Class RoleManagementRules


public class RoleManagementRules extends Object
RoleManagementRules represents a set of rules which is used to determine principal's access rights for managing and reading a role. Moreover, it contains allowed combinations of object and entity to/from which will be the role un/assigned and related roles which can also read attribute value if the role can. Each object and entity also contains a mapping to the specific column in the authz table, so the database query can be created and executed more generally. roleName is role's unique identification which is used in the configuration file perun-roles.yml primaryObject serves to determine with which object is the role primarily connected. Other objects are just complementary. privilegedRolesToManage is a list of maps where each map entry consists from a role name as a key and a role object as a value. Relation between each map in the list is logical OR and relation between each entry in the map is logical AND. Example list - (Map1, Map2...) Example map - key: VOADMIN ; value: Vo key: GROUPADMIN ; value: Group privilegedRolesToRead is same as the privilegedRolesToManage, but its purpose is to determine which roles have rights to read the roleName. entitiesToManage is a map of entities which can be set to the role. Key is a entity name and value is mapping to the database. Example entry: key: User; value: user_id assignedObjects is a map of objects which can be assigned with the role. Key is a object name and value is mapping to the database. Example entry: key: Resource; value: resource_id associatedReadRoles is a list of related roles which are authorized to read attribute value if the main role is authorized. Example list for groupadmin role - value: [GROUPOBSERVER] assignableToAttributes is a flag that determines whether the role can appear in attribute policies.
  • Constructor Details

  • Method Details

    • getRoleName

      public String getRoleName()
    • setRoleName

      public void setRoleName(String roleName)
    • getPrimaryObject

      public String getPrimaryObject()
    • setPrimaryObject

      public void setPrimaryObject(String primaryObject)
    • getPrivilegedRolesToManage

      public List<Map<String,String>> getPrivilegedRolesToManage()
    • setPrivilegedRolesToManage

      public void setPrivilegedRolesToManage(List<Map<String,String>> privilegedRolesToManage)
    • getPrivilegedRolesToRead

      public List<Map<String,String>> getPrivilegedRolesToRead()
    • setPrivilegedRolesToRead

      public void setPrivilegedRolesToRead(List<Map<String,String>> privilegedRolesToRead)
    • getEntitiesToManage

      public Map<String,String> getEntitiesToManage()
    • setEntitiesToManage

      public void setEntitiesToManage(Map<String,String> entitiesToManage)
    • getAssignedObjects

      public Map<String,String> getAssignedObjects()
    • setAssignedObjects

      public void setAssignedObjects(Map<String,String> assignedObjects)
    • getAssociatedReadRoles

      public List<String> getAssociatedReadRoles()
    • setAssociatedReadRoles

      public void setAssociatedReadRoles(List<String> associatedReadRoles)
    • equals

      public boolean equals(Object o)
      equals in class Object
    • hashCode

      public int hashCode()
      hashCode in class Object
    • toString

      public String toString()
      toString in class Object
    • isAssignableToAttributes

      public boolean isAssignableToAttributes()
    • setAssignableToAttributes

      public void setAssignableToAttributes(boolean assignableToAttributes)