HierarchicalZoneComputer
The HierarchicalZoneComputer class represents a computer joined to a
hierarchical zone.
Syntax
public interface IHierarchicalZoneComputer : IComputer
Discussion
The HierarchicalZoneComputer class inherits many methods and properties from the
Computer class, but adds support for partial profiles and inheritable roles.
Under hierarchical zones, both identity (profile data) and access (authorization
data) are inherited, such that a computer’s effective identity or access are
determined by all the profile data and all the access data at all levels of the
hierarchy.
See HierarchicalUser for a discussion of profile and access inheritance.
When you assign computer-level overrides for user, group, or computer role assignments, IBM Security creates a computer zone, which is a special type of zone that contains the users, groups, and computer role assignments that are specific to only that one computer. Computer zones are not exposed as zones in Access Manager, but are referred to in the method and property descriptions where appropriate.
Methods
The HierarchicalZoneComputer class provides the following methods:
| Method | Description |
|---|---|
AddAccessGroup
|
Adds a group to the computer. |
AddGroupPartialProfile
|
Adds a computer-specific partial profile for a specified group. |
AddLocalGroupPartialProfile
|
Adds a computer-specific partial profile for a specified local group. |
AddLocalUserPartialProfile
|
Adds a computer-specific partial profile for a specified user. |
AddRoleAssignment
|
Adds an empty role assignment. |
AddUserPartialProfile
|
Adds a computer-specific partial profile for a specified user. |
Commit
|
Commits changes to the group object to Active Directory. (Inherited from Computer.) |
CreateImportPendingGroup
|
Creates a pending imported group in this computer. |
CreateImportPendingUser
|
Creates a pending imported user in this computer. |
Delete
|
Deletes the computer profile from Active Directory. (Inherited from Computer.) |
DeleteAllProfiles
|
Deletes all computer-specific users and groups. |
DeleteZone
|
Deletes the computer zone object if it exists. |
GetAccessGroup
|
Returns a group given a role for the group. |
GetAccessGroups
|
Returns an enumeration of groups in the computer object. |
GetDirectoryEntry
|
Returns the Active Directory object for the computer. (Inherited from Computer.) |
GetEffectiveUserUnixProfiles
|
Returns an enumeration of effective users under this computer zone. |
GetGroupUnixProfile
|
Returns the UNIX group profile in this computer zone for the specified Active Directory group. |
GetGroupUnixProfileByDN
|
Returns the UNIX group profile in this computer zone for the Active Directory group specified by distinguished name. |
GetGroupUnixProfileByName
|
Returns the UNIX group profile in this computer zone for the Active Directory group specified by group name. |
GetGroupUnixProfiles
|
Returns an enumeration of the UNIX groups in this computer zone. |
GetImportPendingGroup
|
Returns the group with the specified ID pending import. |
GetImportPendingGroups
|
Returns an enumeration of groups pending import to this computer zone. |
GetImportPendingUser
|
Returns the user with the specified ID pending import. |
GetImportPendingUsers
|
Returns an enumeration of users pending import to this computer zone. |
GetIPendingGroupID
|
Returns the numeric identifier for the pending import group with the specified group name. |
| method | Description |
GetLocalGroupUnixProfile
|
Returns the local UNIX group profile for a specified group name in the zone. |
GetLocalUserUnixProfileByDN
|
Returns a local group profile using the distinguished name (DN) of the profile. |
GetLocalGroupUnixProfileByGid
|
Returns the local group profile using the Group Identifier (GID). This method is exposed to the .COM interface. |
GetLocalGroupUnixProfiles
|
Returns a list of the local group profiles in the zone. |
GetLocalUserUnixProfile
|
Returns the local user profile using the specified user name. |
GetLocalUserUnixProfileByDN
|
Returns the local user profile specified by the distinguished name (DN) of the profile. |
GetLocalUserUnixProfileByUid
|
Returns the local user profile using the User Identifier (UID). This method is exposed to the .COM interface |
GetLocalUserUnixProfiles
|
Returns a list of the local user profiles in the zone. |
GetIPendingUserID
|
Returns the numeric identifier for the pending import user with the specified user name. |
GetNssVariable
|
VBScript interface to access NSS variables. |
