Package ch.ivyteam.ivy.security

Interface ISecurityDescriptor

public interface ISecurityDescriptor
A Security Descriptor is used to decide if a session has a permission to do something. A Security Descriptor typically is associated to an object, like a web application or the ivyGrid Server. Therefore a session can do something on an object if the session has the permission on the object's security descriptor. The security descriptor can be modified by session who has the right to do that. Modifications are grant or deny a permission to a user or role.
Since:
17.05.2006
API:
This is a public API.

  • Method Details

    • hasPermission

      boolean hasPermission(ISession session, IPermission permission)
      Checks if the session has a certain permission
      Parameters:
      session - the session to check
      permission - the permission to check
      Returns:
      true if sesion has permission, otherwise false
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • getPermissions

      List<IPermission> getPermissions()
      Gets the permissions that can be granted and denied on this security descriptor
      Returns:
      list with the permissions
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.
      Security:
      SESSION OWNS SecurityDescriptorReadAllPermissions PERMISSION OR OWNS SecurityDescriptorReadAllPermissions@SYSTEM PERMISSION

    • getSecurityDescriptorType

      ISecurityDescriptorType getSecurityDescriptorType()
      Gets the security descriptor type
      Returns:
      security descriptor type
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.
      Security:
      SESSION OWNS SecurityDescriptorReadSecurityDescriptorType PERMISSION OR OWNS SecurityDescriptorReadSecurityDescriptorType@SYSTEM PERMISSION

    • getAccessControlsForPermission

      List<IAccessControl> getAccessControlsForPermission(IPermission permission)
      Gets the access control entries for a certain permission
      Parameters:
      permission - The permission whichs access control entries should be return
      Returns:
      list with AccessControls for a permission
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.
      Security:
      SESSION OWNS SecurityDescriptorReadAccessControl PERMISSION OR OWNS SecurityDescriptorReadAccessControl@SYSTEM PERMISSION

    • grantPermission

      void grantPermission(IPermission permission, ISecurityMember member)
      Grants a permission to a security member
      Parameters:
      permission - the permission to grant
      member - the security member to which the permission should be granted
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • ungrantPermission

      void ungrantPermission(IPermission permission, ISecurityMember member)
      Ungrants a permission from a security member
      Parameters:
      permission - the permission to ungrant
      member - the security memberr from which the permission should be ungranted
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.
      Security:
      SESSION OWNS SecurityDescriptorUngrantPermission PERMISSION OR OWNS SecurityDescriptorUngrantPermission@SYSTEM PERMISSION

    • denyPermission

      void denyPermission(IPermission permission, ISecurityMember member)
      Denies a permission to a security member
      Parameters:
      permission - the permission to deny
      member - the security member to which the permission should be denied
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.
      Security:
      SESSION OWNS SecurityDescriptorDenyPermission PERMISSION OR OWNS SecurityDescriptorDenyPermission@SYSTEM PERMISSION

    • undenyPermission

      void undenyPermission(IPermission permission, ISecurityMember member)
      Undeny a permission from a security member
      Parameters:
      permission - the permission to undeny
      member - the security memberr from which the permission should be undenied
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.
      Security:
      SESSION OWNS SecurityDescriptorUndenyPermission PERMISSION OR OWNS SecurityDescriptorUndenyPermission@SYSTEM PERMISSION

    • grantPermissions

      void grantPermissions(IPermissionGroup permissionGroup, ISecurityMember member)
      Grants all permissions of a permission group to a security member
      Parameters:
      permissionGroup - the permission group to grant all permissions of
      member - the security member to which the permission should be granted
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • ungrantPermissions

      void ungrantPermissions(IPermissionGroup permissionGroup, ISecurityMember member)
      Ungrants a all permissions of a permission group from a security member
      Parameters:
      permissionGroup - the permission group to ungrant all permissions of
      member - the security memberr from which the permission should be ungranted
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.
      Security:
      SESSION OWNS SecurityDescriptorUngrantPermission PERMISSION OR OWNS SecurityDescriptorUngrantPermission@SYSTEM PERMISSION

    • denyPermissions

      void denyPermissions(IPermissionGroup permissionGroup, ISecurityMember member)
      Denies a all permissions of a permission group to a security member
      Parameters:
      permissionGroup - the permission group to deny all permissions of
      member - the security member to which the permission should be denied
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.
      Security:
      SESSION OWNS SecurityDescriptorDenyPermission PERMISSION OR OWNS SecurityDescriptorDenyPermission@SYSTEM PERMISSION

    • undenyPermissions

      void undenyPermissions(IPermissionGroup permissionGroup, ISecurityMember member)
      Undeny a all permissions of a permission group from a security member
      Parameters:
      permissionGroup - the permission group to undeny all permissions of
      member - the security memberr from which the permission should be undenied
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.
      Security:
      SESSION OWNS SecurityDescriptorUndenyPermission PERMISSION OR OWNS SecurityDescriptorUndenyPermission@SYSTEM PERMISSION

    • getPermissionAccess

      IPermissionAccess getPermissionAccess(IPermission permission, ISecurityMember member)
      Gets the permission access of a security member
      Parameters:
      permission - the permission which permission access should be return
      member - the security member which permission access should be returned
      Returns:
      permisssion access
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.
      Security:
      SESSION OWNS SecurityDescriptorReadPermissionAccess PERMISSION OR OWNS SecurityDescriptorReadPermissionAccess@SYSTEM PERMISSION

    • getPermissionAccesses

      List<IPermissionAccess> getPermissionAccesses(ISecurityMember member)
      Gets all permission accesses of all permissions for a security member
      Parameters:
      member - the security member which permission accesses should be returned
      Returns:
      list with the permission accesses
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.
      Security:
      SESSION OWNS SecurityDescriptorReadAllPermissionAccess PERMISSION OR OWNS SecurityDescriptorReadAllPermissionAccess@SYSTEM PERMISSION

    • getPermissionGroupAccess

      IPermissionGroupAccess getPermissionGroupAccess(IPermissionGroup permissionGroup, ISecurityMember member)
      Gets the permission group access of a security member (all permissions of the group, including all sub groups are checked).
      Parameters:
      permissionGroup - The permission group whose permission access should be determined
      member - The security member for which the access should be determined
      Returns:
      permisssion access group
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • checkPermission

      void checkPermission(ISession currentSession, IPermission permission)
      Checks if the session has a certain permission
      Parameters:
      currentSession - the session to check
      permission - the permission to check
      Throws:
      ch.ivyteam.ivy.security.PermissionDeniedException - if session does not own permission
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • getId

      long getId()
      Gets the identifier of the security descriptor
      Returns:
      identifier
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.