Package com.sas.lsaf.security.acl
Interface AclService
public interface AclService
Service that provides a way to manipulate owner and permission information of an object. The owner and permission
information are defined in an access control list (
Permissions can be set at several levels. Permissions assigned at a specific level override permissions assigned at a more general level. Here are the levels from specific to general:
Acl). An ACL can be defined only for an object that is a
RepositoryItem. An ACL contains a set of AclEntry objects that
define permissions for a specific Principal. By default, an ACL has an
AclEntry for the AclOwner and one for AclMembers. Each ACL is required to have these two entries. The
AclMembers entry represents the members of the parent context of the repository item. AclEntries for specific
users and groups can also be added to an ACL. Each AclEntry consists of a principal and five permissions: ADMIN,
READ, WRITE_PROPERTIES, WRITE_CONTENT, and DELETE. Note that read and admin permissions can not be taken away from
the AclOwner. Permissions can be set at several levels. Permissions assigned at a specific level override permissions assigned at a more general level. Here are the levels from specific to general:
owner individual group member of the context
-
Method Summary
Modifier and TypeMethodDescriptionGets the ACL for the repository item with the specified id.getDefaultAcl(String id) Gets the default ACL for the repository container with the specified id.Updates the ACL of the repository item with the specified identifier.updateDefaultAcl(DefaultAcl defaultAcl) Updates the default ACL of the repository container with the specified identifier.
-
Method Details
-
getAcl
Gets the ACL for the repository item with the specified id. By default, each ACL has two ACL entries: one that represents the owner, and one that represents the members of the nearest parent membership context (if the specified id is a context with membership capability, the members are for that context).- Parameters:
id- Identifier of the repository item.- Returns:
- ACL for the specified object.
- Throws:
AclNotFoundException- thrown if the specified object no longer exists.
-
getDefaultAcl
Gets the default ACL for the repository container with the specified id. The default ACL is a template that controls the permission set on any child object created directly underneath this container. Each default ACL has two acl entries: one that represents the owner, and one that represents the members of the nearest parent membership context (if the specified id is a context with membership capability, the members are for that context).- Parameters:
id- Identifier of the repository container.- Returns:
- ACL for the specified object.
- Throws:
AclNotFoundException- thrown if the specified object no longer exists.
-
updateAcl
Updates the ACL of the repository item with the specified identifier.- Parameters:
acl- ACL to set on the specified object.- Returns:
- Acl The updated ACL for the specified object.
- Throws:
AclUpdateException- thrown if the specified ACL can not be updated for the given object.AclNotFoundException- thrown if the specified object no longer exists.
-
updateDefaultAcl
Updates the default ACL of the repository container with the specified identifier. The default ACL is a template that controls the permission set on any child object created directly underneath this container.- Parameters:
defaultAcl- default ACL to set on the specified object.- Returns:
- DefaultAcl The updated default ACL for the specified object.
- Throws:
AclUpdateException- thrown if the specified ACL can not be updated for the given object.AclNotFoundException- thrown if the specified object no longer exists.
-