HierarchicalZoneComputer

The HierarchicalZoneComputer class represents a computer joined to a hierarchical zone.

Syntax

public interface IHierarchicalZoneComputer : IComputer

Discussion

The HierarchicalZoneComputer class inherits many methods and properties from the Computer class, but adds support for partial profiles and inheritable roles. Under hierarchical zones, both identity (profile data) and access (authorization data) are inherited, such that a computer’s effective identity or access are determined by all the profile data and all the access data at all levels of the hierarchy.

See HierarchicalUser for a discussion of profile and access inheritance.

When you assign computer-level overrides for user, group, or computer role assignments, Centrify creates a computer zone, which is a special type of zone that contains the users, groups, and computer role assignments that are specific to only that one computer. Computer zones are not exposed as zones in Access Manager, but are referred to in the method and property descriptions where appropriate.

Methods

The HierarchicalZoneComputer class provides the following methods:

This method Does this

AddAccessGroup

Adds a group to the computer.

AddGroupPartialProfile

Adds a computer-specific partial profile for a specified group.

AddLocalGroupPartialProfile

Adds a computer-specific partial profile for a specified local group.

AddLocalUserPartialProfile

Adds a computer-specific partial profile for a specified user.

AddRoleAssignment

Adds an empty role assignment.

AddUserPartialProfile

Adds a computer-specific partial profile for a specified user.

Commit

Commits changes to the group object to Active Directory.

(Inherited from Computer.)

CreateImportPendingGroup

Creates a pending imported group in this computer.

CreateImportPendingUser

Creates a pending imported user in this computer.

Delete

Deletes the computer profile from Active Directory.

(Inherited from Computer.)

DeleteAllProfiles

Deletes all computer-specific users and groups.

DeleteZone

Deletes the computer zone object if it exists.

GetAccessGroup

Returns a group given a role for the group.

GetAccessGroups

Returns an enumeration of groups in the computer object.

GetDirectoryEntry

Returns the Active Directory object for the computer.

(Inherited from Computer.)

GetEffectiveUserUnixProfiles

Returns an enumeration of effective users under this computer zone.

GetGroupUnixProfile

Returns the UNIX group profile in this computer zone for the specified Active Directory group.

GetGroupUnixProfileByDN

Returns the UNIX group profile in this computer zone for the Active Directory group specified by distinguished name.

GetGroupUnixProfileByName

Returns the UNIX group profile in this computer zone for the Active Directory group specified by group name.

GetGroupUnixProfiles

Returns an enumeration of the UNIX groups in this computer zone.

GetImportPendingGroup

Returns the group with the specified ID pending import.

GetImportPendingGroups

Returns an enumeration of groups pending import to this computer zone.

GetImportPendingUser

Returns the user with the specified ID pending import.

GetImportPendingUsers

Returns an enumeration of users pending import to this computer zone.

GetIPendingGroupID

Returns the numeric identifier for the pending import group with the specified group name.

GetLocalGroupUnixProfile

Returns the local UNIX group profile for a specified group name in the zone.

GetLocalUserUnixProfileByDN

Returns a local group profile using the distinguished name (DN) of the profile.

GetLocalGroupUnixProfileByGid (Int32)

Returns the local group profile using the Group Identifier (GID). This method is exposed to the .COM interface.

GetLocalGroupUnixProfiles

Returns a list of the local group profiles in the zone.

GetLocalUserUnixProfile

Returns the local user profile using the specified user name.

GetLocalUserUnixProfileByDN

Returns the local user profile specified by the distinguished name (DN) of the profile.

GetLocalUserUnixProfileByUid (Int32)

Returns the local user profile using the User Identifier (UID). This method is exposed to the .COM interface

GetLocalUserUnixProfiles

Returns a list of the local user profiles in the zone.

GetIPendingUserID

Returns the numeric identifier for the pending import user with the specified user name.

GetNssVariable

VBScipt interface to access NSS variables.

