com.ibm.portal.ac.data
Interface RoleType
- All Superinterfaces:
- java.lang.Comparable<RoleType>, Localized
public interface RoleType
- extends java.lang.Comparable<RoleType>, Localized
A Role Type represents privilege(s) necessary to perform particular sensitive
operations. Portal provides a set of predefined role types that can be used
to grant these privileges to principals (users and groups). A role type A
implies
role type B if A represents at least the privileges
represented by role type B.
- Since:
- 6.1.0.3
- See Also:
RoleData
,
AccessControlEnvironment
Field Summary |
static RoleType |
ADMIN
This role type contains all privileges and therefore implies all other
role types. |
static RoleType |
CAN_RUN_AS_USER
This role type contains the privilege to impersonate (act as) another
principal. |
static RoleType |
CONTRIBUTOR
This role type represents all privileges of the Editor role type except
for configure operations. |
static RoleType |
DELEGATOR
This role type contains the privilege to change the privileges of another
principal. |
static RoleType |
DRAFT_CREATOR
The Draft Creator role type represents all privileges necessary to create drafts
of portal content. |
static RoleType |
EDITOR
This role type represents all privileges of the Manager role type except
for delete operations. |
static RoleType |
MANAGER
This role type represents all privileges necessary to create, configure,
delete and view shared resources. |
static RoleType |
MARKUP_EDITOR
This role type represents all privileges of the Editor role type restricted
to static pages and mashups. |
static java.util.List<RoleType> |
PREDEFINED_ROLE_TYPES
Predefined role types that are available out of the box in portal. |
static RoleType |
PRIVILEGED_USER
The Privileged User role type represents all privileges necessary to view
portal content, create private resources and to personalize existing
shared resource, turning them into private ones |
static RoleType |
REVIEWER
The Reviewer role type represents all privileges necessary to view
and approve portal content. |
static RoleType |
SECURITY_ADMIN
This role type contains the privileges that are needed to grant a role
to another principal. |
static RoleType |
USER
The User role type represents the privileges necessary to view portal
content. |
Method Summary |
java.lang.String |
getName()
Returns the name of this RoleType |
boolean |
implies(RoleType roleType)
Returns true if this RoleType implies the given roleType, i.e. |
Methods inherited from interface java.lang.Comparable |
compareTo |
ADMIN
static final RoleType ADMIN
- This role type contains all privileges and therefore implies all other
role types. A user who has been granted this role type on a resource is
allowed to perform any operation on this resource and to delegate any
permissions on this resource to other users.
SECURITY_ADMIN
static final RoleType SECURITY_ADMIN
- This role type contains the privileges that are needed to grant a role
to another principal. A user who has (only) been granted this role
type on a resource is not allowed to perform any operations on the
resource except for delegating permissions on this resource to other
users. The actual permissions that can be delegated have to be provided
by a further role type
DELEGATOR
static final RoleType DELEGATOR
- This role type contains the privilege to change the privileges of another
principal. A user who has been granted this role type on a resource
(usually User or User Group) is not allowed to perform any actions on the
resource except for delegating permissions to this resource. The actual
permissions that can be delegated have to be provided by a further role
type.
CAN_RUN_AS_USER
static final RoleType CAN_RUN_AS_USER
- This role type contains the privilege to impersonate (act as) another
principal. A user who has been granted this role type on a User or User Group
is allowed to impersonate that user (or members of the User Group).
MANAGER
static final RoleType MANAGER
- This role type represents all privileges necessary to create, configure,
delete and view shared resources. It does not contain privileges to
delegate any role types, so Managers are not allowed to modify the access
control configuration of their managed resources. The access control
configuration is typically done automatically through the concept of
permission inheritance. E.g. if a Manager creates and configures a new
page within the page hierarchy, all users that were allowed to see the
parent page of the new page will automatically be allowed to see the new
child page (as long a no inheritance block was inserted by a user).
EDITOR
static final RoleType EDITOR
- This role type represents all privileges of the Manager role type except
for delete operations. Thus, Editors are supposed to configure existing
resources and to create new resources. Editors are automatically allowed
to delete those resources they have created on their own via the
Ownership concept.
MARKUP_EDITOR
static final RoleType MARKUP_EDITOR
- This role type represents all privileges of the Editor role type restricted
to static pages and mashups. Thus, CONTENT_SUPPLIERs are supposed to create new
resources. CONTENT_SUPPLIERs are automatically allowed
to delete those resources they have created on their own via the
Ownership concept.
CONTRIBUTOR
static final RoleType CONTRIBUTOR
- This role type represents all privileges of the Editor role type except
for configure operations. Thus, Contributors are supposed to to create
new (shared) resources but are not allowed to configure existing
resources. Contributors are automatically allowed to edit and delete
those resources they have created on their own via the Ownership concept.
PRIVILEGED_USER
static final RoleType PRIVILEGED_USER
- The Privileged User role type represents all privileges necessary to view
portal content, create private resources and to personalize existing
shared resource, turning them into private ones
USER
static final RoleType USER
- The User role type represents the privileges necessary to view portal
content.
REVIEWER
static final RoleType REVIEWER
- The Reviewer role type represents all privileges necessary to view
and approve portal content. Thus, Reviewers are supposed to review and
approve creations of new resources and modifications of existing resources.
DRAFT_CREATOR
static final RoleType DRAFT_CREATOR
- The Draft Creator role type represents all privileges necessary to create drafts
of portal content. Thus, Draft Creators are supposed to create drafts of new resources
or existing resources.
PREDEFINED_ROLE_TYPES
static final java.util.List<RoleType> PREDEFINED_ROLE_TYPES
- Predefined role types that are available out of the box in portal. This
array also defines the default display and result order of the predefined
role types.
implies
boolean implies(RoleType roleType)
- Returns true if this RoleType implies the given roleType, i.e. if all the
privileges represented by the given roleType are also covered by this
RoleType.
- Parameters:
roleType
- to test
- Returns:
- true if this RoleType implies the given roleType
getName
java.lang.String getName()
- Returns the name of this RoleType
- Returns:
- the name of this RoleType
- See Also:
AccessControlEnvironment.getRoleTypeForName(String)