CEPM DotNet Developer Guide - PAP API Reference Guide [Cisco Policy Administration Point]

Table Of Contents

PAP API Implementations

Creating a User Type

Creating a User

Creating a Role Type

Creating a Role

Creating a Group Type

Creating a Group

Creating a Resource Type Action

Creating a Resource Type Attributes

Creating a Resource

Creating an Application Group Type

Creating an Application Group

Creating an Application Type

Creating an Application

Mapping a User to a Role

Mapping a User to a Group

Mapping a Group to a Role

Creating a Policy on a Resource

PAP API Implementations

This appendix provides use cases that will teach you how to work with the Policy Administration Point (PAP) APIs to develop some of the more commonly used PAP functions.

The following PAP API methods are deprecated in this release:

•importUsers()

•importRoles()

•exportBulkData()

•getPip()

•deletePip()

•pipInfo.createRule()

•createPolicyAttributesOnApplication()

You can make use of the new PAP APIs for the specified functionalities. For more information on the Import and Export feature, see New API .

Creating a User Type

To create a user type, you must:

Step 1 Initialize the userType manager object IUserType.
IUserType UserTypeMgr = UserTypeManager.GetInstance(); 
Step 2 Initialize the userType object UserType.
UserType userTypeObj = new usertype(); 
Step 3 Set the mandatory resource attributes such as name, description, parent resource, application, type.
userType.Name="UserInfo";
userType.Description="UserInfo";
userType.BelongsTo="Global";
net.securent.agent.PAPResourceServiceClient.Attribute attr = new 
net.securent.agent.PAPResourceServiceClient.Attribute();
attr.attributeName = "attribute1";
attr.attributeType = "String";
attr.attributeValueType = "Single";
net.securent.agent.PAPResourceServiceClient.Attribute[] attrs = new 
net.securent.agent.PAPResourceServiceClient.Attribute[1];
attr[0] = attr;
userType.attributes = attrs;
Step 4 Create the usertype.
UserTypeMgr.createUserType(userTypeObj); 
This creates the usertype UserInfo with attributes such as Location and Address.

Step 5 Log in to the administration console and verify if the resource is created.

Creating a User

To create a user, you must:

Step 1 Initialize the user manager object, ISubject.
ISubject subjectMgr = SubjectManager.GetInstance(); 
Step 2 Initialize the user object, User.
User userObj = new User(); 
Step 3 Set the user attribute such as ID, application, type, email.
userObj.UserName="jdoe"; 
usrObj.ApplicationName="Prime group:Prime portal";
UserType uType = new UserType(); 
uType.Name= "Default";
uType.belongsTo ="Global";
Step 4 Create the user.
subjectMgr.CreateUser(userObj);
This creates the user jdoe.

Step 5 Log in to the administration console and verify if the user is created.

Creating a Role Type

To create a RoleType, you must:

Step 1 Initialize the roleType manager object.
IRoletype roletypeMgr = RoleManager.GetInstance();
Step 2 Initialize the roleType object, RoleType.
RoleType roleType = new RoleType();
Step 3 Set the roleType attributes such as name, belongs to, attribute details.
roleType.Name="RoleInfo";
roleType.Description="This is a test";
roleType.BelongsTo="Global";
net.securent.agent.PAPResourceServiceClient.Attribute attr = new 
net.securent.agent.PAPResourceServiceClient.Attribute();
attr.attributeName = "attribute1";
attr.attributeType = "String";
attr.attributeValueType = "Single";
net.securent.agent.PAPResourceServiceClient.Attribute[] attrs = new 
net.securent.agent.PAPResourceServiceClient.Attribute[1];
attr[0] = attr;
roleType.attributes = attrs; 
Step 4 Create the roleType.
roletypeMgr.create(roleType);
This creates the usertype UserInfo with attributes such as Location and Address.

Step 5 Log in to the administration console and verify if the user is created.

