RoleManagerLocal (RHQ Enterprise Server JAR 4.6.0 API)

All Known Implementing Classes:

RoleManagerBean
```
public interface RoleManagerLocal
```
The local interface to the role manager that provides the API to manipulate the security rules within the JON Server. This API provides the ability to modify roles and their associated subjects and permissions.

Author:

John Mazzitelli

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`addResourceGroupsToRole(org.rhq.core.domain.auth.Subject subject, int roleId, int[] pendingGroupIds)` Adds the given resource groups to the given role.
`void`	`addRolesToResourceGroup(org.rhq.core.domain.auth.Subject subject, int groupId, int[] roleIds)`
`void`	`addRolesToSubject(org.rhq.core.domain.auth.Subject subject, int subjectId, int[] roleIds)` Assigns a set of roles to a subject which authorizes the subject to do anything the roles permit.
`void`	`addSubjectsToRole(org.rhq.core.domain.auth.Subject subject, int roleId, int[] subjectIds)`
`org.rhq.core.domain.authz.Role`	`createRole(org.rhq.core.domain.auth.Subject subject, org.rhq.core.domain.authz.Role newRole)` Persists the new role to the database.
`void`	`deleteRoles(org.rhq.core.domain.auth.Subject subject, int[] doomedRoleIds)` Removes a set of roles from the database.
`org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role>`	`findAvailableRolesForSubject(org.rhq.core.domain.auth.Subject subject, Integer subjectId, Integer[] pendingRoleIds, org.rhq.core.domain.util.PageControl pc)` This returns a list of roles that are available to be assigned to a given subject but not yet assigned to that subject.
`org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role>`	`findRoles(org.rhq.core.domain.util.PageControl pc)` Returns a list of all roles in the system.
`org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role>`	`findRolesByCriteria(org.rhq.core.domain.auth.Subject subject, org.rhq.core.domain.criteria.RoleCriteria criteria)`
`org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role>`	`findRolesByIds(Integer[] roleIds, org.rhq.core.domain.util.PageControl pc)` Given a set of role Ids, this returns a list of all the roles.
`org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role>`	`findRolesBySubject(int subjectId, org.rhq.core.domain.util.PageControl pc)` This returns a page list of all the roles that a subject is authorized to access.
`org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role>`	`findSubjectAssignedRoles(org.rhq.core.domain.auth.Subject subject, int subjectId, org.rhq.core.domain.util.PageControl pc)`
`org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject>`	`findSubjectsByRole(Integer roleId, org.rhq.core.domain.util.PageControl pc)` Get all subjects that have been assigned the given role.
`org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role>`	`findSubjectUnassignedRoles(org.rhq.core.domain.auth.Subject subject, int subjectId, org.rhq.core.domain.util.PageControl pc)`
`Set<org.rhq.core.domain.authz.Permission>`	`getPermissions(Integer roleId)` Given a role ID, this will return the complete set of authorized permissions for that role.
`org.rhq.core.domain.authz.Role`	`getRole(org.rhq.core.domain.auth.Subject subject, int roleId)`
`org.rhq.core.domain.authz.Role`	`getRoleById(Integer roleId)` Deprecated.
`void`	`removeResourceGroupsFromRole(org.rhq.core.domain.auth.Subject subject, int roleId, int[] groupIds)` Removes the given resource groups from the given role.
`void`	`removeRolesFromResourceGroup(org.rhq.core.domain.auth.Subject subject, int groupId, int[] roleIds)`
`void`	`removeRolesFromSubject(org.rhq.core.domain.auth.Subject subject, int subjectId, int[] roleIds)` Disassociates particular roles from a subject.
`void`	`removeSubjectsFromRole(org.rhq.core.domain.auth.Subject subject, int roleId, int[] subjectIds)`
`void`	`setAssignedResourceGroups(org.rhq.core.domain.auth.Subject subject, int roleId, int[] groupIds)`
`void`	`setAssignedSubjectRoles(org.rhq.core.domain.auth.Subject subject, int subjectId, int[] roleIds)`
`void`	`setAssignedSubjects(org.rhq.core.domain.auth.Subject sessionSubject, int roleId, int[] subjectIds)`
`void`	`setPermissions(org.rhq.core.domain.auth.Subject subject, Integer roleId, Set<org.rhq.core.domain.authz.Permission> permissions)` Sets the permissions for the specified role.
`org.rhq.core.domain.authz.Role`	`updateRole(org.rhq.core.domain.auth.Subject subject, org.rhq.core.domain.authz.Role role)` Updates the given role, excluding the subjects and groups.

