Web Services API Guide, Cisco DCNM for LAN, Release 5.x
RbacApp Service
Downloads: This chapterpdf (PDF - 130.0KB) The complete bookPDF (PDF - 11.08MB) | Feedback

RbacApp Service

Table Of Contents

RbacApp Service

Information About RbacApp Service

createComponentGroups

createNetworkElementUserRoles

createNetworkElementUsers

deleteComponentGroups

deleteNetworkElementUserRoles

deleteNetworkElementUsers

disablePasswordStrengthCheck

enablePasswordStrengthCheck

getComponentAuths

getComponentAuthsInNetworkElement

getComponentGroups

getComponentGroupsInNetworkElement

getNetworkElementUserRoles

getNetworkElementUserRolesInNetworkElement

getNetworkElementUsers

getNetworkElementUsersInNetworkElement

modifyComponentGroups

modifyNetworkElementUserRoles

modifyNetworkElementUsers


RbacApp Service


This chapter describes the DCNM web services' API methods for the RbacApp service.

Information About RbacApp Service

Role-based access control (RBAC) allows you to restrict system access to authorized users. It reduces the complexity and cost of security administration in large networked applications by creating roles for various job functions. Each role specifies the permission to perform a certain set of operations. Users are assigned these roles that allow them to acquire permission to perform certain functions.

Because users are not assigned permissions directly but only acquire them through their role (or roles), management of individual user rights occurs by assigning the appropriate roles to the user, which simplifies such common operations as adding a user or changing a user's department.

createComponentGroups

Creates one or more component group objects in a network element. Given the InstanceNameId of a network element and a list of ComponentGroup objects, creates the objects in the server and returns its InstanceNameIds.

ValidationException is thrown if any of the following situation occurs:

If neInstanceNameId is null.

If neInstanceNameId is not a valid InstanceNameId of a network element.

If the componentGroupCol is null or the collection is empty.

If the componentGroupCol contains one or more null element, or the collection contains objects that are not of type ComponentGroup.

PropertiesException is thrown if any of the following situation occurs:

In the componentGroupCol collection, if any of the ComponentGroup attribute is not valid.

Example:

name of a ComponentGroup starts with a question mark. Because, component group name cannot contain a space or question mark.

IntegrityException is thrown if any of the following situation occurs:

If the componentGroupCol contains a ComponentGropu that already exist in the database.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of a network element.

componentGroupCol—a collection (one or more) of ComponentGroup objects that needs to be created.

Return Value

InstanceNameIds of the newly created ComponentGroup objects.

createNetworkElementUserRoles

Creates one or more network element user role objects in a network element. Given the InstanceNameId of a network element and a list of user role objects, creates the objects in the server and returns it's instance name IDs.

ValidationException is thrown if any of the following situation occurs:

If neInstanceNameId is null.

If neInstanceNameId is not a valid network element InstanceNameId.

If the networkElementUserRoleCol is null or the collection is empty.

If the networkElementUserRoleCol contains one or more null element, or the collection contains objects that are not of type NetworkElementUserRole.

PropertiesException is thrown if any of the following situation occurs:

In the networkElementUserRoleCol collection, if any of the NetworkElementUserRole attribute is not valid.

IntegrityException is thrown if any of the following situation occurs:

If the networkElementUserRoleCol contains a NetworkElementUserRole that already exist in the database.

This API will not consider the user association. If a user role is passed with the user association, that will not be considered by this API. User needs to call separate API to bind the user to a user role.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of a network element.

networkElementUserRoleCol—a collection (one or more) of NetworkElementUserRole objects that needs to be created.

Return Value

Instance name IDs of the newly created NetworkElementUserRole objects.

createNetworkElementUsers

Creates one or more network element user objects in a network element. Given the InstanceNameId of a network element and a list of network element user objects, creates the objects in the server and returns it's instance name IDs.

ValidationException is thrown if any of the following situation occurs:

If neInstanceNameId is null.

If neInstanceNameId is not a valid network element InstanceNameId.

If the networkElementUserCol is null or the collection is empty.

If the networkElementUserCol contains one or more null element, or the collection contains objects that are not of type NetworkElementUser.

PropertiesException is thrown if any of the following situation occurs:

In the networkElementUserCol collection, if any of the NetworkElementUser attribute is not valid.

Example:

name of a NetworkElementUser starts with a question mark. Because, an NetworkElementUser name, cannot contain a question mark.

IntegrityException is thrown if any of the following situation occurs:

If the networkElementUserCol contains a NetworkElementUser that already exist in the database.

Actual Password will not be stored in the database. Instead a dummy value will be stored.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of a network element.

networkElementUserCol—a collection (one or more) of NetworkElementUser objects that needs to be created.