Creating a Role

To create a role, you must:

Step 1 Initialize the role manager object IRole.
IRole roleMgr = RoleManager.GetInstance(); 
Step 2 Initialize the role object Role.
Role roleObj = new Role(); 
Step 3 Set the mandatory role attributes such as name, description, parent role, application, type.
roleObj.RoleName="Test Role"; 
roleObj.RoleDesc="This is a test"; 
roleObj.ParentRoleName="Prime group"; 
roleObj.ApplicationName="Prime group"; 
roleObj.RoleStatus="STATIC"; 
RoleType rlType = new RoleType();
rlType.Name= "Default";
rlType.belongsTo ="Global";
Step 4 Create the role.
roleMgr.CreateRole(roleObj); 
This creates the role TestRole.

Step 5 Log in to the administration console and verify if the role is created.

Creating a Group Type

To create a group type, you must:

Step 1 Initialize the Group manager object

Step 2 IGroupType groupType=GroupTypeManager.GetInstance();
Step 3 Initialize the group type object, grpType.
GroupType grpType = new GroupType();
Step 4 Set the mandatory group type attributes such as name, description, set belongs to)
grpType.Name="GroupInfo";
grpType.Description="GroupInfo";
grpType.BelongsTo="Global";
net.securent.agent.PAPResourceServiceClient.Attribute attr = new 
net.securent.agent.PAPResourceServiceClient.Attribute();
attr.attributeName = "attribute1";
attr.attributeType = "String";
attr.attributeValueType = "Single";
net.securent.agent.PAPResourceServiceClient.Attribute[] attrs = new 
net.securent.agent.PAPResourceServiceClient.Attribute[1];
attr[0] = attr;
grpType.attributes = attrs; 
Step 5 Create the group type.
groupType.Create(grpType);
This creates the group type GroupInfo with the specified attributes.

Step 6 Log in to the administration console and verify if the group type is created.

Creating a Group

To create a Group, you must:

Step 1 Initialize the subject manager object ISubject.
ISubject subjectMgr = SubjectManager.GetInstance();
Step 2 Initialize the group object, usrGrp.
Group usrGrp =new Group();
Step 3 Set the mandatory group attributes such as name, description, application name, attributes.
usrGrp.GroupName="TestGroup";
usrGrp.ParentGroupName="Prime group:Prime portal";
usrGrp.ApplicationName="Prime group:Prime portal";
usrGrp.GroupDesc ="TestGroup";
usrGrp.GroupValue ="static";
GroupType grpType = new GroupType();
grpType.Name= "Default";
grpType.belongsTo ="Global";
Step 4 Create the group.
subjectMgr.CreateUserGroup(usrGrp);
This creates the group TestGroup with the specified attributes.

Step 5 Log in to the administration console and verify if the group is created.

Creating a Resource Type Action

In CEPM you can create a resource type either as an Action or as Untype.

To create an action, you must:

Step 1 Initialize the resource type manager object IResourceType.
IResourceType resTypeMgr=ResourceTypeManager.GetInstance();
Step 2 Initialize the resource type object resType.
ResourceType resType = new ResourceType();
Step 3 Set the mandatory resource type attributes such as name and description.
resType.Name="Jdoe Type";
resType.Description="ResourceTypeInfo";
resType.BelongsTo="Global";
net.securent.agent.PAPResourceServiceClient.Action action = new 
net.securent.agent.PAPResourceServiceClient.Action();
action.actionName = "Read";
net.securent.agent.PAPResourceServiceClient.Action[] actions = new 
net.securent.agent.PAPResourceServiceClient.Action[1];
actions[0] = action;
Step 4 Create the resource type Action.
resTypeMgr.CreateResourceType(resType);
Step 5 Log in to the administration console and verify if the actions resource type is created.

Creating a Resource Type Attributes

To create a resource type Attributes, you must:

Step 1 Initialize the resource type manager object, IResourceType.
IResourceType resTypeMgr=ResourceTypeManager.GetInstance();
Step 2 Initialize the resource type object, resType.
ResourceType resType = new ResourceType();
Step 3 Enter the resource type attribute details:
resType.Name="ResourceInfo";
resType.Description="ResourceInfo";
resType.BelongsTo="Global";
net.securent.agent.PAPResourceServiceClient.Attribute attr = new 
net.securent.agent.PAPResourceServiceClient.Attribute();
attr.attributeName = "attribute1";
attr.attributeType = "String";
attr.attributeValueType = "Single";
net.securent.agent.PAPResourceServiceClient.Attribute[] attrs = new 
net.securent.agent.PAPResourceServiceClient.Attribute[1];
attr[0] = attr;
resType.attributes = attrs;
Step 4 Create the resource type.
resTypeMgr.CreateResourceType(resType);
This creates the required resource type with the specified attributes.