Method Detail

findRolesBySubject

org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findRolesBySubject(int subjectId,
                                                                                   org.rhq.core.domain.util.PageControl pc)

This returns a page list of all the roles that a subject is authorized to access.

Parameters:: subjectId - the id of the subject whose roles are to be returned; pc -
Returns:: page list of all subject's roles

findRoles

org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findRoles(org.rhq.core.domain.util.PageControl pc)

Returns a list of all roles in the system.

Parameters:: pc -
Returns:: list of all roles

createRole
```
org.rhq.core.domain.authz.Role createRole(org.rhq.core.domain.auth.Subject subject,
                                        org.rhq.core.domain.authz.Role newRole)
```
Persists the new role to the database. The subjects assigned to the role are ignored - this only creates the role entity with 0 subjects initially assigned to it.

Parameters:
subject - the user attempting to create the role
newRole - the new role to persist

Returns:
the persisted role with the primary key populated

deleteRoles
```
void deleteRoles(org.rhq.core.domain.auth.Subject subject,
               int[] doomedRoleIds)
```
Removes a set of roles from the database. The subjects assigned to the roles are no longer authorized with the deleted roles. Groups attached to the deleted roles are left alone.

Parameters:
subject - the user attempting to delete the role
doomedRoleIds - the IDs of the roles to delete

setPermissions
```
void setPermissions(org.rhq.core.domain.auth.Subject subject,
                  Integer roleId,
                  Set<org.rhq.core.domain.authz.Permission> permissions)
```
Sets the permissions for the specified role. Any currently existing role permissions are overwritten - that is, permissions will be the complete set of permissions the role will now be authorized with.

Parameters:
subject - the user attempting to peform the set
roleId - the ID of the role to modify
permissions - a set of permissions to give to the role

getPermissions
```
Set<org.rhq.core.domain.authz.Permission> getPermissions(Integer roleId)
```
Given a role ID, this will return the complete set of authorized permissions for that role.

Parameters:
roleId -

Returns:
set of permissions that the given role explicitly authorize

updateRole
```
org.rhq.core.domain.authz.Role updateRole(org.rhq.core.domain.auth.Subject subject,
                                        org.rhq.core.domain.authz.Role role)
```
Updates the given role, excluding the subjects and groups. This updates permissions, name, description, etc.

Parameters:
subject - user asking to update the role
role -

Returns:
the updated role

findRolesByIds

org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findRolesByIds(Integer[] roleIds,
                                                                               org.rhq.core.domain.util.PageControl pc)

Given a set of role Ids, this returns a list of all the roles.

Parameters:: roleIds -; pc -
Returns:: all the roles with the given ID

findSubjectsByRole

org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject> findSubjectsByRole(Integer roleId,
                                                                                     org.rhq.core.domain.util.PageControl pc)

Get all subjects that have been assigned the given role.

Parameters:: roleId -; pc -
Returns:: list of all subjects assigned the role

findAvailableRolesForSubject

org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findAvailableRolesForSubject(org.rhq.core.domain.auth.Subject subject,
                                                                                             Integer subjectId,
                                                                                             Integer[] pendingRoleIds,
                                                                                             org.rhq.core.domain.util.PageControl pc)

This returns a list of roles that are available to be assigned to a given subject but not yet assigned to that subject. This excludes roles already assigned to the subject. The returned list will not include the roles identified by pendingRoleIds since it is assumed the pending roles will be assigned to the user.