Return Value

Instance name IDs of the newly created NetworkElementUser objects.

deleteComponentGroups

Deletes one or more component group objects. Given the InstanceNameId of the ComponentGroup objects, those objects will be deleted from the server.

ValidationException is thrown if any of the following situation occurs:

If componentGroupInstanceNameIdCol collection is null or it is empty.

If componentGroupInstanceNameIdCol collection contains an element that is not of type ComponentGroup InstanceNameId.

If componentGroupInstanceNameIdCol collection contains a ComponentGroup that does not exist in the database.

Parameters

opContext—Operational context

componentGroupInstanceNameIdCol—a collection that contains InstanceNameId of one or more ComponentGroup objects that needs to be deleted.

Return Value

void

deleteNetworkElementUserRoles

Deletes one or more network element user role objects. Given the InstanceNameId of the NetworkElementUserRole objects, those objects will be deleted from the server.

ValidationException is thrown if any of the following situation occurs:

If networkElementUserRoleInstanceNameIdCol collection is null or it is empty.

If networkElementUserRoleInstanceNameIdCol collection contains an element that is not of type NetworkElementUserRole InstanceNameId.

If networkElementUserRoleInstanceNameIdCol collection contains a NetworkElementUserRole that does not exist in the database.

Parameters

opContext—Operational context

networkElementUserRoleInstanceNameIdCol—a collection that contains InstanceNameId of one or more NetworkElementUserRole objects that needs to be deleted.

Return Value

void

deleteNetworkElementUsers

Deletes one or more network element user objects. Given the InstanceNameId of the NetworkElementUser objects, those objects will be deleted from the server.

ValidationException is thrown if any of the following situation occurs:

If networkElementUserInstanceNameIdCol collection is null or it is empty.

If networkElementUserInstanceNameIdCol collection contains an element that is not of type NetworkElementUser InstanceNameId.

If networkElementUserInstanceNameIdCol collection contains a NetworkElementUser that does not exist in the database.

Parameters

opContext—Operational context

networkElementUserInstanceNameIdCol—a collection that contains InstanceNameId of one or more NetworkElementUser objects that needs to be deleted.

Return Value

void

disablePasswordStrengthCheck

Disables Password Strengthcheck for the given VNE. Given the instance name ID of one or more VNE, "PasswordStrengthcheck" will be enabled on those elements. This API is to enable PasswordStrengthcheck for DC-OS devices and it is not applicable for other IOS devices.

ValidationException is thrown if any of the following situation occurs:

If the vneInstanceNameIdCol is null.

If the vneInstanceNameIdColis of type VirtualNetworkElement contains one or more null element, or the collection is empty or it is not type InstanceNameId.

If the given interface is running in other IOS.

Parameters

opContext - operational Context

vneInstanceNameIdCol - List of InstanceNameId of VirtualNetworkElement for which the information is required.

Return Value

void.

enablePasswordStrengthCheck

Enables PasswordStrengthCheck for the given VNE. Given the instance name ID of one or more VNE, "PasswordStrengthcheck" will be enabled on those elements. This API is to enable PasswordStrengthcheck for DC-OS devices and it is not applicable for other IOS devices.

ValidationException is thrown if any of the following situation occurs:

If the vneInstanceNameIdCol is null.

If the vneInstanceNameIdColis of type VirtualNetworkElement contains one or more null element, or the collection is empty or it is not type InstanceNameId.

If the given interface is running in other IOS.

Parameters

opContext - operational Context

vneInstanceNameIdCol - List of InstanceNameId of VirtualNetworkElement for which the information is required.

Return Value

void

getComponentAuths

Returns ComponentAuth objects from it's InstanceNameIds. Given a collection of InstanceNameId of ComponentAuth, returns corresponding ComponentAuth objects.

ValidationException is thrown if any of the following situation occurs:

If componentAuthInstanceNameIdCol is null or it is empty.

If componentAuthInstanceNameIdCol contains invalid InstanceNameId of a ComponentAuth.

If componentAuthInstanceNameIdCol collection contains a null value.

If there is no equivalent ComponentAuth object with the given InstanceNameId in the componentAuthInstanceNameIdCol.

Parameters

opContext—Operational context

componentAuthInstanceNameIdCol—a collection of InstanceNameId of ComponentAuth.

Return Value

List of ComponentAuth objects corresponding to given collection of InstanceNameId. In the returned list of ComponentAuth objects, only the CommandAuth objects associated with returned ComponentAuth objects will be present, and all other associations will be cleared.

getComponentAuthsInNetworkElement

Returns all the components configured in a network element. Given the InstanceNameId of the network element, returns a collection of component objects.

ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the network element.

