Enterprise Security version 6.0 includes SMAPI methods that enable you to manage security domains, and associate them with security policies. The security properties that you can define for a specific domain are described in “Domain-specific properties”.
All the existing SMAPI interfaces have been modified to use the object ID, instead of the DN, as the primary key. Methods still accept a DN to maintain backward compatibility, but performance improves if you use the object ID.
SMAPI now allows clients to change the name of a security object and the organization to which it belongs. All security objects are created in the same security domain as the organization in which they are created.
Table 5-5 describes the methods that have been added to the existing SMAPI interfaces:
Method name |
Description |
|---|---|
boolean changePassword(String, String, String) |
Added to the SubjectQueries remote interface. Allows users to change their password by supplying their user name, old password, and new password. |
String getDN() |
Added to the AssetManagement, GroupManagement, OrganizationManagement, RoleManagement, and SubjectManagement remote interfaces. Returns the DN of the security object (asset, group, organization, role, or subject).
|
Map[] getOrgHierarchy(SearchInfo) |
Added to the OrganizationQueries remote interface. Returns a list of the organizations rooted at the current organization, and information about their hierarchy. |
String getSecurityDomain() |
Added to the AssetManagement, GroupManagement, OrganizationManagement, RoleManagement, and SubjectManagement remote interfaces. Returns the primary key of the security domain. |
Map[] listAncestorRoles(SearchInfo) |
Added to the RoleQueries remote interface. Returns the list of roles from which the specified role inherits. |
Map[] listBySecurityDomain(String) |
Added to the OrganizationQueries remote interface. Returns a list of all the organizations in the specified domain. |
Map[] listDescendantRoles(SearchInfo) |
Added to the RoleQueries remote interface. Returns the list of roles that inherit from the specified role. |
Map[] listInfoByConditions(SearchInfo[]) |
Added to the ProxyAuthenticationInfoQueries remote interface. Returns proxy authentication information that satisfies the specified conditions. |
Map[] listInfoByConditions(SearchInfo[], Integer) |
Added to the AssetQueries, GroupQueries, OrganizationQueries, and RoleQueries remote interfaces. Returns a list of the appropriate security objects (assets, groups, organizations, or roles) that satisfy the specified conditions. |
Map[] listInfoByConditions(String[], SearchInfo[], Integer) |
Added to the SubjectQueries remote interfaces. Returns a list of the subjects that satisfy the specified conditions. |
Map[] listInfoByLockType(String[], int) |
Added to the SubjectQueries remote interface. Returns a list of users whose accounts are locked. |
Map[] listRootOrgs() |
Added to the OrganizationQueries remote interface. Returns a list of all the root organizations. Currently, only one root organization can exist but future versions of Enterprise Security are scheduled to support multiple root organizations. |
void moveToNewOrganization(String[], String) |
Added to the AssetQueries, GroupQueries, RoleQueries, and SubjectQueries remote interfaces. Moves multiple security objects (assets, groups, roles, or subjects) to a new organization. |
boolean setDN(String) |
Added to the AssetManagement, GroupManagement, OrganizationManagement, RoleManagement, and SubjectManagement remote interfaces. Sets the DN for the security object. |
boolean setName(String) |
Added to the AssetManagement, GroupManagement, OrganizationManagement, RoleManagement, SecurityDomainManagement, and SubjectManagement, remote interfaces. Sets the object’s name. |
boolean setOrganization(String) |
Added to the AssetManagement, GroupManagement, RoleManagement, and SubjectManagement, remote interfaces. Moves the object to the specified organization. |
boolean setSecurityDomain(String) |
Added to the OrganizationManagement remote interface. Moves the organization to the specified security domain. |
The format of a DN can
vary. An algorithm, which in earlier versions of Enterprise Security
successfully parsed a DN, may no
longer work correctly.