Administer protected objects in IBM Security Verify Access for Web

Administer protected objects

Define protected objects that reflect the resources the security policy protects. The name of a protected object can be of any length and contain any character. The forward slash (/) character is interpreted to be part of the object hierarchy, which allows ACLs to be attached at the various points indicated by the forward slash character. After creating a protected object, we can specify a security policy for it by defining and attaching ACLs, POPs, authorization rules, or any combination of these entities.
Use caution when implementing protected objects programmatically. In many cases, the protected object hierarchy is manually designed, built, and tested by a security expert. Carefully review the hierarchy to ensure the security policy is correctly enforced. If we choose to build protected object hierarchies programmatically, be sure to test and review the settings for each object before you deploy the security environment.

Methods available to administer protected objects.

Methods Description

PDProtObject.attachAcl
PDProtObject object.attachACL Attach the specified access control list to the specified protected object.

PDProtObject.attachPop
PDProtObject object.attachPop Attach a POP to the specified protected object.

PDProtObject.attachAuthzRule
PDProtObj object.attachAuthzRule Attach an authorization rule to the specified protected object.

PDProtObject.createProtObject Create an ISAM protected object.

PDProtObject.deleteProtObject Delete the specified protected object.

PDProtObject.detachAcl
PDProtObject object.detachAcl Detaches the access control list from the specified protected object.

PDProtObject.detachPop
PDProtObject object.detachPop Detach a POP from the specified protected object.

PDProtObject.detachAuthzRule
PDProtObj object.detachAuthzRule Detach an authorization rule from the specified protected object.

PDProtObject constructor Instantiate the specified protected object. If the protected object name specified does not exist, default values are shown. To determine that a protected object exists, use PDProtObject.exists.

PDProtObject object.getAclId Get the name of the ACL attached to the specified protected object.

PDProtObject object.getEffectiveAclId Get the name of the ACL in effect for the specified protected object.

PDProtObject object.getPopId Get the name of the POP attached to the specified protected object.

PDProtObject object.getEffectivePopId Get the name of the POP in effect for the specified protected object.

PDProtObj object.getAuthzRuleId Get the name of the authorization rule object attached to the specified protected object.

PDProtObj object.getEffectiveAuthzRuleId Get the name of the authorization rule object that is in effect for the specified protected object.

PDProtObject object.getDescription Get the description of the specified protected object.

PDProtObject object.getId Get the name of the specified protected object.

PDProtObject object.isPolicyAttachable Whether a protected object policy or access control list can be attached to the specified protected object.

PDProtObject object.exists Whether a protected object exists.

PDProtObject object.access Whether a specific action to a specific object is permitted.

PDProtObject object.multiAccess Whether the specified actions to the specified objects are permitted.

PDProtObject.listProtObjectsByPop Returns a list of protected objects that have the specified protected object policy (POP) attached.

PDProtObject.listProtObjects Returns the protected objects contained under the specified directory.

PDProtObject.listProtObjectsByAcl Returns a list of protected objects that have the specified access control list attached.

PDProtObject.setDescription
PDProtObject object.setDescription Sets the description field of the specified protected object.

PDProtObject.setPolicyAttachable
PDProtObject object.setPolicyAttachable Set whether a protected object policy or access control list can be attached to the specified protected object.

PDProtObj.listProtObjectsByAuthzRule List the protected objects that have the specified authorization rule attached.

Parent topic: Administer protected objects and protected object spaces

Methods	Description
PDProtObject.attachAcl PDProtObject object.attachACL	Attach the specified access control list to the specified protected object.
PDProtObject.attachPop PDProtObject object.attachPop	Attach a POP to the specified protected object.
PDProtObject.attachAuthzRule PDProtObj object.attachAuthzRule	Attach an authorization rule to the specified protected object.
PDProtObject.createProtObject	Create an ISAM protected object.
PDProtObject.deleteProtObject	Delete the specified protected object.
PDProtObject.detachAcl PDProtObject object.detachAcl	Detaches the access control list from the specified protected object.
PDProtObject.detachPop PDProtObject object.detachPop	Detach a POP from the specified protected object.
PDProtObject.detachAuthzRule PDProtObj object.detachAuthzRule	Detach an authorization rule from the specified protected object.
PDProtObject constructor	Instantiate the specified protected object. If the protected object name specified does not exist, default values are shown. To determine that a protected object exists, use PDProtObject.exists.
PDProtObject object.getAclId	Get the name of the ACL attached to the specified protected object.
PDProtObject object.getEffectiveAclId	Get the name of the ACL in effect for the specified protected object.
PDProtObject object.getPopId	Get the name of the POP attached to the specified protected object.
PDProtObject object.getEffectivePopId	Get the name of the POP in effect for the specified protected object.
PDProtObj object.getAuthzRuleId	Get the name of the authorization rule object attached to the specified protected object.
PDProtObj object.getEffectiveAuthzRuleId	Get the name of the authorization rule object that is in effect for the specified protected object.
PDProtObject object.getDescription	Get the description of the specified protected object.
PDProtObject object.getId	Get the name of the specified protected object.
PDProtObject object.isPolicyAttachable	Whether a protected object policy or access control list can be attached to the specified protected object.
PDProtObject object.exists	Whether a protected object exists.
PDProtObject object.access	Whether a specific action to a specific object is permitted.
PDProtObject object.multiAccess	Whether the specified actions to the specified objects are permitted.
PDProtObject.listProtObjectsByPop	Returns a list of protected objects that have the specified protected object policy (POP) attached.
PDProtObject.listProtObjects	Returns the protected objects contained under the specified directory.
PDProtObject.listProtObjectsByAcl	Returns a list of protected objects that have the specified access control list attached.
PDProtObject.setDescription PDProtObject object.setDescription	Sets the description field of the specified protected object.
PDProtObject.setPolicyAttachable PDProtObject object.setPolicyAttachable	Set whether a protected object policy or access control list can be attached to the specified protected object.
PDProtObj.listProtObjectsByAuthzRule	List the protected objects that have the specified authorization rule attached.