Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

uk.ac.soton.itinnovation.grid.pbac2.pdp
Class GroupUtils

java.lang.Object
  extended by uk.ac.soton.itinnovation.grid.pbac2.pdp.GroupUtils

public class GroupUtils
extends Object

Helper classes for managing PBAC groups.

Often, many resources share some of their match rules. For example, every account has a different "budget holder", but the same "service administrator".

To avoid storing the service administrator match rules on every account we can instead create a 'service-admins' group resource and store them on that. Then, every account contains a MatchRule stating that any member of the 'service-admins' group is an administrator of the account.

Any PBAC resource is a group if it contains a PDP.GROUP_MEMBER_ROLE process role. This class defines a single simple type which includes this role.

Field Summary
static String GROUP_RESOURCE_TYPE
          Groups managed using this class must have this PBAC resource type.
 
Constructor Summary
GroupUtils()
           
 
Method Summary
static void ensureGroupDeployed(String resourceID)
          If the group 'resourceID' does not yet exist, create it.
static void ensureGroupDeployed(String resourceID, MatchRule[] initialRules)
          If the group 'resourceID' does not yet exist, create it and add initialRules to its control list.
static String[] getGroups()
          Find all PBAC resources which can be used as groups.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

GROUP_RESOURCE_TYPE

public static final String GROUP_RESOURCE_TYPE
Groups managed using this class must have this PBAC resource type. A policy for the type is deployed automatically the first time you create a group.

See Also:
Constant Field Values
Constructor Detail

GroupUtils

public GroupUtils()
Method Detail

ensureGroupDeployed

public static void ensureGroupDeployed(String resourceID)
If the group 'resourceID' does not yet exist, create it. If it already exists, do nothing.

ensureGroupDeployed

public static void ensureGroupDeployed(String resourceID,
                                       MatchRule[] initialRules)
If the group 'resourceID' does not yet exist, create it and add initialRules to its control list. If it already exists, do nothing.

getGroups

public static String[] getGroups()
Find all PBAC resources which can be used as groups. This is for the groups menu in ACLadmin.

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2001-2007 University of Southampton IT Innovation Centre. All Rights Reserved.