GetNSSVariables

VBScript interface to obtain all NSS variable names.

GetPrimaryUser

Returns the primary profile for the specified user.

GetRoleAssignment

Returns the role assignment for the specified role and trustee.

GetRoleAssignmentById

Returns the role assignment for the specified GUID.

GetRoleAssigments

Returns the collection of role assignments in the computer.

GetRoleAssignmentToAllADUsers

Returns the role assignment given to all Active Directory users who have a specified role.

GetRoleAssignmentToAllUnixUsers

Returns the role assignment given to all UNIX users who have a specified role.

GetSecondaryUsers

Returns an enumeration of the secondary profiles for the specified user.

GetUserProfiles

Returns an enumeration of all the user profiles for the specified user.

GetUserRoleAssignments

Returns an enumeration of all the user role assignments in this computer zone.

GetUserUnixProfile

Returns the UNIX user profile in this computer zone for the specified user.

GetUserUnixProfileByDN

Returns the UNIX user profile in this computer zone for the user specified by distinguished name.

GetUserUnixProfileByName

Returns the UNIX user profile in this computer zone for the user specified by user name.

GetUserUnixProfileByUid

Returns the UNIX user profile in this computer zone for the user specified by UID.

GetUserUnixProfiles

Returns an enumeration of all the UNIX user profiles in this computer zone.

GroupUnixProfileExists

Indicates whether the group has a profile in this computer zone.

LocalGroupUnixProfileExists

Indicates whether a UNIX profile exists in the zone for the specified local group.

LocalUserUnixProfileExists

Indicates whether a UNIX profile exists in the zone for the specified local user.

Refresh

Refreshes the data in this object instance from the data stored in Active Directory.

(Inherited from Computer.)

SetNSSVariable

VBScript interface to set the values of NSS variables.

UserUnixProfileExists

Indicates whether the specified user has a profile in this computer zone.

Properties

The HierarchicalZoneComputer class provides the following properties:

This property Does this

AdsiInterface

Gets the IADs interface of the zone object in Active Directory.

(Inherited from Computer.)

ADsPath

Gets the LDAP path to the zone object.

(Inherited from Computer.)

AgentVersion

Gets the Active Directory client version number.

(Inherited from Computer.)

CanonicalName

Gets the canonical name of the computer object.

(Inherited from Computer.)

ComputerZoneADsPath

Gets the LDAP path of the computer zone object.

IsOrphan

Indicates whether the CIMs data associated with this object is orphaned by the current credentials.

(Inherited from Computer.)

IsOrphanZone

Indicates whether this computer is an orphan zone object.

IsReadable

Indicates whether the CIMS data associated with this object is readable with the current user credentials.

(Inherited from Computer.)

IsWritable

Indicates whether the CIMS data associated with this object is writable with the current user credentials.

(Inherited from Computer.)

JBossEnabled

Determines whether the computer is enabled for JBoss.

(Inherited from Computer.)

Name

Gets or sets the name of the computer object.

(Inherited from Computer.)

NssVariables

Gets the map of profile variables.

ProfileADsPath

Gets the LDAP path to the computer UNIX profile.

(Inherited from Computer.)

SchemaVersion

Gets the version of the data schema.

(Inherited from Computer.)

TomcatEnabled

Determines whether the computer is enabled for Tomcat.

(Inherited from Computer.)

UserHomeDirectory

Gets or sets the UNIX directory path that is used to substitute for %{home} in user profiles.

UserShell

Gets or sets the shell that is used to substitute for %{shell} in user profiles.

Version

Gets the version number of the data schema.

(Inherited from Computer.)

WebLogicEnabled

Determines whether the computer is enabled for WebLogic.

(Inherited from Computer.)

WebSphereEnabled

Determines whether the computer is enabled for WebSphere.

(Inherited from Computer.)

Zone

Gets or sets the zone that this computer joins.

ZoneMode

Gets the zone mode of the computer.

(Inherited from Computer.)