public List<IPentahoRole> getRoles(
     Session session, final ITenant theTenant, boolean includeSubtenants)
     throws RepositoryException {
   ArrayList<IPentahoRole> roles = new ArrayList<IPentahoRole>();
   if (TenantUtils.isAccessibleTenant(theTenant)) {
     UserManager userMgr = getUserManager(theTenant, session);
     pPrincipalName = ((SessionImpl) session).getJCRName(P_PRINCIPAL_NAME);
     Iterator<Authorizable> it =
         userMgr.findAuthorizables(pPrincipalName, null, UserManager.SEARCH_TYPE_GROUP);
     while (it.hasNext()) {
       Group group = (Group) it.next();
       IPentahoRole pentahoRole = convertToPentahoRole(group);
       // Exclude the system role from the list of roles to be returned back
       if (!extraRoles.contains(pentahoRole.getName())) {
         if (includeSubtenants) {
           roles.add(pentahoRole);
         } else {
           if (pentahoRole.getTenant() != null && pentahoRole.getTenant().equals(theTenant)) {
             roles.add(pentahoRole);
           }
         }
       }
     }
   }
   return roles;
 }
 public List<IPentahoUser> getUsers(
     Session session, final ITenant theTenant, boolean includeSubtenants)
     throws RepositoryException {
   ArrayList<IPentahoUser> users = new ArrayList<IPentahoUser>();
   if (TenantUtils.isAccessibleTenant(theTenant)) {
     UserManager userMgr = getUserManager(theTenant, session);
     pPrincipalName = ((SessionImpl) session).getJCRName(P_PRINCIPAL_NAME);
     Iterator<Authorizable> it =
         userMgr.findAuthorizables(pPrincipalName, null, UserManager.SEARCH_TYPE_USER);
     while (it.hasNext()) {
       User user = (User) it.next();
       IPentahoUser pentahoUser = convertToPentahoUser(user);
       if (includeSubtenants) {
         users.add(pentahoUser);
       } else {
         if (pentahoUser.getTenant() != null && pentahoUser.getTenant().equals(theTenant)) {
           users.add(pentahoUser);
         }
       }
     }
   }
   return users;
 }
 public Iterator<Authorizable> execute(final String query)
     throws RepositoryException, IOException {
   try {
     return userManager.findAuthorizables(
         new Query() {
           public <T> void build(QueryBuilder<T> builder) {
             try {
               // Must request more than MAX_RESULT_COUNT records explicitly
               builder.setLimit(0, MAX_RESULT_COUNT);
               new QueryTranslator<T>(builder).translate(query);
             } catch (IOException e) {
               throw new IllegalArgumentException(e);
             }
           }
         });
   } catch (IllegalArgumentException e) {
     Throwable cause = e.getCause();
     if (cause instanceof IOException) {
       throw (IOException) cause;
     } else {
       throw e;
     }
   }
 }