Return Value

List of ComponentAuth objects. In the returned list of ComponentAuth objects, only the CommandAuth objects associated with returned ComponentAuth objects will be present, and all other associations will be cleared.

getComponentGroups

Returns ComponentGroup objects from it's InstanceNameIds. Given a collection of InstanceNameId of ComponentGroup, returns corresponding ComponentGroup objects.

ValidationException is thrown if any of the following situation occurs:

If componentGroupInstanceNameIdCol is null or it is empty.

If componentGroupInstanceNameIdCol contains invalid InstanceNameId of a ComponentGroup.

If componentGroupInstanceNameIdCol collection contains a null value.

If there is no equivalent ComponentGroup object with the given InstanceNameId in the componentGroupInstanceNameIdCol.

Parameters

opContext—Operational context

componentGroupInstanceNameIdCol—a collection of InstanceNameId of ComponentGroup.

Return Value

List of ComponentGroup objects corresponding to given collection of InstanceNameId. In the returned list of ComponentGroup objects, only the ComponentGroupAuthRule objects and the ComponentAuth objects associated with returned ComponentGroup objects will be present, and all other associations will be cleared. The ComponentAuth objects will contain the CommandAuth objects associated to it.

getComponentGroupsInNetworkElement

Returns all component groups configured in a network element. Given the InstanceNameId of the network element, returns a collection of component group objects.

ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the network element.

Return Value

List of ComponentGroup objects. In the returned list of ComponentGroup objects, only the ComponentGroupAuthRule objects and the ComponentAuth objects associated with returned ComponentGroup objects will be present, and all other associations will be cleared. The ComponentAuth objects will contain the CommandAuth objects associated to it.

getNetworkElementUserRoles

Returns NetworkElementUserRole objects from it's InstanceNameIds. Given a collection of InstanceNameId of NetworkElementUserRole, returns corresponding NetworkElementUserRole objects.

ValidationException is thrown if any of the following situation occurs:

If networkElementUserRoleInstanceNameIdCol is null or it is empty.

If networkElementUserRoleInstanceNameIdCol contains invalid InstanceNameId of a NetworkElementUserRole.

If networkElementUserRoleInstanceNameIdCol contains a null value.

If there is no equivalent NetworkElementUserRole object with the given InstanceNameId in the networkElementUserRoleInstanceNameIdCol.

Parameters

opContext—Operational context

networkElementUserRoleInstanceNameIdCol—a collection of InstanceNameId of NetworkElementUserRole.

Return Value

List of NetworkElementUserRole objects corresponding to given collection of InstanceNameId. In the returned list of NetworkElementUserRole objects, only the following associations will be present, and all other associations will be cleared.

All associated RoleBasedAuthorizationRule objects of the returned NetworkElementUserRole object. If the RoleBasedAuthorizationRule is an instance of ComponentGroupAuthRule, then associated ComponentGroup will also be returned along with the ComponentAuth objects. If the RoleBasedAuthorizationRule is an instance of ComponentAuthRule, then associated ComponentGroup will also be returned along with the ComponentAuth objects. CommandAuth objects associated to ComponentAuth objects will also be returned.

VlanPolicy association, if any, in NetworkElementUserRole.

VsanPolicy association, if any, in NetworkElementUserRole.

VrfPolicy association, if any, in NetworkElementUserRole. Except Vrf objects, if the VlanPolicy has any other associations, those associations will be cleared.

NetworkInterfacePolicy association, if any, in NetworkElementUserRole. Except NetworkInterface, if the NetworkInterfacePolicy has any other associations, those associations will be cleared.

getNetworkElementUserRolesInNetworkElement

Returns all network element user role configured in a network element. Given the InstanceNameId of the network element, returns a collection of user role objects.

ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the network element.

Return Value

List of NetworkElementUserRole objects. In the returned list of objects, only the following associations will be present, and all other associations will be cleared.

All associated RoleBasedAuthorizationRule objects of the returned NetworkElementUserRole object. If the RoleBasedAuthorizationRule is an instance of ComponentGroupAuthRule, then associated ComponentGroup will also be returned along with the ComponentAuth objects. If the RoleBasedAuthorizationRule is an instance of ComponentAuthRule, then associated ComponentGroup will also be returned along with the ComponentAuth objects. CommandAuth objects associated to ComponentAuth objects will also be returned.

VlanPolicy association, if any, in NetworkElementUserRole.

VsanPolicy association, if any, in NetworkElementUserRole.

VrfPolicy association, if any, in NetworkElementUserRole. Except Vrf objects, if the VlanPolicy has any other associations, those associations will be cleared.

NetworkInterfacePolicy association, if any, in NetworkElementUserRole. Except NetworkInterface, if the NetworkInterfacePolicy has any other associations, those associations will be cleared.

getNetworkElementUsers

Returns NetworkElementUser objects from it's InstanceNameIds. Given a collection of InstanceNameId of NetworkElementUser, returns corresponding NetworkElementUser objects.

