The Security Management API (SMAPI) allows you to manage security programmatically. You can also develop your own front-end tool that uses the SMAPI to manage your security data. The SMAPI replaces the Object Management API, providing greater functionality that is easier to use.
Enterprise Security provides a default implementation for managing the data in your ACDB. You can contact Sybase Professional Services to customize your implementation.
The SMAPI supports these features:
Enables you to develop a password validation component to validate new passwords. A sample component is provided, which you can customize. See “Verifying passwords” for more information.
You can specify the number of days that a user’s password is valid before it expires. This is enabled using Enterprise Security Manager—see “Creating and managing user accounts”.
Self-registration – new users can set up their own accounts and register with the secured system, using the SubjectManagement interface. Previously, the PSO was required to register all new users, and assign their roles and permissions. See “Self-registration group”.
Internal assets – the SMAPI exposes some internal assets used to accomplish management tasks through the AssetManagement interface. Previously, only users who were granted the PortalSecOfficer role had access to these internal assets.
Proxy authentication information management – users can manage their proxy authentication information that is defined at the user level. Administrators can also define proxy authentication information at the asset and role level. See Chapter 3, “Setting Up Security” and Chapter 9, “Proxy Authentication.”
Subject account management – the SubjectManagement interface allows users to update their own account information. Users cannot delete their accounts; the PSO must delete any unwanted or unused accounts.
The default implementation of the SubjectManagement interface supports access to and modification of data in the ACDB. If you store authentication and authorization information in another data store, you must write and deploy your own implementation of the provided APIs.
For self-registration and personal account management, you must develop your own EJB client that uses the SubjectManagement interface. Enterprise Security Manager does not provide a user interface that allows users to update their own account.
