Package com.documentum.fc.client

Interface IDfACL

All Superinterfaces:
IDfPersistentObject, IDfTypedObject
public interface IDfACL extends IDfPersistentObject
Provides access to permission-related data stored in ACL objects.

An ACL object represents an Access Control List. The entries in its repeating attributes control who can access the object to which the ACL is attached. If the security mode for a repository is set to "acl," then every SysObject in the repository has an ACL. Additionally, user objects and type info objects representing SysObject types generally have ACLs.

  • Field Details

  • Method Details

    • getObjectName

      String getObjectName() throws DfException
      Returns the ACL name.
      Returns:
      the name of the ACL object
      Throws:
      DfException - if a server error occurs
      See Also:

    • setObjectName

      void setObjectName(String name) throws DfException
      Sets the name of the ACL.

      The name, if provided, must be unique among the ACLs created by the ACL owner (domain) in the repository.

      Parameters:
      name - the name of the ACL object
      Throws:
      DfException - if a server error occurs
      See Also:

    • getDescription

      String getDescription() throws DfException
      Returns the user-defined description of an ACL object.
      Returns:
      user-defined description of the ACL
      Throws:
      DfException - if a server error occurs
      See Also:

    • setDescription

      void setDescription(String description) throws DfException
      Sets the user-defined description of an ACL object.
      Parameters:
      description - the user-defined description of the ACL
      Throws:
      DfException - if a server error occurs
      See Also:

    • getDomain

      String getDomain() throws DfException
      Returns the domain (owner name) of an ACL.

      The domain is the owner of the ACL.

      Returns:
      the domain of the ACL object
      Throws:
      DfException - if a server error occurs
      See Also:

    • setDomain

      void setDomain(String domain) throws DfException
      Sets the domain (owner name) of an ACL object.

      The domain is the owner of an ACL. This will be the user who created the ACL or, for system-level ACLs, the name of the respository owner or the alias "dm_dbo". If the domain is passed as null or "", "dm_dbo" is used.

      Parameters:
      domain - the domain (owner name) of the ACL object
      Throws:
      DfException - if a server error occurs
      See Also:

    • getACLClass

      int getACLClass() throws DfException
      Returns the ACL class value.

      Indicates whether the ACL is a regular ACL (with value 0), a template (with value 1) or an instance of a template (with value 2). The default is zero. Note that, an ACL template can be used by anyone; however, an instance of a template can not be changed by anyone including superuser.

      Returns:
      the ACL class value
      Throws:
      DfException - if a server error occurs
      See Also:

    • setACLClass

      void setACLClass(int aclClass) throws DfException
      Sets the ACL class value.
      Parameters:
      aclClass - the ACL class value
      Throws:
      DfException - if a server error occurs
      See Also:

    • isInternal

      boolean isInternal() throws DfException
      Indicates whether an ACL object was created explicitly by the user or implicitly by the server.

      Refer to the Server Administrator's Guide for more information about permissions.

      Returns:
      true if the ACL object was created implicitly by the server; false if the ACL object was created by the user.
      Throws:
      DfException - if a server error occurs

    • isGloballyManaged

      boolean isGloballyManaged() throws DfException
      Indicates whether an ACL object is managed globally or locally.

      A globally managed ACL object can only be edited in the Governing repository. See the Distributed Configuration Guide for more information about Federated repositories. Refer to the Server Administrator's Guide for more information about permissions.

      Returns:
      true if the ACL object is managed globally; false if the ACL object is managed locally.
      Throws:
      DfException - if a server error occurs

    • isGroup

      boolean isGroup(int index) throws DfException
      Indicates if an accessor name in an ACL object is a group or a user.

      Refer to the Server Administrator's Guide for more information about permissions.

      Parameters:
      index - the index position of the user or group among the ACL's accessors
      Returns:
      true if the specified name is a group; false if the specified name is a user.
      Throws:
      DfException - if a server error occurs
      See Also:

    • getAccessorCount

      int getAccessorCount() throws DfException
      Returns the number of users and groups referenced in an ACL object.

      Refer to the Server Administrator's Guide for more information about permissions.

      Returns:
      the number of users and groups referenced in the ACL object
      Throws:
      DfException - if a server error occurs
      See Also:

    • getAccessorName

      String getAccessorName(int index) throws DfException
      Returns the name of an individual user, group or alias in an ACL object.

      Refer to the Server Administrator's Guide for more information about permissions.

      Parameters:
      index - the index position of the user or group among the ACL's accessors
      Returns:
      the name of the user, group or alias
      Throws:
      DfException - if a server error occurs
      See Also:

    • getAccessorPermitType

      int getAccessorPermitType(int index) throws DfException
      Identifies the type of permission granted an accessor in the ACL.
      Parameters:
      index - the index position of the user or group among the ACL's accessors.
      Returns:
      an integer representing the permit type. Permit types are defined in IDfPermitType.
      Throws:
      DfException - if a server error occurs
      Since:
      5.2.10
      See Also:

    • getAccessorPermit

      int getAccessorPermit(int index) throws DfException
      Returns the basic permission level granted to a user or group.