ValidationException is thrown if any of the following situation occurs:

If networkElementUserInstanceNameIdCol is null or it is empty.

If networkElementUserInstanceNameIdCol contains invalid InstanceNameId of a NetworkElementUser.

If networkElementUserInstanceNameIdCol contains a null value.

If there is no equivalent NetworkElementUser object with the given InstanceNameId in the networkElementUserInstanceNameIdCol.

Parameters

opContext—Operational context

networkElementUserInstanceNameIdCol—a collection of InstanceNameId of NetworkElementUser.

Return Value

List of NetworkElementUser objects corresponding to given collection of InstanceNameId. In the returned list of NetworkElementUser objects, only the following associations will be present, and all other associations will be cleared.

Associated NetworkElementUserCredentials object, if any.

NetworkElementUserRole association for every NetworkElementUser, if any. If that NetworkElementUserRole has other associations like RoleBasedAuthorizationRule entries and so on, those associations will be cleared.

getNetworkElementUsersInNetworkElement

Returns all NetworkElementUser objects in a network element. Given the InstanceNameId of a network element, returns a collection of NetworkElementUser objects in the network element.

ValidationException is thrown if the argument passed is null or it is not a valid InstanceNameId of an AbstractNetworkElement.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the network element.

Return Value

List of NetworkElementUser objects. In the returned list of objects, only the following associations will be preserved, and all other associations will be cleared.

Associated NetworkElementUserCredentials object, if any.

NetworkElementUserRole association for every NetworkElementUser, if any. If that NetworkElementUserRole has other associations like RoleBasedAuthorizationRule entries and so on, those associations will be cleared.

modifyComponentGroups

Modifies one or more existing ComponentGroup objects.

ValidationException is thrown if any of the following situation occurs:

If componentGroupCol collection is null or it is empty.

If componentGroupCol collection contains an object that is not of type ComponentGroup.

PropertiesException is thrown if any of the following situation occurs:

In the componentGroupCol collection, if any attribute in the ComponentGroup is not valid.

IntegrityException is thrown if any of the following situation occurs:

If the componentGroupCol collection contains a ComponentGroup that does not exist in the database.

Parameters

opContext—Operational context

componentGroupCol—a collection (one or more) of ComponentGroup objects that will replace the existing ComponentGroup objects in the database.

Return Value

void

modifyNetworkElementUserRoles

Modifies one or more existing network element user role objects.

ValidationException is thrown if any of the following situation occurs:

If networkElementUserRoleCol collection is null or it is empty.

If networkElementUserRoleCol collection contains an object that is not of type NetworkElementUserRole.

PropertiesException is thrown if any of the following situation occurs:

In the networkElementUserRoleCol collection, if any attribute in the NetworkElementUserRole is not valid.

IntegrityException is thrown if any of the following situation occurs:

If the networkElementUserRoleCol collection contains a NetworkElementUserRole that does not exist in the database.

This API will not consider the user association. If a user role is passed with the user association, that will not be considered by this API. User needs to call separate API to bind the user to a user role.

Parameters

opContext—Operational context

networkElementUserRoleCol—a collection (one or more) of NetworkElementUserRole objects that will replace the existing NetworkElementUserRole objects in the database.

Return Value

List of NetworkElementUserRole objects. In the returned list of objects, only the following associations will be present, and all other associations will be cleared.

All associated RoleBasedAuthorizationRule objects of the returned NetworkElementUserRole object. If the RoleBasedAuthorizationRule is an instance of ComponentGroupAuthRule, then associated ComponentGroup will also be returned.

VlanPolicy association, if any, in NetworkElementUserRole.

VsanPolicy association, if any, in NetworkElementUserRole.

VrfPolicy association, if any, in NetworkElementUserRole. Except Vrf objects, if the VlanPolicy has any other associations, those associations will be cleared.

NetworkInterfacePolicy association, if any, in NetworkElementUserRole. Except NetworkInterface, if the NetworkInterfacePolicy has any other associations, those associations will be cleared.

modifyNetworkElementUsers

Modifies one or more existing network element user objects.

ValidationException is thrown if any of the following situation occurs:

If networkElementUserCol collection is null or it is empty.

If networkElementUserCol collection contains an object that is not of type NetworkElementUser.

PropertiesException is thrown if any of the following situation occurs:

In the networkElementUserCol collection, if any attribute in the NetworkElementUser.

IntegrityException is thrown if any of the following situation occurs:

If the networkElementUserCol collection contains a NetworkElementUser that does not exist in the database.

Actual Password will not be stored in the database. Instead a dummy value will be stored.

Parameters

opContext—Operational context

networkElementUserCol—a collection (one or more) of NetworkElementUser objects that will replace the existing NetworkElementUser objects in the database.

Return Value

void