Tivoli::AccessManager::Admin::ACL
use Tivoli::AccessManager::Admin; my $tam = Tivoli::AccessManager::Admin->new( password => 'foobar' ); my ($resp,$rc); # See what ACLs exist $resp = Tivoli::AccessManager::Admin::ACL->list($tam); print join("\n", $resp->value); # Create a new ACL my $acl = Tivoli::AccessManager::Admin::ACL->new( $tam ); $resp = $acl->create('bob') unless $acl->exist; my $name = $acl->name; # Give the group 'jon' permissions in this ACL $resp = $acl->group(name => 'jons', perms => 'Trx' ); print "The group 'jons' is granted these privileges by acl '$name':\n"; print $resp->value,"\n"; # Give the user "dave" the same access privs $resp = $acl->user(name => 'dave', perms => 'Trx' ); # Dave was a mistake, lets remove him $resp = $acl->user(name => 'dave', perms => 'remove' ); # Deny all access to anyother and unauth $resp = $acl->anyother( perms => "" ); $resp = $acl->unauth( perms => '' ); # list the users specified in the ACL $resp = $acl->listusers(); # list the groups specified in the ACL $resp = $acl->listgroups(); # Play with the attributes # well, that was fun. What's say we clean up? $resp = $acl->delete(); # Gain access to a system default ACL $acl = Tivoli::AccessManager::Admin::ACL->new($tam, 'default-webseal'); # And find out where it is attached $resp = $acl->find;
Tivoli::AccessManager::Admin::ACL provides the interface to the ACL portion of the TAM Admin API.
Creates a blessed Tivoli::AccessManager::Admin::ACL object and returns it.
An initialized Tivoli::AccessManager::Admin::Context object. Please note that, after the Tivoli::AccessManager::Admin::ACL object is created, you cannot change the context w/o destroying the object and recreating it.
The name of the ACL to which the object refers.
A fully blessed Tivoli::AccessManager::Admin::ACL object.
Creates a new ACL. This is different than "new"" in " in that the ACL will be created in the policy database as well.
The name of the ACL to create. This parameter is optional, if you instatiated the object with a name. Otherwise, it will croak in a most unappealing fashion.
If the operational was successful, you will get the new Tivoli::AccessManager::Admin::ACL object. If it wasn't successful, you will get an error message why. If the object already exists, you will get a warning and the Tivoli::AccessManager::Admin::ACL object. And all of this will be embedded in a Tivoli::AccessManager::Admin::Response object.
Class methods behave like instance methods -- they return Tivoli::AccessManager::Admin::Response objects.
Lists all ACLs.
A fully blessed Tivoli::AccessManager::Admin::Context object.
The resulting list of ACLs.
All of the methods return a Tam::Admin::Response object. See the documentation for that module on how to coax the values out.
The methods, for the most part, follow the same pattern. If the optional parameters are sent, it has the effect of setting the attributes. All methods calls will embed the results of a 'get' in the Tivoli::AccessManager::Admin::Response object.
Lists all of the ACLs.
none
A list of all the defined ACLs.
Lists all the groups defined in the ACL.
None
A list of the groups defined in the ACL.
Lists all the users defined in the ACL.
A list of the users defined in the ACL.
"create"" in " can also be used as an instance method.
True if the create succeeded, false it failed and a warning if the ACL already existed.
Sets the description on the ACL
The description to be set. This is an optional parameter
The current (possible empty) description.
Finds where in the object space the ACL has been attached. This is really just a wrapper for Tivoli::AccessManager::Admin::ProtObject. I like an ACL object being able to tell you where it is.
A possibly empty list of places the ACL is attached.
Deletes the ACL.
True if the operation succeeded, and error and message otherwise.
Sets or gets the permissions for any-other in the ACL. The ACL must exist before calling this method.
If this parameter is set, "anyother" will attempt to set the permissions for any-other to this value.
If the value of this parameter is 'remove', "anyother" will be removed from the ACL.
The permissions currently allowed by the ACL for any-other.
Sets or gets the permissions for unauth in the ACL. The ACL must exist before calling this method.
If this parameter is set, "unauth" will attempt to set the permissions for unauth to this value.
If the value of this parameter is 'remove', "unauth" will be removed from the ACL.
A list of all of the actions currently allowed by the ACL for unauthenticated users.
Sets or gets the permissions for the named group in the ACL. The ACL must exist before calling this method.
The name of the group to which the permissions apply. This parameter is mandatory.
If this parameter is set, "group" will attempt to set the permissions for the group to this value.
If the value of this parameter is 'remove', the named group will be removed from the ACL.
A list of all of the actions currently allowed by the ACL for the group.
Sets or gets the permissions for the named user in the ACL. The ACL must exist before calling this method.
The user id to which the permissions apply. This parameter is mandatory.
If this parameter is set, "user" will attempt to set the permissions for the user to this value.
If the value of this parameter is 'remove', The user will be removed from the ACL.
A list of all of the permission currently allowed by the ACL for the user.
Adds key/value attributes to an ACL, removes the values and removes the entire key/value pairs. I find these to be the more ... annoying functions.
Causes "attribute" to add any number of key/value pairs to the ACL. As you can have multiple values associated with any given key, you can either use an array reference for multiple values, or a simple scalar if you are playing with only one.
You can, obviously, add multiple keys with the same call. You can also, strangely enough, add the same value to a key multiple times.
Removes the specified value(s) from the key. This does not remove the key, simply the values from the key. You will get an error if you try to remove a value that is not defined.
Removes both the attribute and any associated values from the ACL.
A hash of lists. The hash is keyed off of the attribute names. The values for each attribute are returned as a list -- even if there is only one value.
Lets you know if the ACL exists in the TAM database or not.
0 if the ACL does not exist, 1 if it does.
Returns the name of the ACL
Uhh. The name of the ACL.
Please read Tivoli::AccessManager::Admin for the full list of acks. I stand upon the shoulders of giants.
The documentation is now horribly gobsmacked.
The previous comment is really unhelpful.
The permissions needs to be extended to handle things like [PDWebPI]. It would be better to extend them to be dynamically extendable.
Mik Firestone <mikfire@gmail.com>
Copyright (c) 2004-2011 Mik Firestone. All rights reserved. This program is free software; you can redistibute it and/or modify it under the same terms as Perl itself.
All references to TAM, Tivoli Access Manager, etc are copyrighted, trademarked and otherwise patented by IBM.
To install Tivoli::AccessManager::Admin, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Tivoli::AccessManager::Admin
CPAN shell
perl -MCPAN -e shell install Tivoli::AccessManager::Admin
For more information on module installation, please visit the detailed CPAN module installation guide.