Policy.java revision 6636284dd99df27fda992fb77fb6236657269ec9
=
"com.sun.identity.policy.Policy.policy_evaluation_weights";
private boolean active =
true;
* Constructs a policy given the policy name. * @param policyName name of the policy * @exception InvalidNameException if policy name is not valid * Constructs a policy given the policy name and priority. * @param policyName name of the policy * @param priority priority assigned to the policy * @exception InvalidNameException if policy name is not valid // Set the policy priority * Constructs a policy given the policy name and description. * @param policyName name of the policy * @param description description for the policy * @exception InvalidNameException if policy name is not valid * Constructs a policy given the policy name,description and a * @param policyName name of the policy * @param description description for the policy * @param referralPolicy indicates whether the policy is a * referral policy or a standard policy. * A referral policy is used only to delegate policy definitions to * sub/peer organizations. A referral policy does not make use of any * @exception InvalidNameException if policy name is not valid * Constructs a policy given the policy name , description, * referralPolicy flag, and active flag * @param policyName name of the policy * @param description description for the policy * @param referralPolicy indicates whether the policy is a * referral policy or a standard policy. * @param active indicates if the policy is active or not. * A referral policy is used only to delegate policy definitions to * sub/peer organizations. A referral policy does not make use of any * @exception InvalidNameException if policy name is not valid * Constructs a policy given the Policy Node. * This is used by PolicyManager * @param pm <code>PolicyManager</code> requesting the operation * @param policyNode XML node in W3C DOM format representing * the policy object which needs to be created. * @exception InvalidFormatException, InvalidNameException, * NameNotFoundException, PolicyException // Check if the node name is PolicyManager.POLICY_ROOT_NODE "invalid policy xml blob given to construct policy");
"invalid_xml_policy_root_node",
null,
"",
// Get descrition, can be null // Get referralPolicy flag // write to debug and continue "determining policy's priority: " +
pri,
nfe);
// Get the rule nodes and instantiate them // Get the users collection and instantiate Subjects // Get the conditions collection and instantiate Conditions // Get the respProviders collection and instantiate // Get the referrals collection and instantiate Referrals * Gets the name of the policy. * @return name of the policy * Sets the name of the policy. * @param policyName name of the policy. * @exception InvalidNameException if <code>policyName</code> is an invalid * Gets the original policy name. * This is used to track policies called via * <code>PolicyManager::replacePolicy()</code> * with the changed policy name. * @return the policy name that was present when * the object was instantiated * Sets the organization name under which the policy is created * This would be set only for policies that have been read from data store. * Otherwise this would be <code>null</code> * @param organizationName name of the organization name in which the * Gets the organization name under which the policy is created * This would be set only for policies that have been read from data store. * Otherwise this would be <code>null</code> * @return the organization name under which the policy is created * Resets the original policy name * Gets the description for the policy. * If the description for the policy has not been set * the method will return an empty string; not <code> * @return description of the policy * Sets the description for the policy. * @param description description for the policy * @exception InvalidNameException if the description is invalid * Checks whether the policy is a referral policy. * A referral policy is used only to delegate policy definitions to * sub/peer organizations. A referral policy does not make use of any * @return <code>true</code> if this is a referral policy. * Otherwise returns <code>false</code> * Checks whether the policy is active or inactive * An inactive policy is not used to make policy evaluations. * @return <code>true</code> if this is an active policy. * Otherwise returns <code>false</code> * Set the active flag for policy. * An inactive policy is not used to make policy evaluations. * @param active <code>boolean</code> representing active or inactive. * Gets the priority of the policy. * @return priority of the policy * Sets a priority of the policy. * @param priority priority of the policy * Gets the set of rule names associated with the policy. * @return <code>Set</code> of rule names * Gets the rule object identified by name. * @param ruleName name of rule. * @return <code>Rule</code> object. * @exception NameNotFoundException if a <code>Rule</code> with the given * Adds a new policy rule. * @param rule rule object to be added to the policy * @exception NameAlreadyExistsException a rule with the given name * @exception InvalidNameException if the rule name is invalid * same service name as the policy // Since 5.0 does not support rule name, it can be null // Assign a name dynamically // Check if the rule name or rule itself already exists * Replaces an existing rule with the same name by the * current one. If a <code>Rule</code> with the same name does not exist, * @param rule <code>Rule</code> that will replace an existing rule * @exception InvalidNameException if <code>Rule</code> name is invalid // Since 5.0 does not support rule name, it can be null // Assign a name dynamically * Removes the <code>Rule</code> with the given name. * @param ruleName name of the rule * @return returns the <code>Rule</code> object being removed; * if not present returns <code>null</code> * Returns a <code>Subjects</code> object that contains * a set of <code>Subject</code> instances for which the * @return Subjects object of the policy * Get the <code>Set</code> of subject names associated with the policy. * @return <code>Set</code> of String objects representing subject names * Gets the Subject object identified by name. * @param subjectName name of subject. * @return <code>Subject</code> object * @exception NameNotFoundException if a Subject with the given name * Adds a new policy subject. * The subject is added as a normal (non exclusive) subject. * So, policy will apply to members of the subject. * The policy will apply to a user if he is a member of * any normal (non exclusive) subject in the policy * or not a member of any exclusive subject in the policy. * @param name name of the Subject instance * @param subject Subject object to be added to the policy * @exception NameAlreadyExistsException if a Subject with the given name * @exception InvalidNameException if the subject name is invalid * Adds a reference in the policy to a Subject defined at the realm. * @param token SSOToken of the user adding the subject * @param subjectName name of the Subject as defined at the realm * @param realmName name of the realm in which the subject is defined * @exception NameAlreadyExistsException if a Subject with the given name * already exists in the policy * @exception InvalidNameException if the subject name is invalid * or the subject is not found at the realm * @exception SSOException if the SSO token is invalid * @exception PolicyException if the subject could not be added * Adds a reference in the policy to a Subject defined at the realm. * @param subjectName name of the Subject as defined at the realm * @param stm <code>SubjectTypeManager<code> of the realm. * You have to pass the SubjectTypeManager of realm in which * you would save the policy. Trying to save the policy at * a different realm would throw PolicyException. * @exception NameAlreadyExistsException if a Subject with the given name * already exists in the policy * @exception InvalidNameException if the subject name is invalid * or the subject is not found at the realm * @exception SSOException if the SSO token is invalid * @exception PolicyException if the subject could not be added +
" , policy already has subject from different realm:" * would result in NameNotFoundException if the subject does not exist * we would propogate the exception without catching * Adds a new policy subject. * The policy will apply to a user if he is a member of * any normal (non exclusive) subject in the policy * or not a member of any exclusive subject in the policy. * @param name name of the Subject instance * @param subject Subject object to be added to the policy * @param exclusive boolean flag indicating whether the subject * is to be exclusive subject. If subject is exclusive, * policy applies to users who are not members of the * subject. Otherwise, policy applies to members of the subject. * @exception NameAlreadyExistsException if a Subject with the given name * @exception InvalidNameException if the subject name is invalid * Replaces an existing subject with the same name by the * current one. If a subject with the same name does not exist, * The subject is replaced as a normal (non exclusive) subject. * So, policy will apply to members of the subject. * The policy will apply to a user if he is a member of * any normal (non exclusive) subject subject in the policy * or not a member of any exclusive subject subject in the policy. * @param name name of the Subject instance * @param subject Subject that will replace an existing Subject * @exception NameNotFoundException if a Subject instance * with the given name is not present * Replaces an existing subject with the same name by the * current one. If a subject with the same name does not exist, * The policy will apply to a user if he is a member of * any normal (non exclusive) subject in the policy * or not a member of any exclusive subject in the policy. * @param name name of the Subject instance * @param subject Subject that will replace an existing Subject * @param exclusive boolean flag indicating whether the subject * is to be exclusive subject. If subject is exclusive, * policy applies to users who are not members of the * subject. Otherwise, policy applies to members of the subject. * @exception NameNotFoundException if a Subject instance * with the given name is not present * Removes the subject with the given name. * @param subjectName name of the Subject * @return returns the Subject object being removed. * if not present returns <code>null</code> * Removes the <code>Subject</code> object identified by * object's <code>equals</code> method. If a Subject instance * does not exist, the method will return silently. * @param subject Subject object that * will be removed from the user collection * Checks if the subject is exclusive. * If subject is exclusive, policy applies to users who are not