public class RoleType extends AbstractRoleType implements Serializable, Cloneable
<?xml version="1.0" encoding="UTF-8"?><p xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> A role in the extended Role-Based Access Control (RBAC) sense. The roles specify privileges that the user (or other object) should have. </p>
<?xml version="1.0" encoding="UTF-8"?><p xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> The role may "grant" accounts on resources, attributes and entitlements for such accounts. The role can also assign organizational units, other roles or various IDM objects that can be assigned directly to user. From this point of view the role is in fact just a named set of assignments. </p>
<?xml version="1.0" encoding="UTF-8"?><p xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> The roles form the basic building block of midPoint's extended role-based access control (RBAC) mechanism. It defines what rights (e.g. accounts) should be given to user, how they should look like (attributes) and what groups or native roles to assign to them (entitlements). </p>
<?xml version="1.0" encoding="UTF-8"?><p xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> Roles can also specify user authorizations to access specific parts of midPoint. This is used to implement fine-grained authorization mechanism. When combined with organizational structure it forms a delegated administration mechanism. </p>
<?xml version="1.0" encoding="UTF-8"?><p xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> Roles can also be conditional, i.e. applicable only if a specific condition is true. Roles can be parametric, e.g. the expressions inside the role can use parameters that were specified at the time when the role was assigned (as opposed to parameters defined when the role was defined). </p>
Java class for RoleType complex type.
The following schema fragment specifies the expected content contained within this class.
<complexType name="RoleType"> <complexContent> <extension base="{http://midpoint.evolveum.com/xml/ns/public/common/common-3}AbstractRoleType"> <sequence> <element name="roleType" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> </sequence> </extension> </complexContent> </complexType>
Modifier and Type | Field and Description |
---|---|
static QName |
COMPLEX_TYPE |
static QName |
F_ROLE_TYPE |
F_ADMIN_GUI_CONFIGURATION, F_APPROVAL_PROCESS, F_APPROVAL_SCHEMA, F_APPROVER_EXPRESSION, F_APPROVER_REF, F_AUTHORIZATION, F_AUTOASSIGN, F_AUTOMATICALLY_APPROVED, F_CONDITION, F_DATA_PROTECTION, F_DELEGABLE, F_DISPLAY_NAME, F_EXCLUSION, F_IDEMPOTENCE, F_IDENTIFIER, F_INDUCEMENT, F_OWNER_REF, F_POLICY_CONSTRAINTS, F_REQUESTABLE, F_RISK_LEVEL
F_ACTIVATION, F_ASSIGNMENT, F_COST_CENTER, F_DELEGATED_REF, F_EMAIL_ADDRESS, F_ITERATION, F_ITERATION_TOKEN, F_JPEG_PHOTO, F_LINK, F_LINK_REF, F_LOCALE, F_LOCALITY, F_PERSONA_REF, F_PREFERRED_LANGUAGE, F_ROLE_INFLUENCE_REF, F_ROLE_MEMBERSHIP_REF, F_TELEPHONE_NUMBER, F_TIMEZONE
F_DESCRIPTION, F_EXTENSION, F_FETCH_RESULT, F_LIFECYCLE_STATE, F_METADATA, F_NAME, F_OPERATION_EXECUTION, F_PARENT_ORG, F_PARENT_ORG_REF, F_POLICY_EXCEPTION, F_POLICY_SITUATION, F_SUBTYPE, F_TENANT_REF, F_TRIGGER, F_TRIGGERED_POLICY_RULE
Constructor and Description |
---|
RoleType() |
RoleType(PrismContext prismContext) |
createApproverExpressionList, createApproverRefList, createAuthorizationList, createExclusionList, createInducementList, getAdminGuiConfiguration, getApprovalProcess, getApprovalSchema, getApproverExpression, getApproverRef, getAuthorization, getAutoassign, getAutomaticallyApproved, getCondition, getDataProtection, getDisplayName, getExclusion, getIdempotence, getIdentifier, getInducement, getOwnerRef, getPolicyConstraints, getRiskLevel, isDelegable, isRequestable, setAdminGuiConfiguration, setApprovalProcess, setApprovalSchema, setAutoassign, setAutomaticallyApproved, setCondition, setDataProtection, setDelegable, setDisplayName, setIdempotence, setIdentifier, setOwnerRef, setPolicyConstraints, setRequestable, setRiskLevel