Step 5 Log in to the administration console and verify if the actions resource type is created.

Creating a Resource

To create a resource, you must:

Step 1 Initialize the resource manager object,IResource.
IResource resourceMgr = EntitlementManager.getInstance().getResourceManager(); 
Step 2 Initialize the resource object Resource.
Resource resourceObj = new Resource(); 
Step 3 Set the mandatory resource attributes such as name, description, parent resource, application, type.
resourceObj.ResourceName="TestResource"; 
resourceObj.ResourceDesc="This is a test"; 
resourceObj.ResourceParentName="Prime group:Prime portal"; 
resourceObj.ApplicationName="Prime group:Prime portal"; 
ResourceType resType = new ResourceType();
resType.Name= "UNTYPE";
resType.belongsTo ="Global";
Step 4 Create the resource.
resourceMgr.CreateResource(resourceObj); 
This creates the resource TestResource with the specified attributes.

Step 5 Log in to the administration console and verify if the resource is created.

Creating an Application Group Type

To create an application group type, you must:

Step 1 Initialize the application group type manager IApplicationGroupType.
IApplicationGroupType appGrpTypeMgr=ApplicationGroupTypeManager.GetInstance();
Step 2 Initialize the application group type object appGrpType.
ApplicationGroupType appGrpType = new ApplicationGroupType();
Step 3 Set the mandatory application group type attributes such as name, description, belongs to.
appGrpType.Name="AppGroupInfo";
appGrpType.Description="This is a test Application Group Type";
appGrpType.BelongsTo="Global";
net.securent.agent.PAPResourceServiceClient.Attribute attr = new 
net.securent.agent.PAPResourceServiceClient.Attribute();
attr.attributeName = "attribute1";
attr.attributeType = "String";
attr.attributeValueType = "Single";
net.securent.agent.PAPResourceServiceClient.Attribute[] attrs = new 
net.securent.agent.PAPResourceServiceClient.Attribute[1];
attr[0] = attr;
appGrpType.attributes = attrs;
Step 4 Create the application group type.
appGrpTypeMgr.Create(appGrpType);
This creates the application group type AppGroupInfo with attributes such as Location and Address.

Step 5 Log in to the administration console and verify if the application group type is created.

Creating an Application Group

To create an application group, you must:

Step 1 Initialize the application group manager object IApplicationGroup.
IApplicationGroup appgrpMgr=ApplicationGroupManager.GetInstance();
Step 2 Initialize the application object appGrp.
ApplicationGroup appGrp=new ApplicationGroup();
Step 3 Set the mandatory application group attributes su ch as name, description, owner.
appGrp.ApplicationGroupName="TestAppGroup";
appGrp.RepositoryName="Default Domain";
appGrp.ApplicationGroupDesc="This is a test application group";
appGrp.ApplicationGroupOwner="superuser";
appGrp.Subject="superuser";  
ApplicationGroupType appgrpType=new ApplicationGroupType();
appgrpType.Name="Default";
appgrpType.belongsTo="Global";
appGrp.applicationGroupType=appgrpType;
Step 4 Create the application group.
appgrpMgr.CreateApplicationGroup(appGrp);
This creates the application group TestAppGroup.

Step 5 Log in to the administration console and verify if the application group is created..