members of * the subject. Otherwise, policy applies to members of the subject. * The policy will apply to a user if he is a member of * any normal (non exclusive) subject in the policy * or not a member of any exclusive subject in the policy. * @param subjectName name of the subject * @return <code>true</code> if the subject is exclusive, <code>false</code> * @exception NameNotFoundException if the subject with the given * <code>subjectName</code> does not exist in the policy. * Checks if the subjectName is a reference to a Subject * @param subjectName name of the subject * @return <code>true</code> if the subject is a reference to a * Subject defined at the realm, <code>false</code> * @exception NameNotFoundException if the subject with the given * <code>subjectName</code> does not exist in the policy. * Returns a <code>Referrals</code> object that contains * a set of <code>Referral</code> instances for whom the * @return Referrals object of the policy * Get the <code>Set</code> of referral names associated with the policy. * @return <code>Set</code> of referral names * Gets the Referral object identified by name. * @param referralName name of referral. * @return <code>Referral</code> object * @exception NameNotFoundException if a Referral with the given name * Adds a new policy referral. * @param name name of the <code>Referral</code> instance * @param referral <code>Referral</code> object to be added to the policy * @exception NameAlreadyExistsException if a Referral with the given name * @exception InvalidNameException if the referral name is invalid * Replaces an existing referral with the same name by the * current one. If a referral with the same name does not exist, * @param name name of the <code>Referral</code> instance * @param referral <code>Referral</code> that will replace an existing * Referral with the same name * @exception NameNotFoundException if a Referral instance * with the given name is not present * Removes the referral with the given name. * @param referralName name of the <code>Referral</code> * @return returns the <code>Referral</code> object being removed; * if not present returns <code>null</code> * Removes the <code>Referral</code> object identified by * object's <code>equals</code> method. If a Referral instance * does not exist, the method will return silently. * @param referral Referral object that will be removed * Returns a <code>Conditions</code> object that contains * a set of <code>Condition</code> objects that apply * @return <code>Conditions</code> object of the policy * Get the set of condition names associated with the policy. * @return <code>Set</code> of condition names * Gets the condition object identified by name. * @param condition name of condition. * @return <code>Condition</code> object. * @exception NameNotFoundException if a Condition with the given name * Adds a new policy condition. * @param name name of the Condition instance * @param condition Condition object to be added to the policy * @exception NameAlreadyExistsException if a Condition with the given name * @exception InvalidNameException if the condition name is invalid * Replaces an existing condition with the same name by the * current one. If a condition with the same name does not exist, * @param name name of the <code>Condition</code> instance * @param condition <code>Condition</code> that will replace an * existing Condition with the same name * @exception NameNotFoundException if a Condition instance * with the given name is not present * Removes the condition with the given name. * @param condition name of the <code>Condition</code> * @return returns the Condition object being removed; * if not present returns <code>null</code> * Removes the <code>Condition</code> object identified by * object's <code>equals</code> method. If a condition instance * does not exist, the method will return silently. * @param condition Condition object that will be removed * Returns a <code>ResponseProviders</code> object that contains * a set of <code>ResponseProvider</code> objects that apply * @return <code>ResponseProviders</code> object found in the policy * Get a <code>Set</code> of <code>String</code> objects representing * the responseProvider names associated with the policy. * @return <code>Set</code> of responseProvider names * Gets the <code>ResponseProvider</code> object identified by name. * @param respProvider name of <code>ResponseProvider</code>. * @return <code>ResponseProvider</code> object. * @exception NameNotFoundException if a ResponseProvider with the given * Adds a new <code>ResponseProvider</code> to the policy. * @param name name of the <code>ResponseProvider</code> instance * @param respProvider <code>ResponseProvider</code> object to be added to * @exception NameAlreadyExistsException if a ResponseProvider with the * given name already exists * @exception InvalidNameException if the <code>respProvider</code> * Replaces an existing <code>ResponseProvider</code> with the same name * by the current one. If a respProvider with the same name does not exist, * @param name name of the ResponseProvider instance * @param respProvider ResponseProvider that will replace an existing * ResponseProvider with the same name * @exception NameNotFoundException if a ResponseProvider instance * with the given name is not present. * Removes the <code>ResponseProvider</code> with the given name. * @param respProvider name of the ResponseProvider * @return returns the