      The following list specifies the permissions corresponding to all possible return values. You may use either the value or the field constant to specify a permission level: 

       Value  Field Constant
 1 DF_PERMIT_NONE
 2 DF_PERMIT_BROWSE
 3 DF_PERMIT_READ
 4 DF_PERMIT_RELATE or DF_PERMIT_NOTE
 5 DF_PERMIT_VERSION
 6 DF_PERMIT_WRITE
 7 DF_PERMIT_DELETE

      Note that DF_PERMIT_RELATE and DF_PERMIT_NOTE are synonymous. Refer to the Server Administrator's Guide for more information about basic permissions.

      Parameters:
      index - the index position of the user or group among the ACL's accessors.
      Returns:
      an integer representing the basic permission level granted to the user or group
      Throws:
      DfException - if a server error occurs
      See Also:

    • getAccessorXPermit

      int getAccessorXPermit(int index) throws DfException
      Returns extended permissions granted to a user or group.

      The extended permissions are Change State, Change Permission, Change Ownership, Change Location, and Execute Procedure.

      Unlike basic permissions, extended permissions are not cumulative. Refer to the Server Administrator's Guide for more information about extended permissions.

      Parameters:
      index - the index position of the user or group among the ACL's accessors
      Returns:
      an integer representing the extended permission granted to the user or group; the server calculates the returned integer by reading fields from an encoded bitfield. The following list explains which fields correspond to the extended permissions and how they are encoded: 
      [20][19][18][17][16][15][14][13]12]11][10][9][8][7][6][5][4][3][2][1][0]
 Field 0:  Execute Procedure 0 = have extended permission; 1 = don't have extended permission
 Field 1:  Change Location  0 = have extended permission; 1 = don't have extended permission
 Fields 2-15: Reserved   NA
 Field 16: Change State  1 = have extended permission; 0 = don't have extended permission
 Field 17: Change Permit  1 = have extended permission; 0 = don't have extended permission
 Field 18: Change Ownership 1 = have extended permission; 0 = don't have extended permission
 Field 19: Delete Object       1 = have extended permission; 0 = don't have extended permission
 Field 20: Change Folder Links    1 = have extended permission; 0 = don't have extended permission
      Throws:
      DfException - if a server error occurs
      See Also:

    • getAccessorXPermitNames

      String getAccessorXPermitNames(int index) throws DfException
      Returns the extended permissions in string form assigned to a user or group.

      The extended permission names are separated by comma (e.g. EXECUTE_PROC,CHANGE_LOCATION). The following extended permission strings are currently defined: 

           EXECUTE_PROC
     CHANGE_LOCATION
     CHANGE_STATE
     CHANGE_PERMIT
     CHANGE_OWNER
     DELETE_OBJECT
     CHANGE_FOLDER_LINKS
      Parameters:
      index - the index position of the user or group among the ACL's accessors
      Returns:
      the extended permissions in string form assigned to the user or group
      Throws:
      DfException - if a server error occurs
      See Also:

    • getAccessorApplicationPermit

      String getAccessorApplicationPermit(int index) throws DfException
      Returns the application permit assigned to a user or group.
      Parameters:
      index - the index position of the user or group among the ACL's accessors
      Returns:
      the application permit in string form assigned to the user or group
      Throws:
      DfException - if a server error occurs
      Since:
      5.4
      See Also:

    • hasPermission

      boolean hasPermission(String permissionName, String accessorName) throws DfException
      Indicates whether a user or group has a specified extended permission.

      Refer to the Server Administrator's Guide for more information about permissions.

      Parameters:
      permissionName - the name of the extended permission attribute. Possible values are: 
           _allow_execute_proc
     _allow_change_location
     _allow_change_state
     _allow_change_owner
     _allow_change_permit
     _allow_change_folder_links
      accessorName - The name of the user or group
      Returns:
      true if the user or group has the specified extended permission; false if the user or group does not.
      Throws:
      DfException - if a server error occurs

    • getPermit

      int getPermit(String accessorName) throws DfException
      Returns the basic permission level assigned to a user or group.

      If no user or group is specified with accessorName, the permissions of the current Documentum user are returned.

      Parameters:
      accessorName - the name of the user or group
      Returns:
      the permissions
      Throws:
      DfException - if a server error occurs
      See Also:

    • getXPermit

      int getXPermit(String accessorName) throws DfException
      Returns the extended permissions assigned to a user or group.

      If no user or group is specified with accessorName, the extended permissions of the current Documentum user are returned.

      Remember, extended permissions are not cumulative, as are basic permissions. Refer to the Server Administrator's Guide for more information about extended permissions.

