com.esri.arcgis.server
Class IPermissionsAdminProxy

java.lang.Object
  com.esri.arcgis.interop.Dispatch
      com.esri.arcgis.server.IPermissionsAdminProxy

All Implemented Interfaces:

IPermissionsAdmin, Externalizable, Serializable

Direct Known Subclasses:

IPermissionsAdmin2Proxy

public class IPermissionsAdminProxy
extends com.esri.arcgis.interop.Dispatch
implements IPermissionsAdmin, Serializable

Provides administrative access to the Permissions Store.

Description

IPermissionsAdmin provides methods to Allow and Deny operations on ArcGIS Server resources and to retrieve all principals with access to resources.

The IPermissionsAdmin interface can be obtained by a query interface with the IServerObjectAdmin interface.

A list of security model concepts is useful here.

• User - An individual identified by a unique user name who wants to consume resources provided by ArcGIS Server. Users are stored within a User Store which may be a database, the active directory on a Windows Server or an LDAP sever. All authentication of users takes place in the web tier.
• Role - A collection of users based on functional, departmental or classification groupings (e.g. Planners, Editors, Classified, Unclassified, etc.). A role can be assigned a permission to use or invoke operations on a resource. Roles are stored within a Role Store which may be a database, the Active Directory on a Windows Server or an LDAP server.
• Principal - A term that denotes either a User or a Role.
• Resource - An item or object that is to be secured. In a 9.3 ArcGIS Server, resources are web applications and GIS services and server folders containing GIS services.
• Operation - An action or method that can be invoked on a secured resource. At 9.3, no distinction is made between operations and the only valid value, "*", is used to denote all actions.
• Permission - The ability of a role to use or invoke operations on a specific resource.

Permissions are assigned in a Continuous Inheritance model. A child resource inherits permissions from its parent resource and the child can be changed to differ from the parent. Changing the permission on the parent for a specific user/role restores inheritance to match the parent recursively; all children will be changed to match the parent.

Remarks

The following administration functionality of the ArcGIS Server is exposed by the methods of IPermissionsAdmin :

Administer role-based ArcGIS Server security:

• Allow permissions on a resource
• Deny permissions on a resource

Get information about the ArcGIS Security mode:

• Get all principals that have any Allow/Deny rules on any resource.

When To Use

Use the IPermissionsAdmin interface when your application needs to set permissions on ArcGIS Server GIS resources for specific principals.

If your application is connecting to the server only to retrieve information about the current state of permissions on ArcGIS Server GIS resources, use the IPermissionsManager interface instead.

Product Availability

Available with ArcGIS Engine, ArcGIS Desktop, and ArcGIS Server.

See Also:

Serialized Form

Field Summary

boolean

noncastable

Fields inherited from class com.esri.arcgis.interop.Dispatch

DISPATCH_METHOD, DISPATCH_PROPERTYGET, DISPATCH_PROPERTYPUT, DISPATCH_PROPERTYPUTREF, objRef

Constructor Summary

	IPermissionsAdminProxy()
	IPermissionsAdminProxy(Object obj)
protected	IPermissionsAdminProxy(Object obj, String iid)

Method Summary

void	addListener(String iidStr, Object theListener, Object theSource)
void	allowPermission(String principal, String resource, String operation) Grants permission to the specified principal to perform the given operation on the indicated resource.
void	denyPermission(String principal, String resource, String operation) Revokes permission from the specified principal to perform the given operation on the indicated resource.
IEnumBSTR	getAllPrincipals() Enumrates all princiapls in the Permissions Store.
void	removeListener(String iidStr, Object theListener)

Methods inherited from class com.esri.arcgis.interop.Dispatch

bindUsingMoniker, constructVtblPosTable, convertToNative, cookieForListener, createDispatch, createObjrefMonikerDisplayName, equals, getActiveObject, getActiveObject, getDefaultProperty, getDispatchIdOfName, getLastErrorCode, getMtsObjectContext, getObjRef, getPropertyByName, getPropertyByName, getVtblPos, hashCode, initDispatch, invoke, invokeMethodByName, invokeMethodByName, invokeMethodByName, invokePropertyGetByName, invokePropertyPutByName, invokePropertyPutByRefByName, isNativeMode, isObjRef, optimizedVtblInvoke, queryInterface, readExternal, release, setNativeMode, setPropertyByName, toString, vtblInvoke, writeExternal

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

noncastable

public boolean noncastable

Constructor Detail

IPermissionsAdminProxy

public IPermissionsAdminProxy()

IPermissionsAdminProxy

public IPermissionsAdminProxy(Object obj)
                       throws IOException

Throws:

IOException

IPermissionsAdminProxy

protected IPermissionsAdminProxy(Object obj,
                                 String iid)
                          throws IOException

Throws:

IOException

Method Detail

addListener

public void addListener(String iidStr,
                        Object theListener,
                        Object theSource)
                 throws IOException

Overrides:

addListener in class com.esri.arcgis.interop.Dispatch

Throws:

IOException

removeListener

public void removeListener(String iidStr,
                           Object theListener)
                    throws IOException

Overrides:

removeListener in class com.esri.arcgis.interop.Dispatch

Throws:

IOException

allowPermission

public void allowPermission(String principal,
                            String resource,
                            String operation)
                     throws IOException,
                            AutomationException

Grants permission to the specified principal to perform the given operation on the indicated resource.

Remarks

When using role-based security in ArcGIS Server, security for resources (GIS Services and folders containing GIS Services) is managed by allowing or denying a principal permissions for all operations on a resource.

Use the AllowPermissions method to allow a principal access to perform any operation on a specified resource. Once the allow permission has been granted it can be removed explicitly using the DenyPermissions method or implicitly through the continuous inheritance model.

Product Availability

Available with ArcGIS Engine, ArcGIS Desktop, and ArcGIS Server.

Specified by:

allowPermission in interface IPermissionsAdmin

Parameters:

principal - The principal (in)

resource - The resource (in)

operation - The operation (in)

Throws:

IOException - If there are interop problems.

AutomationException - If the ArcObject component throws an exception.

denyPermission

public void denyPermission(String principal,
                           String resource,
                           String operation)
                    throws IOException,
                           AutomationException

Revokes permission from the specified principal to perform the given operation on the indicated resource.

Remarks

When using role-based security in ArcGIS Server, security for resources (GIS Services and folders containing GIS Services) is managed by allowing or denying a principal permissions for all operations on a resource.

Use the DenyPermissions method to deny a principal access to perform any operation on a specified resource. Once the permission has been revoked it can be restored explicitly using the AllowPermissions method or implicitly through the continuous inheritance model.

Product Availability

Available with ArcGIS Engine, ArcGIS Desktop, and ArcGIS Server.

Specified by:

denyPermission in interface IPermissionsAdmin

Parameters:

principal - The principal (in)

resource - The resource (in)

operation - The operation (in)

Throws:

IOException - If there are interop problems.

AutomationException - If the ArcObject component throws an exception.

getAllPrincipals

public IEnumBSTR getAllPrincipals()
                           throws IOException,
                                  AutomationException

Enumrates all princiapls in the Permissions Store.

Remarks

Use the GetAllPrincipals method to return an enumeration over all the principals with allow/deny rules in the ArcGIS Server security model.

Product Availability

Available with ArcGIS Engine, ArcGIS Desktop, and ArcGIS Server.

Specified by:

getAllPrincipals in interface IPermissionsAdmin

Returns:

A reference to a com.esri.arcgis.system.IEnumBSTR

Throws:

IOException - If there are interop problems.

AutomationException - If the ArcObject component throws an exception.