ResponseProvider object being removed; * if not present returns null. * Removes the <code>ResponseProvider</code> object. * If a respProvider instance does not exist, the method will * @param respProvider ResponseProvider object that * Stores the policy object in a persistent data store * under the organization, sub-organization or a container * object, specified as a parameter. The organization, * sub-organization, or the container can be either * a LDAP distinguished name (<code>dn</code>) or slash "/" separated * as per SMS. This method * uses the <code>SSOToken</code> provided to perform the store * operation, and hence if the single sign token has expired * <code>SSOException</code> will be thrown, and if the * user does not have the required privileges * <code>NoPermissionException</code> exception will be thrown. * If a policy with the same name exists for the organization * the method will throw <code>NameAlreadyExistsException</code>. * And if the organization name does not exist, the method * will throw <code>NameNotFoundException</code>. * @param token SSO token of the user managing policy * @param name name of the organization, sub-organization or * a container in which the policy will be stored. * @exception SSOException invalid or expired single-sign-on token * @exception NoPermissionException user does not have sufficient * privileges to add policy * @exception NameAlreadyExistsException a policy with the same * @exception NameNotFoundException the given organization name * @exception PolicyException for any other abnormal condition * Checks if two policy objects are equal. * This method does not check the policy name and description * @param obj object againt which the policy object * will be checked for equality * @return <code>true</code> if policies are equal, * <code>false</code> otherwise. * Creates and returns a copy of this object. The returned * <code>Policy</code> object will have the same policy * name, rules, subjects, referrals and conditions * such that <code>x.clone().equals(x)</code> will be * <code>true</code>. However <code>x.clone()</code> * will not be the same as <code>x</code>, i.e., * <code>x.clone() != x</code>. * @return a copy of this object // Copy responseProviders * Returns the serialized policy in XML * @return serialized policy in XML answer.
append(
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
// Add the responseProviders * Gets string representation of the policy object. * @return XML string representation of the policy object * Checks for the char <code>c</code> in the String * @param name String in which the character needs to be checked for. * @param c <code>char</code> which needs to be checked. * @exception InvalidNameException if <code>c</code> does not occur * anywhere in <code>name</code>. * @param token sso token identifying the user for who the policy has to * @param resourceTypeName resourceType name * @param resourceName resourceName * @param actionNames a set of action names for which policy results * are to be evaluated. Each element of the set should be a * @param envParameters a <code>Map</code> of environment parameters * Each key of the <code>Map</code> is a String valued parameter name * Each value of the map is a <code>Set</code> of String values * @return a <code>PolicyDecision</code> * @exception NameNotFoundException if the action name or resource name * @exception SSOException if token is invalid * @exception PolicyException for any other exception condition * get the evaluation order that is likely to be least expensive //process referrals irrespective subjects and conditions .
append(
" after processing referrals only:")
.
append(
" principal, resource name, action names,")
.
append(
" policyName, referralResults = ")
+
"SUBJECTS_CONDITIONS_RULES");
+
"CONDITIONS_SUBJECTS_RULES");
+
"RULES_SUBJECTS_CONDITIONS");
+
"RULES_CONDITIONS_SUBJECTS");
+
"SUBJECTS_RULES_CONDITIONS");
+
"CONDITIONS_RULES_SUBJECTS");
}
else {
//default:RULES_CONDITIONS_SUBJECTS +
"RULES_CONDITIONS_SUBJECTS");
.
append(
" principal, resource name, action names,")
.
append(
" policyName, policyDecision = ")
{
// put the response Attrs in the PolicyDecision * even if one action Value found, set the /** Gets matched rule results given resource type, resource name and * @param resourceType resource type(<code>ServiceType</code> of resource * @param resourceName resource name for which to get action values * @param actionNames action names for which to get values * @return <code>Map</code> of action values keyed by action names * @exception NameNotFoundException "can not find action schmea for action = " /**Gets resource names that are exact matches, sub resources or * wild card matches of argument resource name. * To determine whether to include a * resource name of a resource, we compare argument resource name and * policy resource name, treating wild characters in the policy * resource name as wild. If the comparsion resulted in EXACT_MATCH, * WILD_CARD_MATCH or SUB_RESOURCE_MATCH, the resource result would be * @param serviceTypeName service type name * @param resourceName resource name * @param followReferrals indicates whether to follow the referrals to * @return resource names that match to be exact match, sub * resource match or wild card match of the argument * @exception PolicyException * @exception SSOException * @see ResourceMatch#EXACT_MATCH * @see ResourceMatch#SUB_RESOURCE_MATCH * @see ResourceMatch#WILDCARD_MATCH sb.
