EASP API 7.14.0

net.juniper.smgt.ent.im
Interface Manager

All Superinterfaces:
Persistent

public interface Manager
extends Persistent

This is the interface used to manipulate the enterprise managers. Managers have a password and a set of privileges that allow them to modify data in the SSC's LDAP directory. Managers can have the following roles:

There is a privilege defined for each of these manager roles (see the constants defined by this interface for more detail). To give a Manager a specific privilege, one must add the value, such as "Administrators", "Subscritpions", "Substitutions" and "Activations", to the manager's optional multi-valued string-attribute "role". This can be done by calling this interface's setPrivieges method. Note that some privileges imply other privileges, and some privileges overlap: All of these privileges are restricted such that Managers can modify only entries in the scope (i.e. the LDAP subtree) to which they are bound (see ServiceProvider.bind(java.lang.String, java.lang.String)).

However, all Managers, regardless of privileges, are able to read all of the following objects:


Field Summary
static java.lang.String ACTIVATESUBSC
          One of the privileges that can be granted to a Manager.
static java.lang.String ADMINISTER
          One of the privileges that can be granted to a Manager.
static java.lang.String MODIFYSUBSC
          One of the privileges that can be granted to a Manager.
static java.lang.String MODIFYSUBST
          One of the privileges that can be granted to a Manager.
static java.lang.String MODIFYVPN
          One of the privileges that can be granted to a Manager.
 
Method Summary
 java.lang.String[] getPrivileges()
          Returns this Manager's privileges.
 Subscriber getSubscriber()
          Returns the Subscriber that owns this Manager.
 boolean isActivation()
          Returns true while this Manager has the ACTIVATESUBSC privilege.
 boolean isAdministrator()
          Returns true while this Manager has the ADMINISTER privilege.
 boolean isSubscription()
          Returns true while this Manager has the MODIFYSUBSC privilege.
 boolean isSubstitution()
          Returns true while this Manager has the MODIFYSUBST privilege.
 boolean isVPN()
          Returns true while this Manager has the MODIFYVPN privilege.
 void setPassword(java.lang.String newPassword)
          Changes this Manager's password.
 void setPrivileges(java.lang.String[] privilege)
          Sets this Manager's privileges.
 
Methods inherited from interface net.juniper.smgt.ent.im.Persistent
addListener, delListener, getAttribute, getDisplayName, getId, getName, setAttribute, setAttribute, setDisplayName
 

Field Detail

ADMINISTER

static final java.lang.String ADMINISTER
One of the privileges that can be granted to a Manager. This privilege controls whether the manager can create and delete other Managers and modify their privileges. This privilege implicitly includes all the other privileges, so a manager with the ADMINISTER privilege implicitly has the MODIFYSUBSC, MODIFYSUBST, and ACTIVATESUBSC privileges.

See Also:
Constant Field Values

MODIFYSUBSC

static final java.lang.String MODIFYSUBSC
One of the privileges that can be granted to a Manager. This privilege controls whether the manager can add, delete, or modify subscription entries in the LDAP directory.

See Also:
Constant Field Values

MODIFYSUBST

static final java.lang.String MODIFYSUBST
One of the privileges that can be granted to a Manager. This privilege controls whether the manager can modify service parameter substitutions that are defined in LDAP entries for Enterprises, Sites, Accesses, and Subscriptions.

See Also:
Constant Field Values

ACTIVATESUBSC

static final java.lang.String ACTIVATESUBSC
One of the privileges that can be granted to a Manager. This privilege controls whether the manager can modify service parameter substitutions that are defined in LDAP entries for Enterprises, Sites, Accesses, and Subscriptions.

See Also:
Constant Field Values

MODIFYVPN

static final java.lang.String MODIFYVPN
One of the privileges that can be granted to a Manager. This privilege controls whether the manager can modify VPNs entries in LDAP derectory.

See Also:
Constant Field Values
Method Detail

getSubscriber

Subscriber getSubscriber()
                         throws CommunicationException,
                                AccessControlException
Returns the Subscriber that owns this Manager. This is the Manager's parent object in the LDAP directory.

Throws:
CommunicationException - Thrown if there is a problem communicating with the directory.
AccessControlException - Thrown if the currently bound Manager does not have permission to access the Subscriber.

getPrivileges

java.lang.String[] getPrivileges()
                                 throws CommunicationException,
                                        UnknownIdentityException,
                                        AccessControlException
Returns this Manager's privileges.

Returns:
An array of the manager's privileges. The array will contain a subset of the four privileges {ADMINISTER, MODIFYSUBSC, MODIFYSUBST, ACTIVATESUBSC}.
Throws:
UnknownIdentityException - Thrown if any of the relevant group entries have been deleted from the directory. A group entry is an LDAP entry that contains all the Managers with a specific permission and control over a specific Enterprise, Site, or Access.
CommunicationException - Thrown if there is a problem communicating with the directory.
AccessControlException - Thrown if the currently bound manager (i.e. the manager that is invoking this method) is not allowed to administer this manager (i.e. the manager represented by this Manager instance).

isActivation

boolean isActivation()
                     throws CommunicationException,
                            UnknownIdentityException,
                            AccessControlException
Returns true while this Manager has the ACTIVATESUBSC privilege.

