CLI Domain Methods
This content describes the CLI domain methods.
casso126
This content describes the CLI domain methods.
AddAdmin Method Adds an Administrator to the Domain
The AddAdmin method adds an administrator to the domain.
Syntax
The AddAdmin method has the following format:
Netegrity::PolicyMgtDomain->AddAdmin(admin)
Parameters
The AddAdmin method accepts the following parameter:
- admin(type)Specifies the administrator to add to the domain.
Return Value
The AddAdmin method returns one of the following values:
- 0 on success
- -1 if the call was unsuccessful
Remarks
Administrators can create, edit, and delete
CA Single Sign-On
objects within the domain.You cannot use the Policy Management API to create an administrator for a particular domain. However, if you use the Administrative UI to create an administrator for a domain, you can add that administrator to another domain by calling the PolicyMgtAffDomain->AddAdmin method.
AddUserDir Method Associates a User Directory with the Domain
The AddUserDir method associates a user directory with the domain.
Syntax
The AddUserDir method has the following format:
Netegrity::PolicyMgtDomain->AddUserDir(userDir)
Parameters
The AddUserDir method accepts the following parameter:
- userDir(PolicyMgtUserDir)Specifies the user directory to associate with the domain.
Return Value
The AddUserDir method returns one of the following values:
- 0 on success
- -1 if the call was unsuccessful
Remarks
During user authentication, the user's supplied credentials are checked against the credentials stored in this user directory.
The directory object is appended to the end of the search order. To change the search order, call the PolicyMgtAffDomain->SetUserDirSearchOrder method.
CreatePolicy Method Creates and Configures a Policy in the Domain
The CreatePolicy method creates and configures a policy in the domain.
Syntax
The CreatePolicy method has the following format:
Netegrity::PolicyMgtDomain->CreatePolicy(policyName [, policyDesc] [, enableFlag] [, activeExpr])
Parameters
The CreatePolicy method accepts the following parameters:
- policyName(string)Specifies the name of the policy.
- policyDesc(string)(Optional) Specifies the description of the policy.
- enableFlag(int)(Optional) Specifies whether to enable (1) or disable (0) the policy. Default is enabled.
- activeExpr(string)(Optional) Specifies the active expression of the policy.
Return Value
The CreatePolicy method returns one of the following values:
- An array of PolicyMgtUserDir objects
- undefif the call was unsuccessful
CreateRealm Method Creates and Configures a Top-level Realm in the Domain
The CreateRealm method creates and configures a top-level realm in the domain.
Syntax
The CreateRealm method has the following format:
Netegrity::PolicyMgtDomain->CreateRealm(realmName, agent, authScheme [, realmDesc] [, resFilter] [, procAuthEvents] [, procAzEvents] [, protectAll] [, maxTimeout] [, idleTimeout] [, syncAudit] [, azUserDir] [, regScheme])
Parameters
The CreateRealm method accepts the following parameters:
- realmName(string)Specifies the name of the realm.
- agent(PolicyMgtAgent)Specifies the agent or agent group that protects the realm.
- authScheme(PolicyMgtAuthScheme)Specifies the authentication scheme to associate with the realm.
- realmDesc(string)(Optional) Specifies the realm description.
- resFilter(string)(Optional) Specifies the resource filter for the realm.
- procAuthEvents(int)(Optional) Specifies whether to process authentication events -- 1 to enable or 0 to disable. Default is enabled. Authentication event processing affects performance. If no rules in the realm are to be triggered by authentication events, set this flag to 0.
- procAzEvents(int)(Optional) Specifies whether to process authorization events -- 1 to enable or 0 to disable. Default is enabled. Authorization event processing affects performance. If no rules in the realm are to be triggered by authorization events, set this flag to 0.
- protectAll(int)(Optional) Specifies whether to activate default resource protection -- 1 to enable or 0 to disable. Default is enabled.