GetNSSVariables
|
VBScript interface to obtain all NSS variable names. |
GetPrimaryUser
|
Returns the primary profile for the specified user. |
GetRoleAssignment
|
Returns the role assignment for the specified role and trustee. |
GetRoleAssignmentById
|
Returns the role assignment for the specified GUID. |
GetRoleAssigments
|
Returns the collection of role assignments in the computer. |
GetRoleAssignmentToAllADUsers
|
Returns the role assignment given to all Active Directory users who have a specified role. |
GetRoleAssignmentToAllUnixUsers
|
Returns the role assignment given to all UNIX users who have a specified role. |
GetSecondaryUsers
|
Returns an enumeration of the secondary profiles for the specified user. |
GetUserProfiles
|
Returns an enumeration of all the user profiles for the specified user. |
GetUserRoleAssignments
|
Returns an enumeration of all the user role assignments in this computer zone. |
GetUserUnixProfile
|
Returns the UNIX user profile in this computer zone for the specified user. |
GetUserUnixProfileByDN
|
Returns the UNIX user profile in this computer zone for the user specified by distinguished name. |
GetUserUnixProfileByName
|
Returns the UNIX user profile in this computer zone for the user specified by user name. |
GetUserUnixProfileByUid
|
Returns the UNIX user profile in this computer zone for the user specified by UID. |
GetUserUnixProfiles](getuserunixprofiles.md) | Returns an enumeration of all the UNIX user profiles in this computer zone. | | [GroupUnixProfileExists](groupunixprofileexists.md) | Indicates whether the group has a profile in this computer zone. | | [LocalGroupUnixProfileExists](localgroupunixprofileexists.md) | Indicates whether a UNIX profile exists in the zone for the specified local group. | | [LocalUserUnixProfileExists](localuserunixprofileexists.md) | Indicates whether a UNIX profile exists in the zone for the specified local user. | | [Refresh](../computer/refresh.md) | Refreshes the data in this object instance from the data stored in Active Directory. (Inherited from [Computer](../computer/index.md).) | | [SetNSSVariable](setnssvariable.md) | VBScript interface to set the values of NSS variables. | | [UserUnixProfileExists`
|
Indicates whether the specified user has a profile in this computer zone. |
Properties
The HierarchicalZoneComputer class provides the following properties:
| Property | Description |
|---|---|
AdsiInterface
|
Gets the IADs interface of the zone object in Active Directory. (Inherited from Computer.) |
ADsPath
|
Gets the LDAP path to the zone object. (Inherited from Computer.) |
AgentVersion
|
Gets the Active Directory client version number. (Inherited from Computer.) |
CanonicalName
|
Gets the canonical name of the computer object. (Inherited from Computer.) |
ComputerZoneADsPath
|
Gets the LDAP path of the computer zone object. |
IsOrphan
|
Indicates whether the CIMs data associated with this object is orphaned by the current credentials. (Inherited from Computer.) |
IsOrphanZone
|
Indicates whether this computer is an orphan zone object. |
IsReadable
|
Indicates whether the CIMS data associated with this object is readable with the current user credentials. (Inherited from Computer.) |
IsWritable
|
Indicates whether the CIMS data associated with this object is writable with the current user credentials. (Inherited from Computer.) |
JBossEnabled
|
Determines whether the computer is enabled for JBoss. (Inherited from Computer.) |
Name
|
Gets or sets the name of the computer object. (Inherited from Computer.) |
NssVariables
|
Gets the map of profile variables. |
ProfileADsPath
|
Gets the LDAP path to the computer UNIX profile. (Inherited from Computer.) |
SchemaVersion
|
Gets the version of the data schema. (Inherited from Computer.) |
TomcatEnabled
|
Determines whether the computer is enabled for Tomcat. (Inherited from Computer.) |
UserHomeDirectory
|
Gets or sets the UNIX directory path that is used to substitute for %{home} in user profiles. |
UserShell
|
Gets or sets the shell that is used to substitute for %{shell}in user profiles. |
Version
|
Gets the version number of the data schema. (Inherited from Computer.) |
WebLogicEnabled
|
Determines whether the computer is enabled for WebLogic. (Inherited from Computer.) |
WebSphereEnabled
|
Determines whether the computer is enabled for WebSphere. (Inherited from Computer.) |
Zone
|
Gets or sets the zone that this computer joins. |
ZoneMode
|
Gets the zone mode of the computer. (Inherited from Computer.) |