Creating an Application Type

To create an application type,you must:

Step 1 Initialize the application type manager object IApplicationType.
IApplicationType appTypeMgr=ApplicationTypeManager.GetInstance();
Step 2 Initialize the application type object appType.
ApplicationType appType = new ApplicationType();
Step 3 Set the application type parameters.
appType.Name="AppInfo";
appType.Description="This is a test ApplicationType";
appType.BelongsTo="Global";
net.securent.agent.PAPResourceServiceClient.Attribute attr = new 
net.securent.agent.PAPResourceServiceClient.Attribute();
attr.attributeName = "attribute1";
attr.attributeType = "String";
attr.attributeValueType = "Single";
net.securent.agent.PAPResourceServiceClient.Attribute[] attrs = new 
net.securent.agent.PAPResourceServiceClient.Attribute[1];
attr[0] = attr;
appType.attributes = attrs;
Step 4 Create the application type.
appTypeMgr.Create(appType);
This creates the required application type.

Step 5 Log in to the administration console and verify if the application type is created..

Creating an Application

Before creating an application, you must create a PDP to associate it with the new application.

Assuming that PDPs and application types have already been created. To create an application, you must:

Step 1 Initialize the application manager object IApplication.
IApplication applicationMgr=ApplicationManager.GetInstance();
Step 2 Set the PDP details (you can associate multiple PDPs with an application).
String pdp[] = new String[1];
pdp[0]="pdpserver";
Step 3 Initialize the application object, application.
Application application = new Application();
Step 4 Set the mandatory application attributes such as name, description, application group name.
application.ApplicationName="TestApp";
application.ApplicationDesc="This is a Test Portal";
application.ApplicationGroupName="Prime group";
application.ApplicationOwner="superuser";
application.Context(context);
application.DelegatedStatus="False";
application.IsPepConfigured="No";
application.RepositoryName="Default Domain";
application.ApplicationServer="Tomcat";
application.EnableXacmlLogs="True";
application.EnableCopyEntitlement="1";
application.ApplicationAction="any";
application.PartialFQN="True";
application.AllPolicies="1";
application.PdpDestination(pdp);
application.Status="Active";
application.ApplicationType(appType);
Step 5 Create the application.
applicationMgr.CreateApplication(application);
This creates the application TestApp.

Step 6 Log in to the administration console and verify if the application is created..

Mapping a User to a Role

To map a user to a role, you must:

Step 1 Initialize the user manager object ISubject.
ISubject subjectMgr = SubjectManager.GetInstance();
Step 2 Map the user to the role with user ID, role name, role bundle, and context.
subjectMgr.AddUsertoRole("Prime group:Prime portal:jdoe","Prime group:Prime 
portal:Internal Dev","Global:Default");
This maps the user jdoe to the role Internal Dev under the Default RoleBundle and Global context.

Step 3 Log in to the administration console and verify the user-to-role mapping.

Mapping a User to a Group

To map a user to a group, you must:

Step 1 Initialize the user manager object ISubject.
ISubject subjectMgr = SubjectManager.GetInstance();
Step 2 Map the user to the role.
subjectMgr.AddUsertoGroup("Prime group:Prime portal:jdoe","TestGroup","Prime group:Prime 
portal","Prime group:Prime portal");
This maps the user jdoe to the user group TestGroup.

Step 3 Log in to the administration console and verify the user-to-group mapping.

Mapping a Group to a Role

To map groups to a role, you must:

Step 1 Initialize the subject manager object ISubject.
ISubject subjectMgr = SubjectManager.GetInstance();
Step 2 Map the group to the role.
subjectMgr.AddGrouptoRole("Prime group:Prime portal:TestGroup","Prime group:Prime 
portal:Internal Dev","Prime group:Prime portal","Global:Default");
This maps the user group TestGroup to the role Internal Dev under the Default RoleBundle and Global context.

Step 3 Log in to the administration console and verify the group-to-role mapping.

Creating a Policy on a Resource

To create a resource-based policy for the resource which is also known as role-to-resource mapping, you must:

Step 1 Initialize the role manager object IRole.
IRole rlMgr = RoleManager.GetInstance();
Step 2 Set the fully qualified name of the resource.
String[] resourceFQN={"Prime group:Prime portal:Account"};
Step 3 Map the role to the resource after setting the mandatory attributes such as RoleFQN, policy name [allow or deny], context name, transaction value [Boolean], appended value [Boolean]).
roleMgr.MapRoleToResources("Prime group:Prime portal:Internal 
Dev",resourceFQN,"Allow","Global Context",false,false);
This creates an Allow policy for the role Internal Dev for the resource Account.

