Objects
User object
A user objects are maps that hold the information belonging to a single user accountaccount.
|
Attribute
|
Type
|
Description
|
|---|---|---|
| id | Long | user id |
| accountId | Long | account id |
| accountName | String | account name |
| system | String | managed system (agent) name |
| accountDescription | String | account description |
| active | Boolean | true if user is active |
| accountDisabled | Boolean | true if account is diabled |
| mailAlias | String | blank separated mails |
| userName | String | user name |
| primaryGroup | String | user's primary group name |
| comments | String | user's comments |
| createdOn | Date | user creation date |
| modifiedOn | Date | user last modification date |
| mailDomain | Date | user mail domain ( email right side of @) |
| fullName | String | user full name |
| shortName | String | user mail name (email left side of @) |
| firstName | String | user first name |
| lastName | String | user last name |
| lastName2 | String | user second last name (when applicable) |
| mailServer | String | mail server host name |
| homeServer | String | home drive server host name |
| profileServer | String | roaming profile server host name |
| phone | String | user's phone number |
| userType | String | user type |
| createdBy | String | user name creator of this user |
| modifiedBy | String | user name modifier of this user |
| secondaryGroups | List<Map<String,Object>> |
list of groups the user belongs to, including primary group The attributes of the inner map are described later |
| attributes | Map<String,String> | additional user attributes |
| grantedRoles | List<Map<String,Object>> | list of grants directly granted to the user |
| allGrantedRoles | List<Map<String,Object>> | list of grants directly on indirectly granted to the user |
| granted | List<String> | list of role names and group names directly granted to the user |
| allGranted | List<String> | list of role names and group names directly or indirectly granted to the user |
Account object
An account object holds the information belonging to an accountaccount.
|
Attribute
|
Type
|
Description
|
|---|---|---|
| accountDescription | String | account description |
| accountDisabled | Boolean | true if account is diabled |
| accountId | Long | account id |
| accountName | String | account name |
| allGranted | List<String> | list of role names directly or indirectly granted to the user |
| allGrantedRoles | List<Map<String,Object>> | list of grants directly on indirectly granted to the user |
| attributes | Map<String,String> | additional account attributes |
| granted | List<String> | list of role names directly granted to the user |
| grantedRoles | List<Map<String,Object>> | list of grants directly granted to the user |
| lastLogin | Calendar | lastLogin |
| lastPasswordUpdate | Calendar | lastPasswordUpdate |
| lastUpdate | Calendar | lastUpdate |
| passwordExpiration | Calendar | passwordExpiration |
| passwordPolicy | String | password policy |
| system | String | managed system (agent) name |
| type | AccountType | "U"=user, "S"=shared, "P"=privileged, "I=ignored |
Group object
An group object holds the information belonging to a group.
|
Attribute
|
Type
|
Description
|
|---|---|---|
| groupId | Long | group id |
| name | String | group name |
| description | String | group description |
| parent | String | parent group name |
| server | String | home server host name |
| disabled | boolean | true if the group is disabled |
| accountingGroup | String | group accounting information |
| type | String | group type |
| driveLetter | String | home server letter to connect to |
| users | List<Map<String,Object>> | list of users belonging to this group |
| userNames | List<String> | list of user names belonging to this group |
| allUsers | List<Map<String,Object>> | list of users directly or indirectly belonging to this group |
| allUserNames | List<String> | list of user names either directly or indirectly grantee of this role |
| grantedRoles | List<Map<String,Object>> | list of roles granted to this group |
| grantedRoleNames | List<String> | list of role names granted to this group |
Role object
An role object holds the information belonging to a role.
|
Attribute
|
Type
|
Description
|
|---|---|---|
| roleId | Long | role id |
| system | String | managed system (agent) name |
| name | String | role name |
| application | String | application system name |
| category | String | role category |
| passwordProtected | boolean | true if role should be password protected (where applicable) |
| description | String | Role description |
| wfmanaged | boolean | true if role should be displayed in self service requests |
| domain | String | custom domain for this role: Use com.soffid.iam.api.DomainType constants or configured custom domain |
| ownedRoles | List<Map<String,Object>> | list of roles granted to this one |
| ownerRoles | List<Map<String,Object>> | list of roles grantee of this one |
| ownerGroups | List<Map<String,Object>> | list of groups grantee of this role |
| grantedAccountNames | List<String> | list of account names directly grantee of this role |
| grantedAccounts | List<Map<String,Object>> | list of users directly grantee of this role |
| allGrantedAccountNames | List<String> | list of account names either directly or indirectly grantee of this role |
| allGrantedAccounts | List<Map<String,Object>> | list of users either directly or indirectly grantee of this role |
| attributes | Map<String,Object> | role's custom attributes |
Grant object
Grant, grantedRole & allGrantedRoles
The objects grant, grantedRole and allGrantedRoles are used to assing roles to accounts and roles.
|
Attribute
|
Type
|
Description
|
|---|---|---|
| domainValue | String | grant value (if any) |
| grantedRole | String | granted role name |
| grantedRoleId | Long | granted role id |
| grantedRoleObject | role object | granted role |
| grantedRoleSystem | String | granted role managed system (agent) name |
| id | Long | grant id |
| ownerAccount | String | grantee account name |
| ownerAccountObject | account object | grantee account |
| ownerGroup | String | grantee group name |
| ownerRoleId | String | grantee role id |
| ownerRoleName | String | grantee role name |
| ownerSystem | String | grantee account or role managed system name |
| ownerUser | String | grantee user name |
Examples
Grant
Example to map a grant object (assign a role to an account):
|
System attribute
|
Direction
|
Soffid attribute
|
|---|---|---|
| role_name | => | grantedRole |
| account_name | => | ownerAccount |
GrantedRole
Example to map a grantedRole object (assign a role as a child of another role):
|
System attribute
|
Direction
|
Soffid attribute
|
|---|---|---|
| role_name | => | grantedRole |
| parent_role_name | => | ownerRoleName |
AllGrantedRoles
Example to map a allGrantedRoles object in a holderGroup (assign a role to an account in a specific group):
|
System attribute
|
Direction
|
Soffid attribute
|
|---|---|---|
| role_name | => | grantedRole |
| parent_role_name | => | ownerRoleName |
| group_code | => | domainValue |
| group_code | => | holderGroup |
| userName | => | ownerUser |
Maillist object
|
Attribute
|
Type
|
Description
|
|---|---|---|
| id | Long | internal mail list id |
| name | String | mail list name ( the initial part, before the @ sign) |
| domain | String | mail list domain ( the remaining part after the @ sign) |
| system | String | managed system (agent) name |
| description | String | mail list description |
| users | String array | user names that are bound to this mail list |
| groups | String array | group names thta are subscribed to this mai list |
| roles | String array | role names that grant access to this mail list |
| lists | String array | Nested mail lists |
| explodedUsers | String array | Names of the users that should be subscribed to this mail list, including the users that should be subscribed due to group or role membership |
| explodedUserAddresses | String array | Mail addresses of any exploded User |
Membership object
A membership object contains the user account information as well as the group the user belongs to.
|
Attribute
|
Type
|
Description
|
|---|---|---|
| userName | String | User name |
| user | Map<String,Object> | user object |
| groupName | String | Group name |
| group | Map<String,Object> | group object |
| attributes | Map<String,Object> | Membership custom attributes |