append(
"at Policy.getResourceNames : ");
sb.
append(
" for policyName, serviceType, resourceName, ");
sb.
append(
" ruleResource, resourceMatch :");
sb.
append(
"at Policy.getResourceNames : ");
sb.
append(
" for policyName, serviceType, resourceName, ");
sb.
append(
" followReferral, resourceNames :");
/** Gets the resource names of a given serviceType managed by this * @param serviceTypeName name of service type for which to * @return a set of resource names of serviceTypeName managed * @exception SSOException * @exception NameNotFoundException // public String getServiceTypeName() { /* com.iplanet.am.admin.cli uses this method. * Need to clean up cli not to use this * method. Without this method build breaks - 03/05/02 */ * Gets organizations referred to in this policy by OrgReferral(s) * defined in this policy. * @return names of organization (DNs) of organizations referred * to in this policy via <code>OrgReferral</code>(s) defined in * Please note that <code>PeerOrgReferral</code> and * <code>SubOrgReferral</code> extend <code>OrgReferral</code> * and hence qualify as OrgReferral. * @exception PolicyException /** Sets time to live for Subjects result. * @param ttl time to live for Subjects result * validates the String <code>name</code>. * @param name String to be validated. * @exception throws InvalidNameException is name is null or * does contain invalid character "/". /** Gets policy decision computing Subjects, Conditions and Rules * in this order. Referrals in the policy are ignored. * @param token sso token identifying the user for who the policy has to * @param resourceType service type * @param resourceName resource name * @param actionNames a set of action names for which policy results * are to be evaluated. Each element of the set should be a * @param envParameters a map of environment parameters * Each key of the map is a String valued parameter name * Each value of the map is a set of String values * @param policyDecision a collecting argument. Computed policy decisions * in this method are merged to this policy decision * @return computed and merged policy decision * @exception NameNotFoundException if the action name or resource name * @exception SSOException if token is invalid * @exception PolicyException for any other exception condition /* ActionDecision to include values, no advices }
else {
// subjects+,conditions+,resourceMatch- }
else {
//subjects+,conditions- //ActionDecision to include advices only /* ActionDecision to include advices, no values /** Gets policy decision computing Subjects, Rules and Conditions * in this order. Referrals in the policy are ignored. * @param token sso token identifying the user for who the policy has to * @param resourceType service type * @param resourceName resourceName * @param actionNames a set of action names for which policy results * are to be evaluated. Each element of the set should be a * @param envParameters a map of environment parameters * Each key of the map is a String valued parameter name * Each value of the map is a set of String values * @param policyDecision a collecting argument. Computed policy decisions * in this method are merged to this policy decision * @return computed and merged policy decision * @exception NameNotFoundException if the action name or resource name * @exception SSOException if token is invalid * @exception PolicyException for any other exception condition //subjects+, resourceMatch+,conditions+ /* ActionDecision to include values, no advices }
else {
//subjects+, resourceMatch+,conditions- /* ActionDecision to include advices, no values }
else {
//subjects+,resourceMatch- /** Gets policy decision computing Conditions, Subject and Rules * in this order. Referrals in the policy are ignored. * @param token sso token identifying the user for who the policy has to * @param resourceType service type * @param resourceName resourceName * @param actionNames a set of action names for which policy results * are to be evaluated. Each element of the set should be a * @param envParameters a map of environment parameters * Each key of the map is a String valued parameter name * Each value of the map is a set of String values * @param policyDecision a collecting arugment. Computed policy decisions * in this method are merged to this policy decision * @return computed and merged policy decision * @exception NameNotFoundException if the action name or resource name * @exception SSOException if token is invalid * @exception PolicyException for any other exception condition //conditions+, subjects+, resourceMatched+ /* ActionDecision to include values, no advices }
else {
//conditions+, subjects+, resourceMatched- }
else {
//conditions+,subjects- /* ActionDecision to include advices, no values }
else {