Step 4 Log in to the administration console and verify if the policy is created.

	CEPM DotNet Developer Guide
	PAP API Reference Guide
CEPM DotNet Developer Guide Preface Introduction PEP API Quick Start Guide Using Old PAP APIs Using New PAP APIs PEP API Reference Guide PAP API Reference Guide	Download this chapter PAP API Reference Guide Download the complete book CEPM DotNet Developer Guide (PDF - 1 MB) Feedback Table Of Contents PAP API Implementations Creating a User Type Creating a User Creating a Role Type Creating a Role Creating a Group Type Creating a Group Creating a Resource Type Action Creating a Resource Type Attributes Creating a Resource Creating an Application Group Type Creating an Application Group Creating an Application Type Creating an Application Mapping a User to a Role Mapping a User to a Group Mapping a Group to a Role Creating a Policy on a Resource PAP API Implementations This appendix provides use cases that will teach you how to work with the Policy Administration Point (PAP) APIs to develop some of the more commonly used PAP functions. The following PAP API methods are deprecated in this release: •importUsers() •importRoles() •exportBulkData() •getPip() •deletePip() •pipInfo.createRule() •createPolicyAttributesOnApplication() You can make use of the new PAP APIs for the specified functionalities. For more information on the Import and Export feature, see New API . Creating a User Type To create a user type, you must: Step 1 Initialize the userType manager object IUserType. IUserType UserTypeMgr = UserTypeManager.GetInstance(); Step 2 Initialize the userType object UserType. UserType userTypeObj = new usertype(); Step 3 Set the mandatory resource attributes such as name, description, parent resource, application, type. userType.Name="UserInfo"; userType.Description="UserInfo"; userType.BelongsTo="Global"; net.securent.agent.PAPResourceServiceClient.Attribute attr = new net.securent.agent.PAPResourceServiceClient.Attribute(); attr.attributeName = "attribute1"; attr.attributeType = "String"; attr.attributeValueType = "Single"; net.securent.agent.PAPResourceServiceClient.Attribute[] attrs = new net.securent.agent.PAPResourceServiceClient.Attribute[1]; attr[0] = attr; userType.attributes = attrs; Step 4 Create the usertype. UserTypeMgr.createUserType(userTypeObj); This creates the usertype UserInfo with attributes such as Location and Address. Step 5 Log in to the administration console and verify if the resource is created. Creating a User To create a user, you must: Step 1 Initialize the user manager object, ISubject. ISubject subjectMgr = SubjectManager.GetInstance(); Step 2 Initialize the user object, User. User userObj = new User(); Step 3 Set the user attribute such as ID, application, type, email. userObj.UserName="jdoe"; usrObj.ApplicationName="Prime group:Prime portal"; UserType uType = new UserType(); uType.Name= "Default"; uType.belongsTo ="Global"; Step 4 Create the user. subjectMgr.CreateUser(userObj); This creates the user jdoe. Step 5 Log in to the administration console and verify if the user is created. Creating a Role Type To create a RoleType, you must: Step 1 Initialize the roleType manager object. IRoletype roletypeMgr = RoleManager.GetInstance(); Step 2 Initialize the roleType object, RoleType. RoleType roleType = new RoleType(); Step 3 Set the roleType attributes such as name, belongs to, attribute details. roleType.Name="RoleInfo"; roleType.Description="This is a test"; roleType.BelongsTo="Global"; net.securent.agent.PAPResourceServiceClient.Attribute attr = new net.securent.agent.PAPResourceServiceClient.Attribute(); attr.attributeName = "attribute1"; attr.attributeType = "String"; attr.attributeValueType = "Single"; net.securent.agent.PAPResourceServiceClient.Attribute[] attrs = new net.securent.agent.PAPResourceServiceClient.Attribute[1]; attr[0] = attr; roleType.attributes = attrs; Step 4 Create the roleType. roletypeMgr.create(roleType); This creates the usertype UserInfo with attributes such as Location and Address. Step 5 Log in to the administration console and verify if the user is created. Creating a Role To create a role, you must: Step 1 Initialize the role manager object IRole. IRole