- maxTimeout(int)(Optional) Specifies the maximum time, in seconds, a user can access the realm before re-authentication is required. Default is 7200 (2 hours).
- idleTimeout(int)(Optional) Specifies the maximum time, in seconds, a user can remain inactive in the realm before re-authentication is required. Default is 3600 (1 hour).
- syncAudit(int)(Optional) Specifies lag for enabling synchronous auditing -- 1 to enable or 0 to disable. When this flag is enabled,CA Single Sign-Onlogs Policy Server and agent actions before it allows access to resources. Default is disabled.
- azUserDir(PolicyMgtUserDir)(Optional) Specifies The directory where users in the realm will be authorized. Default is the default directory.
- regScheme(type)(Optional) Specifies the registration scheme used to register new users accessing resources in the realm.
Return Value
The CreateRealm method returns one of the following values:
- A PolicyMgtRealm object
- undefif the call was unsuccessful
Remarks
This method creates a realm that is configured for non-persistent sessions. To configure the realm for
CA Single Sign-On
5.0 persistent sessions, edit the realm in the Administrative UI.Note: The Policy Management API only manipulates realms that are direct descendants of the object whose method has been called, as follows:
- For a realm under a domain, you can only manipulate the top-level realms in a domain object.
- For a realm under a realm, you can only manipulate realms that are directly under the parent realm.
CreateResponse Method Creates a Response
The CreateResponse method creates a response.
Syntax
The CreateResponse method has the following format:
Netegrity::PolicyMgtDomain->CreateResponse(resName, agentType [, resDesc])
Parameters
The CreateResponse method accepts the following parameters:
- resName(string)Specifies the name of the response.
- agentType(PolicyMgtAgentType)Specifies the agent type associated with the response. Call the PolicyMgtSession->GetAgentType method to get the agent type object.
- resDesc(string)(Optional) Specifies the description of the response.
Return Value
The CreateResponse method returns one of the following values:
- A PolicyMgtResponse object
- undefif the call was unsuccessful
Remarks
The agent returns responses based on certain events. For example, if an unauthorized user attempts to access a protected Web page, a response can redirect the user to an HTML page that displays an appropriate message.
CreateResponseGroup Method Creates a Response Group for the Domain
The CreateResponseGroup method creates a response group for the domain.
Syntax
The CreateResponseGroup method has the following format:
Netegrity::PolicyMgtDomain->CreateResponseGroup(groupName, agentType, [, groupDesc])
Parameters
The CreateResponseGroup method accepts the following parameters:
- groupName(string)Specifies the name of the group.
- agentType(PolicyMgtAgentType)Specifies the agent type associated with this response group. Call the PolicyMgtSession->GetAgentType method to get the agent type object.
- groupDesc(string)(Optional) Specifies the description of the group.
Return Value
The CreateResponseGroup method returns one of the following values:
- A PolicyMgtGroup object
- undefif the call was unsuccessful
CreateRuleGroup Method Creates a Rule Group for the Domain
The CreateRuleGroup method creates a rule group for the domain.
Syntax
The CreateRuleGroup method has the following format:
Netegrity::PolicyMgtDomain->CreateRuleGroup(groupName, agentType [, groupDesc])
Parameters
The CreateRuleGroup method accepts the following parameters:
- groupName(string)Specifies the name of the group.
- agentType(PolicyMgtAgentType)Specifies the agent type associated with this rule group. Call the PolicyMgtSession->GetAgentType method to get the agent type object.
- groupDesc(string)(Optional) Specifies the description of the group.
Return Value
The CreateRuleGroup method returns one of the following values:
- A PolicyMgtGroup object
- undefif the call was unsuccessful
DeleteGroup Method Deletes a Group from the Domain
The DeleteGroup method deletes the specified group in the domain.
Syntax
The DeleteGroup method has the following format:
Netegrity::PolicyManagementDomain->DeleteGroup(group)
Parameters
The DeleteGroup method accepts the following parameter:
- group(PolicyMgrGroup)Specifies the group to delete.
