eimRemoveAccess()--Remove EIM Access
Syntax
#include <eim.h> int eimRemoveAccess(EimHandle * eim, EimAccessUser * accessUser, enum EimAccessType accessType, char * registryName, EimRC * eimrc)Service Program Name: QSYS/QSYEIM
Default Public Authority: *USE
Threadsafe: Yes
The eimRemoveAccess() function removes the user from the EIM access group identified by the access type.
Authorities and Locks
- EIM Data
- Access to EIM data is controlled by EIM access groups.
LDAP administrators also have access to EIM data.
The access groups whose members have authority to the EIM
data for this API follow:
- EIM Administrator
Parameters
- eim (Input)
- The EIM handle returned by a previous call to eimCreateHandle().
A valid connection is required for this function.
- accessUser (Input)
- A structure that contains the user information to remove access from.
EIM_ACCESS_LOCAL_USER Indicates a local user name on the system that the API is run. The local user name will be converted to the appropriate access id for this system. EIM_ACCESS_KERBEROS Indicates a kerberos principal. The kerberos principal will be converted to the appropriate access id. For example, petejones@therealm will be converted to ibm-kn=petejones@threalm. The EimAccessUser structure layout follows:
enum EimAccessUserType { EIM_ACCESS_DN, EIM_ACCESS_KERBEROS, EIM_ACCESS_LOCAL_USER }; typedef struct EimAccessUser { union { char * dn; char * kerberosPrincipal; char * localUser; } user; enum EimAccessUserType userType; } EimAccessUser;
- accessType (Input)
- The type of access to remove. This parameter is passed by value.
Valid values are:
EIM_ACCESS_ADMIN (0) Administrative authority to the entire EIM domain. EIM_ACCESS_REG_ADMIN (1) Administrative authority to all registries in the EIM domain. EIM_ACCESS_REGISTRY (2) Administrative authority to the registry specified in the registryName parameter. EIM_ACCESS_IDENTIFIER_ADMIN (3) Administrative authority to all of the identifiers in the EIM domain. EIM_ACCESS_MAPPING_LOOKUP (4) Authority to perform mapping lookup operations. EIM_ACCESS_CREDENTIAL_DATA (5) Authority to retrieve credential data.
- registryName (Input)
- The name of the registry to remove access from. This parameter is
only used if EimAccessType is EIM_ACCESS_REGISTRY.
If EimAccessType is anything other than EIM_ACCESS_REGISTRY,
this parameter must be NULL.
- eimrc (Input/Output)
- The structure in which to return error code information. If the return value
is not 0, eimrc is set with additional information. This parameter may be NULL.
For the format of the structure, see EimRC--EIM Return Code
Parameter.
Return Value
The return value from the API. Following each return value is the list of possible values for the messageCatalogMessageID field in the eimrc parameter for that value.
- 0
- Request was successful.
- EACCES
- Access denied. Not enough permissions to access data.
EIMERR_ACCESS (1) Insufficient access to EIM data.
- EBADDATA
- eimrc is not valid.
- EBUSY
- Unable to allocate internal system object.
EIMERR_NOLOCK (26) Unable to allocate internal system object.
- ECONVERT
- Data conversion error.
EIMERR_DATA_CONVERSION (13) Error occurred when converting data between code pages.
- EINVAL
- Input parameter was not valid.
EIMERR_ACCESS_TYPE_INVAL (2) Access type is not valid. EIMERR_ACCESS_USERTYPE_INVAL (3) Access user type is not valid. EIMERR_HANDLE_INVAL (17) EimHandle is not valid. EIMERR_PARM_REQ (34) Missing required parameter. Please check API documentation. EIMERR_PTR_INVAL (35) Pointer parameter is not valid. EIMERR_REG_MUST_BE_NULL (55) Registry name must be NULL when access type is not EIM_ACCESS_REGISTRY.
- ENOMEM
- Unable to allocate required space.
EIMERR_NOMEM (27) No memory available. Unable to allocate required space.
- ENOTCONN
- LDAP connection has not been made.
EIMERR_NOT_CONN (31) Not connected to LDAP. Use eimConnect() API and try the request again.
- EROFS
- LDAP connection is for read only. Need to connect to master.
EIMERR_READ_ONLY (36) LDAP connection is for read only. Use eimConnectToMaster() to get a write connection.
- EUNKNOWN
- Unexpected exception.
EIMERR_LDAP_ERR (23) Unexpected LDAP error. %s EIMERR_UNKNOWN (44) Unknown error or unknown system state.
Related Information
- eimAddAccess()
--Add EIM Access
- eimListAccess()
--List EIM Access
- eimListUserAccess()
--List EIM User Access
- eimQueryAccess()
--Query EIM Access
Example
The following example removes the user from the access group.
Note: By using the code examples, you agree to the terms of the Code license and disclaimer information.
#include <eim.h> #include <stdio.h> int main(int argc, char *argv[]) { int rc; char eimerr[100]; EimRC * err; EimHandle * handle; EimAccessUser user; /* Get eim handle from input arg. */ /* This handle is already connected to EIM. */ handle = (EimHandle *)argv[1]; /* Set up error structure. */ memset(eimerr,0x00,100); err = (EimRC *)eimerr; err->memoryProvidedByCaller = 100; /* Set user information */ user.userType = EIM_ACCESS_DN; user.user.dn="cn=pete,o=ibm,c=us"; /* Remove access for this user. */ if (0 != (rc = eimRemoveAccess(handle, &user, EIM_ACCESS_ADMIN, NULL, err))) { printf("Remove access error = %d", rc); return -1; } return 0; }
API introduced: V5R2
[ Back to top | Security APIs | APIs by category ]