roleMgr = RoleManager.GetInstance(); Step 2 Initialize the role object Role. Role roleObj = new Role(); Step 3 Set the mandatory role attributes such as name, description, parent role, application, type. roleObj.RoleName="Test Role"; roleObj.RoleDesc="This is a test"; roleObj.ParentRoleName="Prime group"; roleObj.ApplicationName="Prime group"; roleObj.RoleStatus="STATIC"; RoleType rlType = new RoleType(); rlType.Name= "Default"; rlType.belongsTo ="Global"; Step 4 Create the role. roleMgr.CreateRole(roleObj); This creates the role TestRole. Step 5 Log in to the administration console and verify if the role is created. Creating a Group Type To create a group type, you must: Step 1 Initialize the Group manager object Step 2 IGroupType groupType=GroupTypeManager.GetInstance(); Step 3 Initialize the group type object, grpType. GroupType grpType = new GroupType(); Step 4 Set the mandatory group type attributes such as name, description, set belongs to) grpType.Name="GroupInfo"; grpType.Description="GroupInfo"; grpType.BelongsTo="Global"; net.securent.agent.PAPResourceServiceClient.Attribute attr = new net.securent.agent.PAPResourceServiceClient.Attribute(); attr.attributeName = "attribute1"; attr.attributeType = "String"; attr.attributeValueType = "Single"; net.securent.agent.PAPResourceServiceClient.Attribute[] attrs = new net.securent.agent.PAPResourceServiceClient.Attribute[1]; attr[0] = attr; grpType.attributes = attrs; Step 5 Create the group type. groupType.Create(grpType); This creates the group type GroupInfo with the specified attributes. Step 6 Log in to the administration console and verify if the group type is created. Creating a Group To create a Group, you must: Step 1 Initialize the subject manager object ISubject. ISubject subjectMgr = SubjectManager.GetInstance(); Step 2 Initialize the group object, usrGrp. Group usrGrp =new Group(); Step 3 Set the mandatory group attributes such as name, description, application name, attributes. usrGrp.GroupName="TestGroup"; usrGrp.ParentGroupName="Prime group:Prime portal"; usrGrp.ApplicationName="Prime group:Prime portal"; usrGrp.GroupDesc ="TestGroup"; usrGrp.GroupValue ="static"; GroupType grpType = new GroupType(); grpType.Name= "Default"; grpType.belongsTo ="Global"; Step 4 Create the group. subjectMgr.CreateUserGroup(usrGrp); This creates the group TestGroup with the specified attributes. Step 5 Log in to the administration console and verify if the group is created. Creating a Resource Type Action In CEPM you can create a resource type either as an Action or as Untype. To create an action, you must: Step 1 Initialize the resource type manager object IResourceType. IResourceType resTypeMgr=ResourceTypeManager.GetInstance(); Step 2 Initialize the resource type object resType. ResourceType resType = new ResourceType(); Step 3 Set the mandatory resource type attributes such as name and description. resType.Name="Jdoe Type"; resType.Description="ResourceTypeInfo"; resType.BelongsTo="Global"; net.securent.agent.PAPResourceServiceClient.Action action = new net.securent.agent.PAPResourceServiceClient.Action(); action.actionName = "Read"; net.securent.agent.PAPResourceServiceClient.Action[] actions = new net.securent.agent.PAPResourceServiceClient.Action[1]; actions[0] = action; Step 4 Create the resource type Action. resTypeMgr.CreateResourceType(resType); Step 5 Log in to the administration console and verify if the actions resource type is created. Creating a Resource Type Attributes To create a resource type Attributes, you must: Step 1 Initialize the resource type manager object, IResourceType. IResourceType resTypeMgr=ResourceTypeManager.GetInstance(); Step 2 Initialize the resource type object, resType. ResourceType resType = new ResourceType(); Step 3 Enter the resource type attribute details: resType.Name="ResourceInfo"; resType.Description="ResourceInfo"; resType.BelongsTo="Global"; net.securent.agent.PAPResourceServiceClient.Attribute attr = new net.securent.agent.PAPResourceServiceClient.Attribute(); attr.attributeName = "attribute1"; attr.attributeType = "String"; attr.attributeValueType = "Single"; net.securent.agent.PAPResourceServiceClient.Attribute[] attrs = new net.securent.agent.PAPResourceServiceClient.Attribute[1]; attr[0] = attr; resType.attributes = attrs; Step 4 Create the resource type. resTypeMgr.CreateResourceType(resType); This creates the required resource type with the specified attributes. Step 5 Log in to the administration console and verify if the actions resource type is created. Creating a Resource To create a resource, you must: Step 1 Initialize the resource manager object,IResource. IResource resourceMgr = EntitlementManager.getInstance().getResourceManager(); Step 2 Initialize the resource object Resource. Resource resourceObj = new Resource(); Step 3 Set the mandatory resource attributes such as name, description, parent resource, application, type. resourceObj.ResourceName="TestResource"; resourceObj.ResourceDesc="This is a test"; resourceObj.ResourceParentName="Prime group:Prime portal"; resourceObj.ApplicationName="Prime group:Prime portal"; ResourceType resType = new ResourceType(); resType.Name= "UNTYPE"; resType.belongsTo ="Global"; Step 4 Create the resource. resourceMgr.CreateResource(resourceObj); This creates the resource TestResource with the specified attributes. Step 5 Log in to the administration console and verify if the resource is created. Creating an Application Group Type To create an application group type, you must: Step 1 Initialize the application group type manager IApplicationGroupType. IApplicationGroupType appGrpTypeMgr=ApplicationGroupTypeManager.GetInstance(); Step 2 Initialize the application group type object appGrpType. ApplicationGroupType appGrpType = new ApplicationGroupType(); Step 3 Set the mandatory application group type attributes such as name, description, belongs to. appGrpType.Name="AppGroupInfo"; appGrpType.Description="This is a test Application Group Type"; appGrpType.BelongsTo="Global"; net.securent.agent.PAPResourceServiceClient.Attribute attr = new net.securent.agent.PAPResourceServiceClient.Attribute(); attr.attributeName = "attribute1"; attr.attributeType = "String"; attr.attributeValueType = "Single"; net.securent.agent.PAPResourceServiceClient.Attribute[] attrs = new net.securent.agent.PAPResourceServiceClient.Attribute[1]; attr[0] = attr; appGrpType.attributes = attrs; Step 4 Create the application group type. appGrpTypeMgr.Create(appGrpType); This creates the application group type AppGroupInfo with attributes such as Location and Address. Step 5 Log in to the administration console and verify if the application group type is created. Creating an Application Group To create an application group, you must: Step 1 Initialize the application group manager object IApplicationGroup. IApplicationGroup appgrpMgr=ApplicationGroupManager.GetInstance(); Step 2 Initialize the application object appGrp. ApplicationGroup appGrp=new ApplicationGroup(); Step 3 Set the mandatory application group attributes su ch as name, description, owner. appGrp.ApplicationGroupName="TestAppGroup"; appGrp.RepositoryName="Default Domain"; appGrp.ApplicationGroupDesc="This is a test application group"; appGrp.ApplicationGroupOwner="superuser"; appGrp.Subject="superuser"; ApplicationGroupType appgrpType=new ApplicationGroupType(); appgrpType.Name="Default"; appgrpType.belongsTo="Global"; appGrp.applicationGroupType=appgrpType; Step 4 Create the application group. appgrpMgr.CreateApplicationGroup(appGrp); This creates the application group TestAppGroup. Step 5 Log in to the administration console and verify if the application group is created.. Creating an Application Type To create an application type,you must: Step 1 Initialize the application type manager object IApplicationType. IApplicationType appTypeMgr=ApplicationTypeManager.GetInstance(); Step 2 Initialize the application type object appType. ApplicationType appType = new ApplicationType(); Step 3 Set the application type parameters. appType.Name="AppInfo"; appType.Description="This is a test ApplicationType"; appType.BelongsTo="Global"; net.securent.agent.PAPResourceServiceClient.Attribute attr = new net.securent.agent.PAPResourceServiceClient.Attribute(); attr.attributeName = "attribute1"; attr.attributeType = "String"; attr.attributeValueType = "Single"; net.securent.agent.PAPResourceServiceClient.Attribute[] attrs = new