eimAddAccess()--Add EIM Access


  Syntax 
 #include <eim.h>
  
 int eimAddAccess(EimHandle          * eim,
                  EimAccessUser      * accessUser,
                  enum EimAccessType   accessType,
                  char               * registryName,
    EimRC              * eimrc)
  Service Program Name: QSYS/QSYEIM

  Default Public Authority: *USE

  Threadsafe: Yes

The eimAddAccess() function adds the user to the EIM access group identified by the access type.


Authorities and Locks

EIM Data
Access to EIM data is controlled by EIM access groups. LDAP administrators also have access to EIM data. The access groups whose members have authority to the EIM data for this API follow:

Parameters

eim (Input)
The EIM handle returned by a previous call to eimCreateHandle(). A valid connection is required for this function.

accessUser (Input)
A structure that contains the user information for which to add access.

EIM_ACCESS_LOCAL_USER indicates a local user name on the system that the API is run. The local user name will be converted to the appropriate access id for this system.

EIM_ACCESS_KERBEROS indicates a kerberos principal. The kerberos principal will be converted to the appropriate access id. For example, petejones@therealm will be converted to ibm-kn=petejones@therealm.

The EimAccessUser structure layout follows:

   enum EimAccessUserType {
       EIM_ACCESS_DN,
       EIM_ACCESS_KERBEROS,
       EIM_ACCESS_LOCAL_USER
   };

   typedef struct EimAccessUser
   {
       union {
           char * dn;
           char * kerberosPrincipal;
           char * localUser;
       } user;
       enum EimAccessUserType userType;
   } EimAccessUser;
accessType (Input)
The type of access to add. Valid values are:

EIM_ACCESS_ADMIN (0) Administrative authority to the entire EIM domain.
EIM_ACCESS_REG_ADMIN (1) Administrative authority to all registries in the EIM domain.
EIM_ACCESS_REGISTRY (2) Administrative authority to the registry specified in the registryName parameter.
EIM_ACCESS_IDENTIFIER_ADMIN (3) Administrative authority to all of the identifiers in the EIM domain.
EIM_ACCESS_MAPPING_LOOKUP (4) Authority to perform mapping lookup operations.
EIM_ACCESS_CREDENTIAL_DATA (5) Authority to retrieve credential data.

registryName (Input)
The name of the registry for which to add access. This parameter is only used if EimAccessType is EIM_ACCESS_REGISTRY. If EimAccessType is anything other than EIM_ACCESS_REGISTRY, this parameter must be NULL.

eimrc (Input)
The structure in which to return error code information. If the return value is not 0, eimrc is set with additional information. This parameter may be NULL. For the format of the structure, see EimRC--EIM Return Code Parameter.


Return Value

The return value from the API. Following each return value is the list of possible values for the messageCatalogMessageID field in the eimrc parameter for that value.

0
Request was successful.

EACCES
Access denied. Not enough permissions to access data.

EIMERR_ACCESS (1) Insufficient access to EIM data.

EBADDATA
eimrc is not valid.

EBUSY
Unable to allocate internal system object.

EIMERR_NOLOCK (26) Unable to allocate internal system object.

ECONVERT
Data conversion error.

EIMERR_DATA_CONVERSION (13) Error occurred when converting data between code pages.

EINVAL
Input parameter was not valid.

EIMERR_ACCESS_TYPE_INVAL (2) Access type is not valid.
EIMERR_ACCESS_USERTYPE_INVAL (3) Access user type is not valid.
EIMERR_HANDLE_INVAL (17) EimHandle is not valid.
EIMERR_PARM_REQ (34) Missing required parameter. Please check API documentation.
EIMERR_PTR_INVAL (35) Pointer parameter is not valid.
EIMERR_REG_MUST_BE_NULL (55) Registry name must be NULL when access type is not EIM_ACCESS_REGISTRY.

ENOMEM
Unable to allocate required space.

EIMERR_NOMEM (27) No memory available. Unable to allocate required space.

ENOTCONN
LDAP connection has not been made.

EIMERR_NOT_CONN (31) Not connected to LDAP. Use eimConnect() API and try the request again.

EROFS
LDAP connection is for read only. Need to connect to master.

EIMERR_READ_ONLY (36) LDAP connection is for read only. Use eimConnectToMaster() to get a write connection.

EUNKNOWN
Unexpected exception.

EIMERR_LDAP_ERR (23) Unexpected LDAP error. %s
EIMERR_UNKNOWN (44) Unknown error or unknown system state.

Related Information


Example

The following example adds users to access groups.

Note: By using the code examples, you agree to the terms of the Code license and disclaimer information.

#include <eim.h>
#include <stdio.h>

int main(int argc, char *argv[])
{
    int           rc;
    char          eimerr[100];
    EimRC       * err;
    EimHandle   * handle;

    EimAccessUser user;

    /* Get eim handle from input arg.           */
    /* This handle is already connected to EIM. */
    handle = (EimHandle *)argv[1];

    /* Set up error structure.                 */
    memset(eimerr,0x00,100);
    err = (EimRC *)eimerr;
    err->memoryProvidedByCaller = 100;

    /* Set up access user information          */
    user.userType = EIM_ACCESS_DN;
    user.user.dn="cn=pete,o=ibm,c=us";

    /* Add access for this user.               */
    if (0 != (rc = eimAddAccess(handle,
                                &user,
                                EIM_ACCESS_ADMIN,
                                NULL,
                                err)))
    { 
        printf("Add access error = %d", rc);
        return -1;
    }

    /* Set up access user information          */
    user.userType = EIM_ACCESS_LOCAL_USER;
    user.user.dn="mjjones";
    
    /* Add access for this user.               */
    if (0 != (rc = eimAddAccess(handle,
                                &user,
                                EIM_ACCESS_REGISTRY,
                                "MyRegistry",
                                err)))
    {
        printf("Add access error = %d", rc);
        return -1;
    }
              
    return 0;
}

API introduced: V5R2

[ Back to top | Security APIs | APIs by category ]