Returns:
True only if getPrivileges() includes ACTIVATESUBSC.
Throws:
UnknownIdentityException - Thrown if this manager has been deleted from the directory.
CommunicationException - Thrown if there is a problem communicating with the directory.
AccessControlException - Thrown if the currently bound manager (i.e. the manager that is invoking this method) is not allowed to administer this manager (i.e. the manager represented by this Manager instance).

isAdministrator

boolean isAdministrator()
                        throws CommunicationException,
                               UnknownIdentityException,
                               AccessControlException
Returns true while this Manager has the ADMINISTER privilege.

Returns:
True if getPrivileges() includes ADMINISTER.
Throws:
UnknownIdentityException - Thrown if this manager has been deleted from the directory.
CommunicationException - Thrown if there is a problem communicating with the directory.
AccessControlException - Thrown if the currently bound manager (i.e. the manager that is invoking this method) is not allowed to administer this manager (i.e. the manager represented by this Manager instance).
See Also:
ADMINISTER

isSubscription

boolean isSubscription()
                       throws CommunicationException,
                              UnknownIdentityException,
                              AccessControlException
Returns true while this Manager has the MODIFYSUBSC privilege.

Returns:
True only if getPrivileges() includes MODIFYSUBSC
Throws:
UnknownIdentityException - Thrown if this manager has been deleted from the directory.
CommunicationException - Thrown if there is a problem communicating with the directory.
AccessControlException - Thrown if the currently bound manager (i.e. the manager that is invoking this method) is not allowed to administer this manager (i.e. the manager represented by this Manager instance).

isSubstitution

boolean isSubstitution()
                       throws CommunicationException,
                              UnknownIdentityException,
                              AccessControlException
Returns true while this Manager has the MODIFYSUBST privilege.

Returns:
True only if getPrivileges() includes MODIFYSUBST.
Throws:
UnknownIdentityException - Thrown if this manager has been deleted from the directory.
CommunicationException - Thrown if there is a problem communicating with the directory.
AccessControlException - Thrown if the currently bound manager (i.e. the manager that is invoking this method) is not allowed to administer this manager (i.e. the manager represented by this Manager instance).

setPassword

void setPassword(java.lang.String newPassword)
                 throws UnknownIdentityException,
                        CommunicationException,
                        AccessControlException
Changes this Manager's password.

Parameters:
newPassword - The manager's new password.
Throws:
UnknownIdentityException - Thrown if this manager has been deleted from the directory.
CommunicationException - Thrown if there is a problem communicating with the directory.
AccessControlException - Thrown if the currently bound manager (i.e. the manager that is invoking this method) is not allowed to administer this manager (i.e. the manager represented by this Manager instance).

setPrivileges

void setPrivileges(java.lang.String[] privilege)
                   throws CommunicationException,
                          UnknownIdentityException,
                          AccessControlException
Sets this Manager's privileges. Implied values (i.e. privileges that are implicit in other privileges) and unrecognized values (i.e. values that are not among the constants defined in this class) are ignored. The following table provides some examples:
Contents of array passed to this method: Result of subsequent call to getPrivileges() method: Comment:
ACTIVATESUBSC, MODIFYSUBST, MODIFYSUBSC, ADMINISTER ADMINISTER ADMINISTER implies all other privileges
ACTIVATESUBSC, MODIFYSUBST, MODIFYSUBSC MODIFYSUBST, MODIFYSUBSC MODIFYSUBSC implies ACTIVATESUBSC
ACTIVATESUBSC, MODIFYSUBSC MODIFYSUBSC MODIFYSUBSC implies ACTIVATESUBSC
ACTIVATESUBSC, "mistake" ACTIVATESUBSC Unrecognized values are ignored.

Parameters:
privilege - An array of the manager's privileges. The array must contain a subset of the four privileges {ADMINISTER, MODIFYSUBSC, MODIFYSUBST, ACTIVATESUBSC}.
Throws:
UnknownIdentityException - Thrown if this manager has been deleted from the directory.
CommunicationException - Thrown if there is a problem communicating with the directory.
AccessControlException - Thrown if the currently bound manager (i.e. the manager that is invoking this method) is not allowed to administer this manager (i.e. the manager represented by this Manager instance).

isVPN

boolean isVPN()
              throws CommunicationException,
                     UnknownIdentityException,
                     AccessControlException
Returns true while this Manager has the MODIFYVPN privilege.

Returns:
True only if getPrivileges() includes MODIFYSUBST.
Throws:
UnknownIdentityException - Thrown if this manager has been deleted from the directory.
CommunicationException - Thrown if there is a problem communicating with the directory.
AccessControlException - Thrown if the currently bound manager (i.e. the manager that is invoking this method) is not allowed to administer this manager (i.e. the manager represented by this Manager instance).

EASP API 7.14.0