IAccessPolicy (server-common-api)

All Superinterfaces:

IBizPolicy, IComponent, IInitializable, ISystemHandler
```
public interface IAccessPolicy
extends IBizPolicy
```
Policy to modify Portal Access information. This includes IAce, and other information.

IAccessPolicy functions expose setting (updating) and removing IAces, as well as altering Anonymous, AuthScheme and capability information as well on Portal resources. (IThings).

Method Summary

All Methods Instance Methods Abstract Methods Deprecated Methods
Modifier and Type	Method and Description
`int`	`getAccess(IContext context, IThingID itemID, IURI userID)` Deprecated. use `getAccessEx(IContext, IThingID, IURI)` instead
`Collection<Integer>`	`getAccessEx(IContext context, IThingID itemID, IURI userID)` Returns access rights that user has for the given thing.
`IListView<IAceView>`	`getAclView(IContext context, IThingID itemID)` Returns list of access control entries for this item
`String`	`getAuthScheme(IContext context, IThingID itemId)` Queries the authLevel of the resource.
`IListView<IView>`	`getRightsForType(IContext context, String xtypeName)` Returns list view of all rights registered with the given xtype/basic type
`IThingID`	`getSecurityRealm(IContext context, IThingID itemID)` Retrieves and returns security policy associated with the item
`boolean`	`isAnonymous(IContext context, IThingID itemId)` Verifies whether specified resource is anonymous.
`IListView<IView>`	`listSecurityRealmObjects(IContext context, IThingID securityRealmID)` Returns list view of all objects assigned this security realm.
`IListView<IView>`	`listSecurityReamObjects(IContext context, IThingID securityRealmID)` Deprecated. use `listSecurityRealmObjects(IContext, IThingID)` instead
`void`	`removeAces(IContext context, IThingID itemId, List<? extends IURI> principalIds, boolean recursive)` Removes the access entries of the specified item.
`void`	`removeSecurityRealm(IContext context, IThingID itemID, IThingID securityRealmID, boolean recursive)` Removes security policy from the object
`void`	`setAces(IContext context, IThingID itemId, List<? extends IURI> principalIds, boolean recursive, int grant, int deny, int exclusive, int delegate, int mask)` Deprecated. use `setAcesEx(IContext, IThingID, List, boolean, Collection, Collection, Collection)` instead
`void`	`setAcesEx(IContext context, IThingID itemId, List<? extends IURI> principalIds, boolean recursive, Collection<? extends Object> granted, Collection<? extends Object> denied, Collection<? extends Object> exclusive)` Sets the access for the specified item.
`void`	`setAnonymous(IContext context, IThingID itemId, boolean recursive, boolean isAnonymous)` Set specified resource either as anonymous.
`void`	`setAuthScheme(IContext context, IThingID itemId, boolean recursive, String authLevel)` Sets the authentication level of this thing
`void`	`setSecurityRealm(IContext context, IThingID itemID, IThingID securityRealmID, boolean recursive)` Sets security policy to the object

Methods inherited from interface com.webmethods.portal.system.IComponent
getComponentData, getComponentName, getComponentProvider, getURI, isInitialized, setComponentData, setComponentProvider

Methods inherited from interface com.webmethods.portal.system.init.IInitializable
init, shutdown

- Method Detail
  - setAces
```
@Deprecated
void setAces(IContext context,
                         IThingID itemId,
                         List<? extends IURI> principalIds,
                         boolean recursive,
                         int grant,
                         int deny,
                         int exclusive,
                         int delegate,
                         int mask)
                  throws BizException
```
    Deprecated. use setAcesEx(IContext, IThingID, List, boolean, Collection, Collection, Collection) instead
    
    Sets the access entries of the specified item. This will update any existing aces as well. For instance, if the 'everyone' group already has an ace, and you call this passing in the 'everyone' group's uri, the ace will be updated with the new information.
    
    Parameters:
    
    context - Command context (user state information).
    
    itemId - Item whose access entries to set.
    
    principalIds - List of IURIs for which to add or modify access.
    
    recursive - True if the access modification should be applied to this item's descendants.
    
    grant - Bit set of rights to grant.
    
    deny - Bit set of rights to deny.
    
    exclusive - Bit set of rights to grant exclusively.
    
    delegate - Bit set of rights that may be delegated.
    
    mask - Bit set of rights to modify. When adding or modifying a particular right set (like grant or deny) only the intersection of this and the particular right set apply.
    
    Throws:
    
    BizException - TODO: delegate and mask are unused and should be deprected/removed.
  - setAcesEx
```
void setAcesEx(IContext context,
               IThingID itemId,
               List<? extends IURI> principalIds,
               boolean recursive,
               Collection<? extends Object> granted,
               Collection<? extends Object> denied,
               Collection<? extends Object> exclusive)
        throws BizException
```
    Sets the access for the specified item.
    
    Parameters:
    
    context - current context
    
    itemId - item to set aces on
    
    principalIds - principals list
    
    recursive - whether set aces recursive
    
    granted - list of granted rights. This is a list of String names of rights or Integer right values
    
    denied - list of denied rights. This is a list of String names of rights or Integer right values
    
    exclusive - list of denied rights. This is a list of String names of rights or Integer right values
    
    Throws:
    
    BizException
  - getAccess
```
@Deprecated
int getAccess(IContext context,
                          IThingID itemID,
                          IURI userID)
                   throws BizException
```
    Deprecated. use getAccessEx(IContext, IThingID, IURI) instead
    
    Returns access rights that user has for the given thing. See IAccessRight for the definition of possible access rights values
    
    Parameters:
    
    context - Command context
    
    itemID - item whose access should be retrieved
    
    userID - user whose access shouild be retrieved
    
    Returns:
    
    integer representing rights that user has on an item
    
    Throws:
    
    BizException
  - getRightsForType
```
IListView<IView> getRightsForType(IContext context,
                                  String xtypeName)
                           throws BizException
```
    Returns list view of all rights registered with the given xtype/basic type
    
    Parameters:
    
    context - current context
    
    xtypeName - xtype or base type name
    
    Returns:
    
    list view
    
    Throws:
    
    BizException
  - getAccessEx
```
Collection<Integer> getAccessEx(IContext context,
                                IThingID itemID,
                                IURI userID)
                         throws BizException
```
    Returns access rights that user has for the given thing. See IAccessRight for the definition of possible access rights values
    
    Parameters:
    
    context - Command context
    
    itemID - item whose access should be retrieved
    
    userID - user whose access shouild be retrieved
    
    Returns:
    
    collections with Integer values of granted access rights
    
    Throws:
    
    BizException
  - getAclView
```
IListView<IAceView> getAclView(IContext context,
                               IThingID itemID)
                        throws BizException
```
    Returns list of access control entries for this item
    
    Parameters:
    
    context - executing context
    
    itemID - item to retrieve access control list
    
    Returns:
    
    list view of IAceView objects
    
    Throws:
    
    BizException
  - removeAces
```
void removeAces(IContext context,
                IThingID itemId,
                List<? extends IURI> principalIds,
                boolean recursive)
         throws BizException
```
    Removes the access entries of the specified item.
    
    Parameters:
    
    context - Command context (user state information).
    
    itemId - Item whose access entries to remove.
    
    principalIds - List of IURIs for which to add or modify access.
    
    recursive - True if the access modification should be applied to this item's descendants.
    
    Throws:
    
    BizException
  - setAnonymous
```
void setAnonymous(IContext context,
                  IThingID itemId,
                  boolean recursive,
                  boolean isAnonymous)
           throws BizException
```
    Set specified resource either as anonymous. If it is set to being anonymous, some important things will change.
```
 1) The authLevel on the thing will change. IThingBaseView.getAuthLevel()
 2) Authentication will not be required to access this thing
 
```
    This is really just a convience function for checking to see if getAuthScheme(com.webmethods.portal.bizPolicy.IContext, com.webmethods.portal.service.meta2.thing.IThingID) is equal to anonymous
    Parameters:
    
    context - Command context (user state information).
    
    itemId - Item whose anonymous setting to change.
    
    recursive - True if the access modification should be applied to this item's descendants.
    
    isAnonymous - whether or not to set this as anonymous
    
    Throws:
    
    BizException
  - isAnonymous
```
boolean isAnonymous(IContext context,
                    IThingID itemId)
             throws BizException
```
    Verifies whether specified resource is anonymous.
    
    Parameters:
    
    context - Command context (user state information).
    
    itemId - Item whose anonymous setting to query.
    
    Returns:
    
    True if anonymous, false otherwise
    
    Throws:
    
    BizException
  - setAuthScheme
```
void setAuthScheme(IContext context,
                   IThingID itemId,
                   boolean recursive,
                   String authLevel)
            throws BizException
```
    Sets the authentication level of this thing
    
    Parameters:
    
    context - Command context (user state information).
    
    itemId - Item whose authLevel setting to change.
    
    recursive - True if the access modification should be applied to this item's descendants.
    
    authLevel - the name of the auth scheme: 'default', 'fullAccess', 'anonymous', 'basic', 'ntlm'
    
    Throws:
    
    BizException
    
    See Also:
    
    IAccessMechanics.AUTH_LEVEL_DEFAULT, IAccessMechanics.AUTH_LEVEL_FULL_ACCESS, IAccessMechanics.AUTH_LEVEL_ANONYMOUS, IAccessMechanics.AUTH_LEVEL_BASIC, IAccessMechanics.AUTH_LEVEL_NTLM
  - getAuthScheme
```
String getAuthScheme(IContext context,
                     IThingID itemId)
              throws BizException
```
    Queries the authLevel of the resource.
    
    Parameters:
    
    context - Command context (user state information).
    
    itemId - Item whose authLevel setting to query.
    
    Returns:
    
    the name of the auth scheme: 'default', 'fullAccess', 'anonymous', 'basic', 'ntlm'
    
    Throws:
    
    BizException
    
    See Also:
    
    IAccessMechanics.AUTH_LEVEL_DEFAULT, IAccessMechanics.AUTH_LEVEL_FULL_ACCESS, IAccessMechanics.AUTH_LEVEL_ANONYMOUS, IAccessMechanics.AUTH_LEVEL_BASIC, IAccessMechanics.AUTH_LEVEL_NTLM
  - setSecurityRealm
```
void setSecurityRealm(IContext context,
                      IThingID itemID,
                      IThingID securityRealmID,
                      boolean recursive)
               throws BizException
```
    Sets security policy to the object
    
    Parameters:
    
    context - Command context
    
    itemID - item thing ID to set policy on
    
    securityRealmID - policy thing ID
    
    recursive - whether to set policy recursively
    
    Throws:
    
    BizException
  - getSecurityRealm
```
IThingID getSecurityRealm(IContext context,
                          IThingID itemID)
                   throws BizException
```
    Retrieves and returns security policy associated with the item
    
    Parameters:
    
    context - Command context
    
    itemID - item thing ID
    
    Returns:
    
    policy thing ID or null
    
    Throws:
    
    BizException
  - removeSecurityRealm
```
void removeSecurityRealm(IContext context,
                         IThingID itemID,
                         IThingID securityRealmID,
                         boolean recursive)
                  throws BizException
```
    Removes security policy from the object
    
    Parameters:
    
    context - command context
    
    itemID - item thing ID
    
    securityRealmID - policy thing ID
    
    Throws:
    
    BizException
  - listSecurityRealmObjects
```
IListView<IView> listSecurityRealmObjects(IContext context,
                                          IThingID securityRealmID)
                                   throws BizException
```
    Returns list view of all objects assigned this security realm. List could be empry
    
    Parameters:
    
    securityRealmID -
    
    Returns:
    
    Throws:
    
    BizException
  - listSecurityReamObjects
```
@Deprecated
IListView<IView> listSecurityReamObjects(IContext context,
                                                     IThingID securityRealmID)
                                              throws BizException
```
    Deprecated. use listSecurityRealmObjects(IContext, IThingID) instead
    
    Returns list view of all objects assigned this security realm. List could be empry
    
    Parameters:
    
    securityRealmID -
    
    Returns:
    
    Throws:
    
    BizException

Interface IAccessPolicy

Method Summary

Methods inherited from interface com.webmethods.portal.system.IComponent

Methods inherited from interface com.webmethods.portal.system.init.IInitializable

Method Detail

setAces

setAcesEx

getAccess

getRightsForType

getAccessEx

getAclView

removeAces

setAnonymous

isAnonymous

setAuthScheme

getAuthScheme

setSecurityRealm

getSecurityRealm

removeSecurityRealm

listSecurityRealmObjects

listSecurityReamObjects