      Parameters:
      accessorName - the name of the user or group
      Returns:
      an integer representing the extended permission granted to the user or group; the server calculates the returned integer by reading fields from an encoded bitfield. The following list explains which fields correspond to the extended permissions and how they are encoded:
      [19][18][17][16][15][14][13]12]11][10][9][8][7][6][5][4][3][2][1][0]
 Field 0:  Execute Procedure 0 = have extended permission; 1 = don't have extended permission
 Field 1:  Change Location  0 = have extended permission; 1 = don't have extended permission
 Fields 2-15: Reserved   NA
 Field 16: Change State  1 = have extended permission; 0 = don't have extended permission
 Field 17: Change Permit  1 = have extended permission; 0 = don't have extended permission
 Field 18: Change Ownership 1 = have extended permission; 0 = don't have extended permission
 Field 19: Delete Object       1 = have extended permission; 0 = don't have extended permission
      Throws:
      DfException - if a server error occurs
      See Also:

    • getXPermitNames

      String getXPermitNames(String accessorName) throws DfException
      Returns the list of the extended permissions, in string form, for the specified user or group.

      If no user or group is specified with accessorName, the extended permissions of the current Documentum user (logged in user) are returned. Refer to the Server Administrator's Guide for more information about extended permissions.

      Parameters:
      accessorName - the name of the user or group
      Returns:
      the extended permissions assigned to the specified user or group. Extended permissions are returned as upper-case strings separated by commas.
      Throws:
      DfException - if a server error occurs
      See Also:

    • getXPermitList

      String getXPermitList() throws DfException
      Returns a full list of the extended permissions, in string form, currently supported by the current server.

      Note that this function returns the same list regardless of ACL.

      Returns:
      the list of extended permissions, separated by commas, supported by the current server
      Throws:
      DfException - if a server error occurs
      See Also:

    • grant

      void grant(String accessorName, int accessorPermit, String extendedPermitNames) throws DfException
      Sets permissions for a user or group in an ACL object.

      Note that the way to revoke a basic permission is to assign a user a different permission with this method rather than using the revoke method. You must execute either the save, saveAsNew, or checkin method to commit the granted permission to a repository. You must execute either revert, cancelCheckout, or destory method to discard changes made to an ACL object.

      Refer to the Server Administrator's Guide for more information about permissions.

      Parameters:
      accessorName - the name of the user or group
      accessorPermit - the integer corresponding to the basic permission that you want to grant. The following list specifies the integer corresponding to each basic permission. You may use either the value or the field constant to set permissions. Note that DF_PERMIT_RELATE and DF_PERMIT_NOTE are synonymous. 
       Value  Field Constant
 1 DF_PERMIT_NONE
 2 DF_PERMIT_BROWSE
 3 DF_PERMIT_READ
 4 DF_PERMIT_RELATE, DF_PERMIT_NOTE
 5 DF_PERMIT_VERSION
 6 DF_PERMIT_WRITE
 7 DF_PERMIT_DELETE
      Note that DF_PERMIT_RELATE and DF_PERMIT_NOTE are synonymous.
      extendedPermitNames - the extended permission that you want to grant; if you specify null for this parameter then the server will supply default extended permissions which include change location and execute procedure.
      Throws:
      DfException - if a server error occurs
      See Also:

    • grantPermit

      void grantPermit(IDfPermit permit) throws DfException
      Creates an access control entry in this object, assigning an access level to a specified user or group. This operation is not committed until a save or a checkin.
      Throws:
      DfException - if a server error occurs.
      Since:
      5.2.10

    • revoke

      void revoke(String accessorName, String extendedPermitNames) throws DfException
      Removes all extended permissions granted to a user or group in an ACL object

      You must execute either the save, saveAsNew, or checkin method to commit the granted permission to a repository. You must execute either revert, cancelCheckout, or destory method to discard changes made to an ACL object.

      Refer to the Server Administrator's Guide for more information about permissions.

      Parameters:
      accessorName - the name of the user or group
      extendedPermitNames - the extended permissions that you want to revoke; If you do not want to revoke an extended permission, specify null for this parameter.
      Throws:
      DfException - if a server error occurs
      See Also:

    • revokePermit

      void revokePermit(IDfPermit permit) throws DfException
      Removes specified permit from the acl. This operation is not committed until a save or a checkin.
      Throws:
      DfException - if a server error occurs.
      Since:
      5.2.10

    • getPermissions

      IDfList getPermissions() throws DfException
      Returns a list of DfPermit objects representing all the permissions specified in the ACL.
      Returns:
      IDfList containing all permissions specified in the ACL
      Throws:
      DfException - if a server error occurs
      Since:
      5.2.10

    • destroyACL

      void destroyACL(boolean force) throws DfException
      Removes an ACL object from a repository.

      Refer to the Server Administrator's Guide for more information about permissions.

      Parameters:
      force - indicates whether to destroy the ACL object even if it is referenced by other objects in the repository. If so, enter true; If not, enter false.
      Throws:
      DfException - if a server error occurs

    • saveAsNew

      IDfId saveAsNew() throws DfException
      Creates a new copy of the object. object is shared with the new object.
      Throws:
      DfException - if a server error occurs.