified privilege(s) to its containing DirXML-Driver object (if the job is contained by a driver).

This method is an encapsulation of trusteeHasPrivilege that hides the details of which attributes and privileges are needed for the rights to perform operations on a driver.

Parameters:
privileges - any combination of DRIVER_MIGRATE_APP, DRIVER_SUBMIT_COMMAND, DRIVER_RUN, DRIVER_CONFIGURE, DRIVER_CHECK_OBJECT_PASSWORD, and DRIVER_MANAGE.
Returns:
true if the DirXML-Job object has the specified privileges

checkPrivilegeToDriver

boolean checkPrivilegeToDriver(int privileges,
                               DirectoryObject driverObject)
Return true if the DirXML-Job object definining the job has the specified privilege(s) to the specified DirXML-Driver object.

This method is an encapsulation of trusteeHasPrivilege that hides the details of which attributes and privileges are needed for the rights to perform operations on a driver.

The parameter driverObject must refer to a DirXML-Driver object in the same driver set as the DirXML-Job object representing the calling job.

Parameters:
privileges - any combination of DRIVER_MIGRATE_APP, DRIVER_SUBMIT_COMMAND, DRIVER_RUN, DRIVER_CONFIGURE, DRIVER_CHECK_OBJECT_PASSWORD, and DRIVER_MANAGE.
driverObject - reference to the desired DirXML-Driver
Returns:
true if the DirXML-Job object has the specified privileges

trusteeHasPrivilege

boolean trusteeHasPrivilege(DirectoryObject target,
                            DirectoryObject trustee,
                            String attrName,
                            int privileges)
Return true if a trustee object has specified privileges to an eDirectory object.

For this call to succeed the DirXML-Job object representing the job must either have read rights to the target object's ACL attribute or the DirXML-Job object must be the trustee object. If one of the two conditions noted are not satisfied then false is returned.

Note: To determine entry rights use ENTRY_RIGHTS_NAME as the attribute name.

Parameters:
target - the eDirectory object against which the trustee object's rights are checked
trustee - the eDirectory object whose rights are checked against the target object
attrName - eDirectory attribute name, ALL_ATTRS_NAME, or ENTRY_RIGHTS_NAME
privileges - bit-mapped privilege values (ATTR_READ, ENTRY_BROWSE, etc.)
Returns:
true if the trustee object has the specified privileges

trusteeManagesPassword

boolean trusteeManagesPassword(DirectoryObject target,
                               DirectoryObject trustee)
Return true if a trustee object has "manage password" rights to an eDirectory object. "Manage password" rights means that the trustee object has write privileges to the ACL attribute on the target object (effectively supervisor rights).

For this call to succeed the DirXML-Job object representing the job must either have read rights to the target object's ACL attribute or the DirXML-Job object must be the trustee object. If one of the two conditions noted are not satisfied then false is returned.

Parameters:
target - the eDirectory object against which the trustee object's rights are checked
trustee - the eDirectory object whose rights are checked against the target object
Returns:
true if the trustee object has the "manage password" rights to the target object
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD