001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2008-2010 Sun Microsystems, Inc. 025 * Portions Copyright 2014-2015 ForgeRock AS 026 */ 027package org.opends.server.types; 028 029import java.util.HashMap; 030import java.util.HashSet; 031import java.util.Map; 032import java.util.Set; 033 034/** 035 * This class implements an enumeration that defines the set of 036 * privileges available in the Directory Server. 037 */ 038@org.opends.server.types.PublicAPI( 039 stability=org.opends.server.types.StabilityLevel.UNCOMMITTED, 040 mayInstantiate=false, 041 mayExtend=false, 042 mayInvoke=true) 043public enum Privilege 044{ 045 /** 046 * The privilege that provides the ability to bypass access control 047 * evaluation. 048 */ 049 BYPASS_ACL("bypass-acl"), 050 051 052 053 /** 054 * The privilege that provides the ability to bypass server 055 * lockdown mode. 056 */ 057 BYPASS_LOCKDOWN("bypass-lockdown"), 058 059 060 061 /** 062 * The privilege that provides the ability to modify access control 063 * rules. 064 */ 065 MODIFY_ACL("modify-acl"), 066 067 068 069 /** 070 * The privilege that provides the ability to read the server 071 * configuration. 072 */ 073 CONFIG_READ("config-read"), 074 075 076 077 /** 078 * The privilege that provides the ability to update the server 079 * configuration. 080 */ 081 CONFIG_WRITE("config-write"), 082 083 084 085 /** 086 * The privilege that provides the ability to perform read 087 * operations via JMX. 088 */ 089 JMX_READ("jmx-read"), 090 091 092 093 /** 094 * The privilege that provides the ability to perform write 095 * operations via JMX. 096 */ 097 JMX_WRITE("jmx-write"), 098 099 100 101 /** 102 * The privilege that provides the ability to subscribe to JMX 103 * notifications. 104 */ 105 JMX_NOTIFY("jmx-notify"), 106 107 108 109 /** 110 * The privilege that provides the ability to perform LDIF import 111 * operations. 112 */ 113 LDIF_IMPORT("ldif-import"), 114 115 116 117 /** 118 * The privilege that provides the ability to perform LDIF export 119 * operations. 120 */ 121 LDIF_EXPORT("ldif-export"), 122 123 124 125 /** 126 * The privilege that provides the ability to perform backend backup 127 * operations. 128 */ 129 BACKEND_BACKUP("backend-backup"), 130 131 132 133 /** 134 * The privilege that provides the ability to perform backend 135 * restore operations. 136 */ 137 BACKEND_RESTORE("backend-restore"), 138 139 140 141 /** 142 * The privilege that provides the ability to lockdown a server. 143 */ 144 SERVER_LOCKDOWN("server-lockdown"), 145 146 147 148 /** 149 * The privilege that provides the ability to request a server 150 * shutdown. 151 */ 152 SERVER_SHUTDOWN("server-shutdown"), 153 154 155 156 /** 157 * The privilege that provides the ability to request a server 158 * restart. 159 */ 160 SERVER_RESTART("server-restart"), 161 162 163 164 /** 165 * The privilege that provides the ability to perform proxied 166 * authorization or request an alternate authorization identity. 167 */ 168 PROXIED_AUTH("proxied-auth"), 169 170 171 172 /** 173 * The privilege that provides the ability to terminate arbitrary 174 * client connections. 175 */ 176 DISCONNECT_CLIENT("disconnect-client"), 177 178 179 180 /** 181 * The privilege that provides the ability to cancel arbitrary 182 * client requests. 183 */ 184 CANCEL_REQUEST("cancel-request"), 185 186 187 188 /** 189 * The privilege that provides the ability to reset user passwords. 190 */ 191 PASSWORD_RESET("password-reset"), 192 193 194 195 /** 196 * The privilege that provides the ability to participate in a 197 * data synchronization environment. 198 */ 199 DATA_SYNC("data-sync"), 200 201 202 203 /** 204 * The privilege that provides the ability to update the server 205 * schema. 206 */ 207 UPDATE_SCHEMA("update-schema"), 208 209 210 211 /** 212 * The privilege that provides the ability to change the set of 213 * privileges for a user, or to change the set of privileges 214 * automatically assigned to a root user. 215 */ 216 PRIVILEGE_CHANGE("privilege-change"), 217 218 219 220 /** 221 * The privilege that provides the ability to perform an unindexed 222 * search in the JE backend. 