Return Value
The DeleteGroup method returns one of the following values:
- 0 on success, or the group was not found
- -1 if the call failed
DeletePolicy Method Deletes a Policy
The DeletePolicy method deletes a policy.
Syntax
The DeletePolicy method has the following format:
Netegrity::PolicyMgtDomain->DeletePolicy(policy)
Parameters
The DeletePolicy method accepts the following parameter:
- policy(PolicyMgtPolicy)Specifies the policy to delete.
Return Value
The DeletePolicy method returns one of the following values:
- 0 on success
- -1 if the call failed
DeleteRealm Method Deletes a Realm in the Domain
The DeleteRealm method deletes a top-level realm in the domain.
Syntax
The DeleteRealm method has the following format:
Netegrity::PolicyMgtDomain->DeleteRealm(realm)
Parameters
The DeleteRealm method accepts the following parameter:
- realm(PolicyMgtRealm)Specifies the realm to delete.
Return Value
The DeleteRealm method returns one of the following values:
- 0 on success, or if the real was not found
- -1 if the call failed
DeleteResponse Method Deletes a Response
The DeleteResponse method deletes a response.
Syntax
The DeleteResponse method has the following format:
Netegrity::PolicyMgtDomain->DeleteResponse(response)
Parameters
The DeleteResponse method accepts the following parameter:
- response(PolicyMgtResponse)Specifies the response to delete.
Return Value
The DeleteResponse method returns one of the following values:
- 0 on success
- -1 if the call failed
Description Method Sets or Retrieves the Description of the Domain
The Description method sets or retrieves the description of the domain.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtDomain->Description([domainDesc])
Parameters
The Description method accepts the following parameter:
- domainDesc(string)(Optional) Specifies the description to set.
Return Value
The Description method returns one of the following values:
- A new or existing domain description
- An empty string if unsuccessful
GetAllPolicies Method Retrieves All Policies Associated with the Domain
The GetAllPolicies method retrieves all policies associated the domain.
Syntax
The GetAllPolicies method has the following format:
Netegrity::PolicyMgtDomain->GetAllPolicies( ) (returnCode)
Parameters
The GetAllPolicies method accepts the following parameter:
- returnCode(int)Output variable that is populated on return of the function call. The value populated is 0 if the call is a success. If the call fails, the value populated is a negative number that corresponds with the Policy Management API error code.
Return Value
The GetAllPolicies method returns the following value:
- An array of PolicyMgtPolicy objects
GetAllRealms Method Retrieves All Top-level Realms in the Domain
The GetAllRealms method Retrieves all top-level realms in the domain.
Syntax
The GetAllRealms method has the following format:
Netegrity::PolicyMgtDomain->GetAllRealms( ) (returnCode)
Parameters
The GetAllRealms method accepts the following parameter:
- returnCode(int)Output variable that is populated on return of the function call. The value populated is 0 if the call is a success. If the call fails, the value populated is a negative number that corresponds with the Policy Management API error code.
Return Value
The GetAllRealms method returns the following value:
- An array of PolicyMgtRealm objects
Remarks
To retrieve all top-level realms under a realm, call the PolicyMgtRealm->GetAllChildRealms method.
GetAllResponseGroups Method Retrieves All the Response Groups Associated with the Domain
The GetAllResponseGroups method retrieves all of the response groups associated with the domain.
Syntax
The GetAllResponseGroups method has the following format:
Netegrity::PolicyMgtDomain->GetAllResponseGroups( ) (returnCode)
Parameters
The GetAllResponseGroups method accepts the following parameter:
- returnCode(int)Output variable that is populated on return of the function call. The value populated is 0 if the call is a success. If the call fails, the value populated is a negative number that corresponds with the Policy Management API error code.
Return Value
The GetAllResponseGroups method returns the following value:
- An array of PolicyMgtGroup objects
GetAllResponses Method Retrieves All Responses Associated with the Domain
The GetAllResponses method retrieves all responses associated with the domain.
Syntax
The GetAllResponses method has the following format:
Netegrity::PolicyMgtDomain->GetAllResponses() (returnCode)
Parameters
The GetAllResponses method accepts the following parameter:
- returnCode(int)Output variable that is populated on return of the function call. The value populated is 0 if the call is a success. If the call fails, the value populated is a negative number that corresponds with the Policy Management API error code.
Return Value
The GetAllResponses method returns the following value:
- An array of PolicyMgtResponse objects
GetAllRuleGroups Method Retrieves All Rule Groups Associated with the Domain
The GetAllRuleGroups method retrieves all rule groups associated with the domain.
Syntax
The GetAllRuleGroups method has the following format:
Netegrity::PolicyMgtDomain->GetAllRuleGroups() (returnCode)
Parameters
The GetAllRuleGroups method accepts the following parameter:
- returnCode(int)Output variable that is populated on return of the function call. The value populated is 0 if the call is a success. If the call fails, the value populated is a negative number that corresponds with the Policy Management API error code.
Return Value
The GetAllRuleGroups method returns the following value:
- An array of PolicyMgtGroup objects
GetPolicy Method Retrieves a Policy in the Domain
The GetPolicy method retrieves a policy in the domain.
Syntax
The GetPolicy method has the following format:
Netegrity::PolicyMgtDomain->GetPolicy(policyName)
Parameters
The GetPolicy method accepts the following parameter:
- policyName(string)Specifies the policy to retrieve.
Return Value
The GetPolicy method returns one of the following values
- A PolicyMgtPolicy object
- undefif the call fails, or if the specified policy does not exist
GetRealm Method Retrieves a Top-level Realm in the Domain
The GetRealm method retrieves a top-level realm in the domain.
Syntax
The GetRealm method has the following format:
Netegrity::PolicyMgtDomain->GetRealm(realmName)
Parameters
The GetRealm method accepts the following parameter:
- realmName(string)Specifies the realm to retrieve.
Return Value
The GetRealm method returns one of the following values:
- A PolicyMgtRealm object
- undefif the call failed, or if the specified realm does not exist
GetResponse Method Retrieves a Response Associated with the Domain
The GetResponse method retrieves a response associated with the domain.
Syntax
The GetResponse method has the following format:
Netegrity::PolicyMgtDomain->GetResponse(resName)
Parameters
The GetResponse method accepts the following parameter:
- resName(string)Specifies the response to retrieve.
Return Value
The GetResponse method returns one of the following values:
- A PolicyMgtResponse object
- undefif the call was unsuccessful, or if the specified response does not exist
GetResponseGroup Method Retrieves the Specified Response Group
The GetResponseGroup method retrieves the specified response group.
Syntax
The GetResponseGroup method has the following format:
Netegrity::PolicyMgtDomain->GetResponseGroup(groupName)
Parameters
The GetResponseGroup method accepts the following parameter:
- groupName(string)Specifies the name of the response group to retrieve.
Return Value
The GetResponseGroup method returns one of the following values:
- A PolicyMgtGroup object
- undefif the call was unsuccessful
GetRuleGroup Method Retrieves the Specified Rule Group
The GetRuleGroup method retrieves the specified rule group.
Syntax
The GetRuleGroup method has the following format:
Netegrity::PolicyMgtDomain->GetRuleGroup(groupName)
Parameters
The GetRuleGroup method accepts the following parameter:
- groupName(string)Specifies the name of the group to retrieve.
Return Value
The GetRuleGroup method returns one of the following values:
- A PolicyMgtGroup object
- undefif the call was unsuccessful
GetUserDirSearchOrder Method Retrieves User Directory Objects Associated with the Domain
The GetUserDirSearchOrder method retrieves user directory objects associated with the domain.
