From 11g R2 onwards, accounts and entitlements can either be revoked or disabled if policy no longer applies. There is no longer an option to leave any option deselected.
You have to use the class tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType to specify if you want the entitlements to be revoked or disabled when the access policy is no longer applicable.
If you are creating the access policy using the tcAccessPolicyOperationsIntf, then use the below to specify the revoke/disable option for your access policy.
static tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType revokeFlag = tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType.REVOKE;
static tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType disableFlag = tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType.DISABLE;
tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType[] actionIfPolNotApply = {revokeFlag};
moAccesspolicyutility.createAccessPolicy(attr, provObjKeys, actionIfPolNotApply, denyObjKeys, groupKeys, policyData);
References:
http://docs.oracle.com/cd/E27559_01/admin.1112/e27149/accesspolicies.htm
http://docs.oracle.com/cd/E17904_01/apirefs.1111/e17334/Thor/API/Operations/tcAccessPolicyOperationsIntf.html
You have to use the class tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType to specify if you want the entitlements to be revoked or disabled when the access policy is no longer applicable.
If you are creating the access policy using the tcAccessPolicyOperationsIntf, then use the below to specify the revoke/disable option for your access policy.
static tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType revokeFlag = tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType.REVOKE;
static tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType disableFlag = tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType.DISABLE;
tcAccessPolicyOperationsIntf.PolicyNLAObjectActionType[] actionIfPolNotApply = {revokeFlag};
moAccesspolicyutility.createAccessPolicy(attr, provObjKeys, actionIfPolNotApply, denyObjKeys, groupKeys, policyData);
References:
http://docs.oracle.com/cd/E27559_01/admin.1112/e27149/accesspolicies.htm
http://docs.oracle.com/cd/E17904_01/apirefs.1111/e17334/Thor/API/Operations/tcAccessPolicyOperationsIntf.html
No comments:
Post a Comment