223 */ 224 UNINDEXED_SEARCH("unindexed-search"), 225 226 227 228 /** 229 * The privilege that provides the ability to perform write 230 * operations on LDAP subentries. 231 */ 232 SUBENTRY_WRITE("subentry-write"), 233 234 235 236 /** 237 * The privilege that provides the ability to perform read 238 * operations on the changelog. 239 */ 240 CHANGELOG_READ("changelog-read"); 241 242 243 /** A map that will be used to hold a mapping between privilege names and enum values. */ 244 private static final Map<String, Privilege> PRIV_MAP = new HashMap<>(); 245 246 /** 247 * The set of privileges that will be automatically assigned to root 248 * users if the root privilege set is not specified in the configuration. 249 */ 250 private static final Set<Privilege> DEFAULT_ROOT_PRIV_SET = new HashSet<>(); 251 252 253 /** The human-readable name for this privilege. */ 254 private final String privilegeName; 255 256 257 258 static 259 { 260 for (Privilege privilege : Privilege.values()) 261 { 262 PRIV_MAP.put(privilege.privilegeName, privilege); 263 } 264 265 DEFAULT_ROOT_PRIV_SET.add(BYPASS_ACL); 266 DEFAULT_ROOT_PRIV_SET.add(BYPASS_LOCKDOWN); 267 DEFAULT_ROOT_PRIV_SET.add(MODIFY_ACL); 268 DEFAULT_ROOT_PRIV_SET.add(CONFIG_READ); 269 DEFAULT_ROOT_PRIV_SET.add(CONFIG_WRITE); 270 DEFAULT_ROOT_PRIV_SET.add(LDIF_IMPORT); 271 DEFAULT_ROOT_PRIV_SET.add(LDIF_EXPORT); 272 DEFAULT_ROOT_PRIV_SET.add(BACKEND_BACKUP); 273 DEFAULT_ROOT_PRIV_SET.add(BACKEND_RESTORE); 274 DEFAULT_ROOT_PRIV_SET.add(SERVER_LOCKDOWN); 275 DEFAULT_ROOT_PRIV_SET.add(SERVER_SHUTDOWN); 276 DEFAULT_ROOT_PRIV_SET.add(SERVER_RESTART); 277 DEFAULT_ROOT_PRIV_SET.add(DISCONNECT_CLIENT); 278 DEFAULT_ROOT_PRIV_SET.add(CANCEL_REQUEST); 279 DEFAULT_ROOT_PRIV_SET.add(PASSWORD_RESET); 280 DEFAULT_ROOT_PRIV_SET.add(UPDATE_SCHEMA); 281 DEFAULT_ROOT_PRIV_SET.add(PRIVILEGE_CHANGE); 282 DEFAULT_ROOT_PRIV_SET.add(UNINDEXED_SEARCH); 283 DEFAULT_ROOT_PRIV_SET.add(SUBENTRY_WRITE); 284 DEFAULT_ROOT_PRIV_SET.add(CHANGELOG_READ); 285 } 286 287 288 289 /** 290 * Creates a new privilege with the provided name. 291 * 292 * @param privilegeName The human-readable name for this policy. 293 */ 294 private Privilege(String privilegeName) 295 { 296 this.privilegeName = privilegeName; 297 } 298 299 300 301 /** 302 * Retrieves the name for this privilege. 303 * 304 * @return The name for this privilege. 305 */ 306 public String getName() 307 { 308 return privilegeName; 309 } 310 311 312 313 /** 314 * Retrieves the privilege with the specified name. 315 * 316 * @param lowerPrivName The name of the privilege to retrieve, 317 * formatted in all lowercase characters. 318 * 319 * @return The requested privilege, or {@code null} if the provided 320 * value is not the name of a valid privilege. 321 */ 322 public static Privilege privilegeForName(String lowerPrivName) 323 { 324 return PRIV_MAP.get(lowerPrivName); 325 } 326 327 328 329 /** 330 * Retrieves the human-readable name for this privilege. 331 * 332 * @return The human-readable name for this privilege. 333 */ 334 @Override 335 public String toString() 336 { 337 return privilegeName; 338 } 339 340 341 342 /** 343 * Retrieves the set of available privilege names. 344 * 345 * @return The set of available privilege names. 346 */ 347 public static Set<String> getPrivilegeNames() 348 { 349 return PRIV_MAP.keySet(); 350 } 351 352 353 354 /** 355 * Retrieves the set of privileges that should be automatically 356 * granted to root users if the root privilege set is not specified 357 * in the configuration. 358 * 359 * @return The set of privileges that should be automatically 360 * granted to root users if the root privilege set is not 361 * specified in the configuration. 362 */ 363 public static Set<Privilege> getDefaultRootPrivileges() 364 { 365 return DEFAULT_ROOT_PRIV_SET; 366 } 367} 368