asPrismContainer, asPrismContainerValue, createAssignmentList, createDelegatedRefList, createLinkList, createLinkRefList, createPersonaRefList, createRoleInfluenceRefList, createRoleMembershipRefList, equals, getActivation, getAssignment, getCostCenter, getDelegatedRef, getEmailAddress, getIteration, getIterationToken, getJpegPhoto, getLink, getLinkRef, getLocale, getLocality, getPersonaRef, getPreferredLanguage, getRoleInfluenceRef, getRoleMembershipRef, getTelephoneNumber, getTimezone, hashCode, setActivation, setCostCenter, setEmailAddress, setIteration, setIterationToken, setJpegPhoto, setLocale, setLocality, setPreferredLanguage, setTelephoneNumber, setTimezone, setupContainer, setupContainerValue, toDebugName, toDebugType, toString
createOperationExecutionList, createParentOrgList, createParentOrgRefList, createPolicyExceptionList, createPolicySituationList, createSubtypeList, createTriggeredPolicyRuleList, createTriggerList, getDescription, getExtension, getFetchResult, getLifecycleState, getMetadata, getName, getOid, getOperationExecution, getParentOrg, getParentOrgRef, getPolicyException, getPolicySituation, getSubtype, getTenantRef, getTrigger, getTriggeredPolicyRule, getVersion, setDescription, setExtension, setFetchResult, setLifecycleState, setMetadata, setName, setOid, setTenantRef, setVersion
finalize, getClass, notify, notifyAll, wait, wait, wait
getDescription, getName, getOid, getVersion, setDescription, setName, setOid, setVersion
public static final QName COMPLEX_TYPE
public static final QName F_ROLE_TYPE
public RoleType()
public RoleType(PrismContext prismContext)
public PrismObject<RoleType> asPrismObject()
asPrismObject
in interface Objectable
asPrismObject
in class AbstractRoleType
public <X> X end()
end
in class AbstractRoleType
public String getRoleType()
public void setRoleType(String value)
public RoleType displayName(PolyStringType value)
displayName
in class AbstractRoleType
public RoleType displayName(String value)
displayName
in class AbstractRoleType
public PolyStringType beginDisplayName()
beginDisplayName
in class AbstractRoleType
public RoleType identifier(String value)
identifier
in class AbstractRoleType
public RoleType inducement(AssignmentType value)
inducement
in class AbstractRoleType
public AssignmentType beginInducement()
beginInducement
in class AbstractRoleType
public RoleType authorization(AuthorizationType value)
authorization
in class AbstractRoleType
public AuthorizationType beginAuthorization()
beginAuthorization
in class AbstractRoleType
public RoleType requestable(Boolean value)
requestable
in class AbstractRoleType
public RoleType delegable(Boolean value)
delegable
in class AbstractRoleType
public RoleType idempotence(IdempotenceType value)
idempotence
in class AbstractRoleType
public RoleType exclusion(ExclusionPolicyConstraintType value)
exclusion
in class AbstractRoleType
public ExclusionPolicyConstraintType beginExclusion()
beginExclusion
in class AbstractRoleType
public RoleType riskLevel(String value)
riskLevel
in class AbstractRoleType
public RoleType ownerRef(ObjectReferenceType value)
ownerRef
in class AbstractRoleType
public RoleType ownerRef(String oid, QName type)
ownerRef
in class AbstractRoleType
public RoleType ownerRef(String oid, QName type, QName relation)
ownerRef
in class AbstractRoleType
public ObjectReferenceType beginOwnerRef()
beginOwnerRef
in class AbstractRoleType
public RoleType approverRef(ObjectReferenceType value)
approverRef
in class AbstractRoleType
public RoleType approverRef(String oid, QName type)
approverRef
in class AbstractRoleType
public RoleType approverRef(String oid, QName type, QName relation)
approverRef
in class AbstractRoleType
public ObjectReferenceType beginApproverRef()
beginApproverRef
in class AbstractRoleType
public RoleType approverExpression(ExpressionType value)
approverExpression
in class AbstractRoleType