Parameters:: subject - user attempting to make this call; subjectId - the subject whose list of available roles are to be returned; pendingRoleIds - the list of roles that are planned to be given to the subject; pc -
Returns:: the list of roles that can be assigned to the given user, not including the pending roles

getRoleById
```
@Deprecated
org.rhq.core.domain.authz.Role getRoleById(Integer roleId)
```
Deprecated.

Returns the role with the given ID

Parameters:
roleId -

Returns:
the role or null if it wasn't found

getRole

org.rhq.core.domain.authz.Role getRole(org.rhq.core.domain.auth.Subject subject,
                                     int roleId)

findSubjectAssignedRoles

org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findSubjectAssignedRoles(org.rhq.core.domain.auth.Subject subject,
                                                                                         int subjectId,
                                                                                         org.rhq.core.domain.util.PageControl pc)

findSubjectUnassignedRoles

org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findSubjectUnassignedRoles(org.rhq.core.domain.auth.Subject subject,
                                                                                           int subjectId,
                                                                                           org.rhq.core.domain.util.PageControl pc)

addRolesToSubject
```
void addRolesToSubject(org.rhq.core.domain.auth.Subject subject,
                     int subjectId,
                     int[] roleIds)
```
Assigns a set of roles to a subject which authorizes the subject to do anything the roles permit.

Parameters:
subject - the user attempting to assign the roles to the subject
subjectId - the subject who is to be authorized with the given roles
roleIds - the roles to assign

removeRolesFromSubject
```
void removeRolesFromSubject(org.rhq.core.domain.auth.Subject subject,
                          int subjectId,
                          int[] roleIds)
```
Disassociates particular roles from a subject. Once complete, the subject will no longer be authorized with the given roles.

Parameters:
subject - the user that is attempting to perform the remove
subjectId - the user that is to have the roles unassigned from it
roleIds - list of role IDs that are to be removed from user

setAssignedSubjectRoles

void setAssignedSubjectRoles(org.rhq.core.domain.auth.Subject subject,
                           int subjectId,
                           int[] roleIds)

addSubjectsToRole

void addSubjectsToRole(org.rhq.core.domain.auth.Subject subject,
                     int roleId,
                     int[] subjectIds)

removeSubjectsFromRole

void removeSubjectsFromRole(org.rhq.core.domain.auth.Subject subject,
                          int roleId,
                          int[] subjectIds)

setAssignedSubjects

void setAssignedSubjects(org.rhq.core.domain.auth.Subject sessionSubject,
                       int roleId,
                       int[] subjectIds)

addResourceGroupsToRole

void addResourceGroupsToRole(org.rhq.core.domain.auth.Subject subject,
                           int roleId,
                           int[] pendingGroupIds)

Adds the given resource groups to the given role.

Parameters:: subject - user attempting to add the groups to the role; roleId -; pendingGroupIds -

addRolesToResourceGroup

void addRolesToResourceGroup(org.rhq.core.domain.auth.Subject subject,
                           int groupId,
                           int[] roleIds)

setAssignedResourceGroups

void setAssignedResourceGroups(org.rhq.core.domain.auth.Subject subject,
                             int roleId,
                             int[] groupIds)

removeResourceGroupsFromRole

void removeResourceGroupsFromRole(org.rhq.core.domain.auth.Subject subject,
                                int roleId,
                                int[] groupIds)

Removes the given resource groups from the given role.

Parameters:: subject - user attempting to remove the groups from the role; roleId -; groupIds -

removeRolesFromResourceGroup

void removeRolesFromResourceGroup(org.rhq.core.domain.auth.Subject subject,
                                int groupId,
                                int[] roleIds)

findRolesByCriteria

org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findRolesByCriteria(org.rhq.core.domain.auth.Subject subject,
                                                                                    org.rhq.core.domain.criteria.RoleCriteria criteria)

Interface RoleManagerLocal