Syntax
The GetUserDirSearchOrder method has the following format:
Netegrity::PolicyMgtDomain->GetUserDirSearchOrder( )
Parameters
The GetUserDirSearchOrder method accepts no parameters:
Return Value
The GetUserDirSearchOrder method returns one of the following values:
- An array of PolicyMgtUserDir objects
- undefif the call was unsuccessful
Remarks
The order of the returned objects is the same order that
CA Single Sign-On
uses when querying the directories. To change the search order, call the PolicyMgtAffDomain->SetUserDirSearchOrder method.GlobalPoliciesApply Method Determines whether the Domain Is Enabled for Global Policies
The GlobalPoliciesApply method sets or retrieves the flag indicating whether the domain is enabled for global policies. If the domain is enabled for global policies, both global and domain-specific policies can apply to the domain.
Syntax
The GlobalPoliciesApply method has the following format:
Netegrity::PolicyMgtDomain->GlobalPoliciesApply([globalFlag])
Parameters
The GlobalPoliciesApply method accepts the following parameter:
- globalFlag(int)(Optional) Specifies whether to enable the domain for global polices:
- 1 specifies that global policies should be enable
- 0 specifies that global policies should not be enabled
Return Value
The GlobalPoliciesApply method returns one of the following values:
- A new or the existing flag setting
Name Method Sets or Retrieves the Domain Name
The Name method sets or retrieves the domain name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtDomain->Name([domainName])
Parameters
The Name method accepts the following parameter:
- domainName(string)(Optional) Specifies the name to assign to the domain.
Return Value
The Name method returns one of the following values:
- A new or the existing domain name
- undefif the call was unsuccessful
RemoveAdmin Method Disassociates an Administrator from the Domain
The RemoveAdmin method disassociates an administrator from the domain.
Syntax
The RemoveAdmin method has the following format:
Netegrity::PolicyMgtDomain->RemoveAdmin(admin)
Parameters
The RemoveAdmin method accepts the following parameter:
- admin(PolicyMgtAdmin)Specifies the administrator to remove from the domain.
Return Value
The RemoveAdmin method returns one of the following values:
- 0 on success
- -1 if the call was unsuccessful
Remarks
See also the PolicyMgtSession->DeleteAdmin method to delete an administrator from the policy store.
You cannot use the Policy Management API to create an administrator for a particular domain. However, if an administrator is associated with a domain either through the Administrative UI or the PolicyMgtAffDomain->AddAdmin method, you can remove that administrator from the domain by calling the RemoveAdmin method.
RemoveUserDir Method Disassociates the User Directory from the Domain
The RemoveUserDir method disassociates the user directory from the domain.
Syntax
The RemoveUserDir method has the following format:
Netegrity::PolicyMgtDomain->RemoveUserDir(userDir)
Parameters
The RemoveUserDir method accepts the following parameter:
- userDir(PolicyMgtUserDir)Specifies the user directory to disassociate from the domain.
Return Value
The RemoveUserDir method returns one of the following values:
- 0 on success
- -1 if the call was unsuccessful
SetUserDirSearchOrder Method Rearranges the Search Order of the User Directory Objects
The SetUserDirSearchOrder method rearranges the search order of the user directory objects associated with the domain.
Syntax
The SetUserDirSearchOrder method has the following format:
Netegrity::PolicyMgtDomain->SetUserDirSearchOrder(dirArray)
Parameters
The SetUserDirSearchOrder method accepts the following parameter:
- dirArray(array of PolicyMgtUserDir)Specifies a reference to an array of user directory objects (for example: @myarray).
Return Value
The SetUserDirSearchOrder method returns one of the following values:
- An array of PolicyMgtUserDir objects
- undefif the call was unsuccessful
method accepts the following parameter:
- returnCode(int)Output variable that is populated on return of the function call. The value populated is 0 if the call is a success. If the call fails, the value populated is a negative number that corresponds with the Policy Management API error code.