public ExpressionType beginApproverExpression()
beginApproverExpression
in class AbstractRoleType
public RoleType approvalSchema(ApprovalSchemaType value)
approvalSchema
in class AbstractRoleType
public ApprovalSchemaType beginApprovalSchema()
beginApprovalSchema
in class AbstractRoleType
public RoleType approvalProcess(String value)
approvalProcess
in class AbstractRoleType
public RoleType automaticallyApproved(ExpressionType value)
automaticallyApproved
in class AbstractRoleType
public ExpressionType beginAutomaticallyApproved()
beginAutomaticallyApproved
in class AbstractRoleType
public RoleType condition(MappingType value)
condition
in class AbstractRoleType
public MappingType beginCondition()
beginCondition
in class AbstractRoleType
public RoleType policyConstraints(PolicyConstraintsType value)
policyConstraints
in class AbstractRoleType
public PolicyConstraintsType beginPolicyConstraints()
beginPolicyConstraints
in class AbstractRoleType
public RoleType adminGuiConfiguration(AdminGuiConfigurationType value)
adminGuiConfiguration
in class AbstractRoleType
public AdminGuiConfigurationType beginAdminGuiConfiguration()
beginAdminGuiConfiguration
in class AbstractRoleType
public RoleType dataProtection(DataProtectionType value)
dataProtection
in class AbstractRoleType
public DataProtectionType beginDataProtection()
beginDataProtection
in class AbstractRoleType
public RoleType autoassign(AutoassignSpecificationType value)
autoassign
in class AbstractRoleType
public AutoassignSpecificationType beginAutoassign()
beginAutoassign
in class AbstractRoleType
public RoleType link(ShadowType value)
link
in class AbstractRoleType
public ShadowType beginLink()
beginLink
in class AbstractRoleType
public RoleType linkRef(ObjectReferenceType value)
linkRef
in class AbstractRoleType
public RoleType linkRef(String oid, QName type)
linkRef
in class AbstractRoleType
public RoleType linkRef(String oid, QName type, QName relation)
linkRef
in class AbstractRoleType
public ObjectReferenceType beginLinkRef()
beginLinkRef
in class AbstractRoleType
public RoleType personaRef(ObjectReferenceType value)
personaRef
in class AbstractRoleType
public RoleType personaRef(String oid, QName type)
personaRef
in class AbstractRoleType
public RoleType personaRef(String oid, QName type, QName relation)
personaRef
in class AbstractRoleType
public ObjectReferenceType beginPersonaRef()
beginPersonaRef
in class AbstractRoleType
public RoleType assignment(AssignmentType value)
assignment
in class AbstractRoleType
public AssignmentType beginAssignment()
beginAssignment
in class AbstractRoleType
public RoleType activation(ActivationType value)
activation
in class AbstractRoleType
public ActivationType beginActivation()
beginActivation
in class AbstractRoleType
public RoleType iteration(Integer value)
iteration
in class AbstractRoleType
public RoleType iterationToken(String value)
iterationToken
in class AbstractRoleType
public RoleType roleMembershipRef(ObjectReferenceType value)
roleMembershipRef
in class AbstractRoleType
public RoleType roleMembershipRef(String oid, QName type)
roleMembershipRef
in class AbstractRoleType
public RoleType roleMembershipRef(String oid, QName type, QName relation)
roleMembershipRef
in class AbstractRoleType
public ObjectReferenceType beginRoleMembershipRef()
beginRoleMembershipRef
in class AbstractRoleType
public RoleType delegatedRef(ObjectReferenceType value)
delegatedRef
in class AbstractRoleType
public RoleType delegatedRef(String oid, QName type)
delegatedRef
in class AbstractRoleType
public RoleType delegatedRef(String oid, QName type, QName relation)
delegatedRef
in class AbstractRoleType
public ObjectReferenceType beginDelegatedRef()
beginDelegatedRef
in class AbstractRoleType
public RoleType roleInfluenceRef(ObjectReferenceType value)
roleInfluenceRef
in class AbstractRoleType
public RoleType roleInfluenceRef(String oid, QName type)
roleInfluenceRef
in class AbstractRoleType