net.securent.agent.PAPResourceServiceClient.Attribute[1]; attr[0] = attr; appType.attributes = attrs; Step 4 Create the application type. appTypeMgr.Create(appType); This creates the required application type. Step 5 Log in to the administration console and verify if the application type is created.. Creating an Application Before creating an application, you must create a PDP to associate it with the new application. Assuming that PDPs and application types have already been created. To create an application, you must: Step 1 Initialize the application manager object IApplication. IApplication applicationMgr=ApplicationManager.GetInstance(); Step 2 Set the PDP details (you can associate multiple PDPs with an application). String pdp[] = new String[1]; pdp[0]="pdpserver"; Step 3 Initialize the application object, application. Application application = new Application(); Step 4 Set the mandatory application attributes such as name, description, application group name. application.ApplicationName="TestApp"; application.ApplicationDesc="This is a Test Portal"; application.ApplicationGroupName="Prime group"; application.ApplicationOwner="superuser"; application.Context(context); application.DelegatedStatus="False"; application.IsPepConfigured="No"; application.RepositoryName="Default Domain"; application.ApplicationServer="Tomcat"; application.EnableXacmlLogs="True"; application.EnableCopyEntitlement="1"; application.ApplicationAction="any"; application.PartialFQN="True"; application.AllPolicies="1"; application.PdpDestination(pdp); application.Status="Active"; application.ApplicationType(appType); Step 5 Create the application. applicationMgr.CreateApplication(application); This creates the application TestApp. Step 6 Log in to the administration console and verify if the application is created.. Mapping a User to a Role To map a user to a role, you must: Step 1 Initialize the user manager object ISubject. ISubject subjectMgr = SubjectManager.GetInstance(); Step 2 Map the user to the role with user ID, role name, role bundle, and context. subjectMgr.AddUsertoRole("Prime group:Prime portal:jdoe","Prime group:Prime portal:Internal Dev","Global:Default"); This maps the user jdoe to the role Internal Dev under the Default RoleBundle and Global context. Step 3 Log in to the administration console and verify the user-to-role mapping. Mapping a User to a Group To map a user to a group, you must: Step 1 Initialize the user manager object ISubject. ISubject subjectMgr = SubjectManager.GetInstance(); Step 2 Map the user to the role. subjectMgr.AddUsertoGroup("Prime group:Prime portal:jdoe","TestGroup","Prime group:Prime portal","Prime group:Prime portal"); This maps the user jdoe to the user group TestGroup. Step 3 Log in to the administration console and verify the user-to-group mapping. Mapping a Group to a Role To map groups to a role, you must: Step 1 Initialize the subject manager object ISubject. ISubject subjectMgr = SubjectManager.GetInstance(); Step 2 Map the group to the role. subjectMgr.AddGrouptoRole("Prime group:Prime portal:TestGroup","Prime group:Prime portal:Internal Dev","Prime group:Prime portal","Global:Default"); This maps the user group TestGroup to the role Internal Dev under the Default RoleBundle and Global context. Step 3 Log in to the administration console and verify the group-to-role mapping. Creating a Policy on a Resource To create a resource-based policy for the resource which is also known as role-to-resource mapping, you must: Step 1 Initialize the role manager object IRole. IRole rlMgr = RoleManager.GetInstance(); Step 2 Set the fully qualified name of the resource. String[] resourceFQN={"Prime group:Prime portal:Account"}; Step 3 Map the role to the resource after setting the mandatory attributes such as RoleFQN, policy name [allow or deny], context name, transaction value [Boolean], appended value [Boolean]). roleMgr.MapRoleToResources("Prime group:Prime portal:Internal Dev",resourceFQN,"Allow","Global Context",false,false); This creates an Allow policy for the role Internal Dev for the resource Account. Step 4 Log in to the administration console and verify if the policy is created.
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks