Provides interfaces related to authentication, authorization, and user- and group-specific data. This namespace also includes infrastructure interfaces related to encryption and to other security matters not strictly related to authentication and authorization.
Interfaces
Interface | Description | |||
---|---|---|---|---|
![]() |
IAccessPermission | Defines access permissions through a bitmask of access rights. You can create an instance of this class by calling on the class. |
||
![]() |
IAccessPermissionDescription | Describes an access right or level. This interface provides helper methods that you can use to retrieve descriptive information for a particular access right or access level (a commonly-used combination of access rights) for a particular object. The most typical use of this interface's methods is to populate a security edit dialog. For example, you can retrieve a The user must have Read ( You can get an instance of this object in the following ways:
These methods return an |
||
![]() |
IActiveMarking | Represents a marking that is currently applied to a given object. Any object that can have a marking can be assigned one or more markings. A marking that is assigned to an object is called an active marking. An From the properties on this interface, you can retrieve the value of the associated You cannot create a new |
||
![]() |
IApplicationSecurityTemplate | Represents a template through which an application can apply permissions (access rights) to a , , or object, and to their subclasses. Security templates are not independently persistable to the Content Engine; they are contained in a object. The template contains the permissions that will be applied to an object by the application program. An object also has associated objects, each of which provide descriptive information for an access right or level. You can enable or disable a template within its security policy container. An enabled template can be applied to an object; a disabled template remains an item in the security policy container but cannot be applied to an object. A To create an instance of |
||
![]() |
IDiscretionaryPermission | Base class for permission objects that define discretionary access permissions. The object's owner grants individual users or groups access rights to the object based on the grantee's identity and group memberships. | ||
![]() |
IGroup | Represents a group of user accounts defined by the directory service on the Content Engine server. Access rights and permissions are assigned to a grantee, which can be a user or a group. Access rights can be assigned to a group regardless of whether the group has any members. Users can be added to the group later. When a user is added to a group, the user automatically gains the access rights assigned to the group to which it belongs. A group can also have subgroups. Security on objects, such as folders and documents, can pertain to particular groups. These groups, and the users and subgroups that make up the group's membership, are defined and created using tools provided by your directory service product (for example, Windows Active Directory, Novell eDirectory, or Sun Java System Directory Server). Creating user accounts and the groups to which they belong are administrative tasks (typically performed by a system administrator) that are outside the scope of the Content Engine API. You cannot create a new
You can call methods on the |
||
![]() |
IMarking | Represents the definition of a value that may be assigned to a marking-controlled property. Markings provide an additional, optional layer of security that is primarily designed for the records management marketplace, but which can also be applied by non-records management applications. Markings allow controlled access to objects based on specific property values. The set of definitions for all possible objects is contained in a collection. A marking represents a single item in a set of markings. For example, if a set of markings is called Security Codes, items within the set might be Top Secret, Secret, Confidential, and so on. Each of those marking values contains a set of access permissions that define who can assign that specific value to an object property, who can modify or remove that specific value, and, once the value is assigned, who will have access to the object to which the value is assigned. You can assign one or more of these markings to an object. To then be able to access that object, a user must be granted sufficient access from all assigned markings. The set of all active markings (that is, those that are currently assigned to a given object) are contained in an The user's access to an object is represented by an effective access mask. The effective access is calculated using the object's permission list and subtracting the constraint mask of the applied markings. The resulting effective access is used to control what that user can do with the object. |
||
![]() |
IMarkingSet | Represents a container for the set of markings for a given object property. The The marking set is assigned to a property definition on a class such that the value of that property on instances of the class must be one of the markings defined by the marking set. Values can only be assigned by users authorized by the associated marking, and, after the marking is applied, access to the object is restricted based on the marking. You can create a new |
||
![]() |
IPermission | Represents the base class for objects. A You can get a You can optionally set the A permission can be acquired from several sources: direct, default, a security parent, or a security template. A permission's source is direct as a result of explicitly setting the object's permission, for example, by calling |
||
![]() |
IPermissionDescription | Base class for objects describing permissions. | ||
![]() |
IRealm | Consists of a set of related groups and users. A realm is normally mapped to a directory partition (that is, a ) in a directory server. The primary use of a object is to retrieve lists of the groups and users in the realm. You can instantiate a
|
||
![]() |
ISecurityPolicy | Represents an independently persistable, subclassable container for a list of security templates. Through an object's SecurityPolicy property, a object is associated with a , , or object, and subclasses of those objects. When you create an object of one of these types, you can optionally assign a object to it. If not explicitly assigned, the object's SecurityPolicy property is assigned a value provided by the class's default. The security policy defines the set of security templates that can be applied to the objects with which the policy is associated. The templates contained within a security policy can be one of two types: versioning or application templates. (For more information on security template types, see You can create an instance of a |
||
![]() |
ISecurityPrincipal | Provides the base class for security principals ( and objects). |
||
![]() |
ISecurityTemplate | Represents the base class for security template classes. The templates are contained within a security policy and can be one of two types: versioning or application templates. For more information on each of these types, refer to the interface descriptions for |
||
![]() |
IUser | Represents a particular user who has access to Content Engine resources. Access rights and permissions are assigned to a grantee, which can be a user or a group. A user's access to resources can be defined in terms of its membership in a group, but need not be. User accounts and the groups and subgroups to which they belong are defined and created using tools provided by your directory service product (for example, Windows Active Directory, Novell eDirectory, or Sun Java System Directory Server). Creating and modifying user accounts and groups are administrative tasks (typically performed by a system administrator) that are outside the scope of the Content Engine API. You cannot create a new
You can call methods on the |
||
![]() |
IVersioningSecurityTemplate | Represents a template for automatically applying permissions (access rights) to a object during versioning state changes. Security templates are not independently persistable to the Content Engine; they are contained in a object. The template contains the permissions that will be applied to an object as its version state changes. A object also has associated objects, each of which provide descriptive information for an access right or level. You can enable or disable a template within its security policy container. An enabled template can be applied to an object; a disabled template remains an item in the security policy container but cannot be applied to an object. A If an object has no associated security policy, its permissions remain unchanged when it undergoes a versioning change. However, if the object has an associated
To create a new |