//no advices to report /** Gets policy decision computing Conditions, Rules and Subjects * in this order. Referrals in the policy are ignored. * @param token sso token identifying the user for who the policy has to * @param resourceType service type * @param resourceName resourceName * @param actionNames a set of action names for which policy results * are to be evaluated. Each element of the set should be a * @param envParameters a map of environment parameters * Each key of the map is a String valued parameter name * Each value of the map is a set of String values * @param policyDecision a collecting arugment. Computed policy decisions * in this method are merged to this policy decision * @return computed and merged policy decision * @exception NameNotFoundException if the action name or resource name * @exception SSOException if token is invalid * @exception PolicyException for any other exception condition //conditions+, resourceMatched+, subjects+ /* ActionDecision to include values, no advices }
else {
//conditions+, resourceMatched+, subjects- }
else {
//conditions+, resourceMatched- /* ActionDecision to include advices, no values }
else {
//no advices to report /** Gets policy decision computing Rules, Subjects and Conditions * in this order. Referrals in the policy are ignored. * @param token sso token identifying the user for who the policy has to * @param resourceType service type * @param resourceName resourceName * @param actionNames a set of action names for which policy results * are to be evaluated. Each element of the set should be a * @param envParameters a map of environment parameters * Each key of the map is a String valued parameter name * Each value of the map is a set of String values * @param policyDecision a collecting arugment. Computed policy decisions * in this method are merged to this policy decision * @return computed and merged policy decision * @exception NameNotFoundException if the action name or resource name * @exception SSOException if token is invalid * @exception PolicyException for any other exception condition //resourceMatched+, subjects+, conditions+ /* ActionDecision to include values, no advices }
else {
//resourceMatched+, subjects+, conditions- /* ActionDecision to include advices, no values }
else {
//resourceMatched+, subjects- }
else {
//resourceMached- /** Gets policy decision computing Rules, Conditions and Subjects * in this order. Referrals in the policy are ignored. * @param token sso token identifying the user for who the policy has to * @param resourceType service type * @param resourceName resourceName * @param actionNames a set of action names for which policy results * are to be evaluated. Each element of the set should be a * @param envParameters a map of environment parameters * Each key of the map is a String valued parameter name * Each value of the map is a set of String values * @param policyDecision a collecting argument. Computed policy decisions * in this method are merged to this policy decision * @return computed and merged policy decision * @exception NameNotFoundException if the action name or resource name * @exception SSOException if token is invalid * @exception PolicyException for any other exception condition //resourceMatch+, conditions+, subjects+ /* ActionDecision to include values, no advices }
else {
//resourceMatch+, conditions+, subjects- }
else {
//resourceMatch+, conditions- /* ActionDecision to include advices, no values }
else {
//no advices to report }
else {
//resourceMatch- /** Gets evaluation order of Subjects, Rules and Conditions for this policy * that is likely to be least expensive in terms of cpu. * @return int representing preferred evaluation order for this policy //treat subject weight as 0, if sub result is in cache /** Initializes global values of evaluation weight * per Subject, per Condition and per Rule element * of the policies by reading value of property * to <code>DEFAULT_EVALUATION_WEIGHTS</code>. * @see #DEFAULT_EVALUATION_WEIGHTS +
" invalid evaulationWeights defined, " +
" invalid subjectWeight defined, defaulting to 0");
+
" invalid ruleWeight defined, defaulting to 0");
+
" invalid conditionWeight defined, defaulting to 0");
/** Initializes evaluation weights for * Subjects, Conditions and rules of this policy object. * Checks whether the policy is applicable to user identified by sso token * @return <code>true</code> if the policy is applicable to the user * identified by sso token, else <code>false</code> * We track the subject realm when a realm subject is added to the policy. * We use this information to enforce that a policy has * realm subjects only from one realm. We also use this information * to enforce that policy is not saved into a different realm. * Clears the cached membership evaluation results corresponding * to the <code>tokenIdString</code>. This is triggered through * <code>PolicySSOTokenListener</code> and <code>PolicyCache</code> * of a logged in user is changed * @param tokenIdString sessionId of the user whose session property changed DEBUG.
message(
"Policy.clearSubjectResultCache(tokenIdString): " +
" clearing cached subject evaluation result for " * Sets the creation date. * @param creationDate creation date. * Returns last modified date. * @return last modified date. * Sets the last modified date. * @param lastModifiedDate last modified date. * Returns the user ID who last modified the policy. * @return user ID who last modified the policy. * Sets the user ID who last modified the policy. * @param lastModifiedBy user ID who last modified the policy. * Returns the user ID who created the policy. * @return user ID who created the policy. * Sets the user ID who created the policy. * @param createdBy user ID who created the policy.