public RoleType roleInfluenceRef(String oid, QName type, QName relation)
roleInfluenceRef
in class AbstractRoleType
public ObjectReferenceType beginRoleInfluenceRef()
beginRoleInfluenceRef
in class AbstractRoleType
public RoleType jpegPhoto(byte[] value)
jpegPhoto
in class AbstractRoleType
public RoleType costCenter(String value)
costCenter
in class AbstractRoleType
public RoleType locality(PolyStringType value)
locality
in class AbstractRoleType
public RoleType locality(String value)
locality
in class AbstractRoleType
public PolyStringType beginLocality()
beginLocality
in class AbstractRoleType
public RoleType preferredLanguage(String value)
preferredLanguage
in class AbstractRoleType
public RoleType locale(String value)
locale
in class AbstractRoleType
public RoleType timezone(String value)
timezone
in class AbstractRoleType
public RoleType emailAddress(String value)
emailAddress
in class AbstractRoleType
public RoleType telephoneNumber(String value)
telephoneNumber
in class AbstractRoleType
public RoleType name(PolyStringType value)
name
in class AbstractRoleType
public RoleType name(String value)
name
in class AbstractRoleType
public PolyStringType beginName()
beginName
in class AbstractRoleType
public RoleType description(String value)
description
in class AbstractRoleType
public RoleType subtype(String value)
subtype
in class AbstractRoleType
public RoleType fetchResult(OperationResultType value)
fetchResult
in class AbstractRoleType
public OperationResultType beginFetchResult()
beginFetchResult
in class AbstractRoleType
public RoleType extension(ExtensionType value)
extension
in class AbstractRoleType
public ExtensionType beginExtension()
beginExtension
in class AbstractRoleType
public RoleType parentOrg(OrgType value)
parentOrg
in class AbstractRoleType
public OrgType beginParentOrg()
beginParentOrg
in class AbstractRoleType
public RoleType parentOrgRef(ObjectReferenceType value)
parentOrgRef
in class AbstractRoleType
public RoleType parentOrgRef(String oid, QName type)
parentOrgRef
in class AbstractRoleType
public RoleType parentOrgRef(String oid, QName type, QName relation)
parentOrgRef
in class AbstractRoleType
public ObjectReferenceType beginParentOrgRef()
beginParentOrgRef
in class AbstractRoleType
public RoleType trigger(TriggerType value)
trigger
in class AbstractRoleType
public TriggerType beginTrigger()
beginTrigger
in class AbstractRoleType
public RoleType metadata(MetadataType value)
metadata
in class AbstractRoleType
public MetadataType beginMetadata()
beginMetadata
in class AbstractRoleType
public RoleType tenantRef(ObjectReferenceType value)
tenantRef
in class AbstractRoleType
public RoleType tenantRef(String oid, QName type)
tenantRef
in class AbstractRoleType
public RoleType tenantRef(String oid, QName type, QName relation)
tenantRef
in class AbstractRoleType
public ObjectReferenceType beginTenantRef()
beginTenantRef
in class AbstractRoleType
public RoleType lifecycleState(String value)
lifecycleState
in class AbstractRoleType
public RoleType operationExecution(OperationExecutionType value)
operationExecution
in class AbstractRoleType
public OperationExecutionType beginOperationExecution()
beginOperationExecution
in class AbstractRoleType
public RoleType policySituation(String value)
policySituation
in class AbstractRoleType
public RoleType triggeredPolicyRule(EvaluatedPolicyRuleType value)
triggeredPolicyRule
in class AbstractRoleType
public EvaluatedPolicyRuleType beginTriggeredPolicyRule()
beginTriggeredPolicyRule
in class AbstractRoleType
public RoleType policyException(PolicyExceptionType value)
policyException
in class AbstractRoleType
public PolicyExceptionType beginPolicyException()
beginPolicyException
in class AbstractRoleType
public RoleType oid(String value)
oid
in class AbstractRoleType
public RoleType version(String value)
version
in class AbstractRoleType
public RoleType clone()
clone
in class AbstractRoleType
Copyright © 2019 Evolveum. All rights reserved.