// Copyright (c) 2008 DMTF. All rights reserved. [Version ( "2.20.0" ), UMLPackagePath ( "CIM::User::PrivilegeManagementService" ), Description ( "The PrivilegeManagementService is responsible for creating, " "deleting, and associating AuthorizedPrivilege instances. " "References to \'subject\' and \'target\' define the entities " "that are associated with an AuthorizedPrivilege instance via " "the relationships, AuthorizedSubject and AuthorizedTarget, " "respectively. When created, an AuthorizedPrivilege instance is " "related to this (PrivilegeManagement)Service via the " "association, ConcreteDependency." )] class CIM_PrivilegeManagementService : CIM_AuthorizationService { [Description ( "When this method is called, a provider updates the " "specified Subject\'s rights to the Target according to " "the parameters of this call. The rights are modeled via " "an AuthorizedPrivilege instance. If an " "AuthorizedPrivilege instance is created as a result of " "this call, it MUST be linked to the Subject and Target " "via the AuthorizedSubject and AuthorizedTarget " "associations, respectively. When created, the " "AuthorizedPrivilege instance is associated to this " "PrivilegeManagementService via ConcreteDependency. If " "the execution of this call results in no rights between " "the Subject and Target, then they MUST NOT be linked to " "a particular AuthorizedPrivilege instance via " "AuthorizedSubject and AuthorizedTarget respectively. \n" "\n" "Note that regardless of whether specified via parameter, " "or template, the Activities, ActivityQualifiers and " "QualifierFormats, are mutually indexed. Also note that " "Subject and Target references MUST be supplied. \n" "\n" "The successful completion of the method SHALL create any " "necessary AuthorizedSubject, AuthorizedTarget, " "AuthorizedPrivilege, HostedDependency, and " "ConcreteDependency instances." ), ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000", "16001", "16002", "16003", "16004", "16005..31999", "32000..65535" }, Values { "Success", "Not Supported", "Unspecified Error", "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved", "Unsupported Subject", "Unsupported Privilege", "Unsupported Target", "Authorization Error", "NULL not supported", "Method Reserved", "Vendor Specific" }] uint32 AssignAccess( [Required, IN, Description ( "The Subject parameter is a reference to a " "ManagedElement instance. This parameter MUST be " "supplied." )] CIM_ManagedElement REF Subject, [IN, Description ( "MUST be NULL unless Privilege is NULL on input. " "The PrivilegeGranted flag indicates whether the " "rights defined by the parameters in this call " "should be granted or denied to the named " "Subject/Target pair." ), ModelCorrespondence { "CIM_AuthorizedPrivilege.PrivilegeGranted", "CIM_PrivilegeManagementService.AssignAccess.Privilege" }] boolean PrivilegeGranted, [IN, Description ( "MUST be NULL unless the Privilege is NULL on " "input. This parameter specifies the activities to " "be granted or denied." ), ValueMap { "1", "2", "3", "4", "5", "6", "7", "..", "16000..65535" }, Values { "Other", "Create", "Delete", "Detect", "Read", "Write", "Execute", "DMTF Reserved", "Vendor Reserved" }, ArrayType ( "Indexed" ), ModelCorrespondence { "CIM_AuthorizedPrivilege.Activities", "CIM_PrivilegeManagementService.AssignAccess.Privilege" }] uint16 Activities[], [IN, Description ( "MUST be NULL unless Privilege is NULL on input. " "This parameter defines the activity qualifiers for " "the Activities to be granted or denied." ), ArrayType ( "Indexed" ), ModelCorrespondence { "CIM_AuthorizedPrivilege.ActivityQualifers", "CIM_PrivilegeManagementService.AssignAccess.Privilege" }] string ActivityQualifiers[], [IN, Description ( "MUST be NULL unless Privilege is NULL on input. " "This parameter defines the qualifier formats for " "the corresponding ActivityQualifiers." ), ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", "10..15999", "16000..65535" }, Values { "Class Name", "Property", "Method", "Object Reference", "Namespace", "URL", "Directory/File Name", "Command Line Instruction", "DMTF Reserved", "Vendor Reserved" }, ArrayType ( "Indexed" ), ModelCorrespondence { "CIM_AuthorizedPrivilege.QualifierFormats", "CIM_PrivilegeManagementService.AssignAccess.Privilege" }] uint16 QualifierFormats[], [Required, IN, Description ( "The Target parameter is a reference to an instance " "of ManagedElement. This parameter MUST be " "supplied." )] CIM_ManagedElement REF Target, [IN, OUT, Description ( "On input, this reference MUST be either NULL or " "refer to an instance of AuthorizedPrivilege that " "is used as a template. The rights granted by " "corresponding entries in the Activities, " "ActivityQualifiers and QualifierFormats array " "properties are applied incrementally and do not " "affect unnamed rights. If the property, " "PrivilegeGranted, is false, then the named rights " "are removed. If PrivilegeGranted is True, then the " "named rights are added. (Note that the " "RemoveAccess method SHOULD be used to completely " "remove all privileges between a subject and a " "target. On output, this property references an " "AuthorizedPrivilege instance that represents the " "resulting rights between the named Subject and the " "named Target. AuthorizedPrivilege instances used " "as a templates in this property SHOULD have a " "HostedDependency association to the " "PriviligeManagementService and SHOULD NOT have any " "AuthorizedTarget or AuthorizedSubject associations " "to it." )] CIM_AuthorizedPrivilege REF Privilege); [Description ( "This method revokes a specific AuthorizedPrivilege or " "all privileges for a particular target, subject, or " "subject/target pair. If an AuthorizedPrivilege instance " "is left with no AuthorizedTarget associations, it SHOULD " "be deleted. The successful completion of the method " "SHALL remove the directly or indirectly requested " "AuthorizedSubject, AuthorizedTarget and " "AuthorizedPrivilege instances." ), ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000", "16001", "16002", "16003", "16004..32767", "32768..65535" }, Values { "Success", "Not Supported", "Unspecified Error", "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved", "Unsupported Privilege", "Unsupported Target", "Authorization Error", "Null parameter not supported", "Method Reserved", "Vendor Specific" }] uint32 RemoveAccess( [IN, Description ( "The Subject parameter is a reference to a " "ManagedElement instance (associated via " "AuthorizedSubject) for which privileges are to be " "revoked." )] CIM_ManagedElement REF Subject, [IN, Description ( "A reference to the AuthorizedPrivilege to be revoked." )] CIM_AuthorizedPrivilege REF Privilege, [IN, Description ( "The Target parameter is a reference to a " "ManagedElement (associated via AuthorizedTarget) " "which will no longer be protected via the " "AuthorizedPrivilege." )] CIM_ManagedElement REF Target); [Description ( "ShowAccess reports the Privileges (i.e., rights) granted " "to a particular Subject and/or Target pair. Either a " "Subject, a Target or both MUST be specified. In the case " "where only one is specified, the method will return all " "rights to all Targets for the specified Subject, or all " "rights for all subjects which apply to the specified " "Target. \n" "\n" "ShowAccess returns the cumulative rights granted between " "the OutSubjects and OutTargets at the same array index " "(filtered to return the information that the requestor " "is authorized to view). If a specific array entry is " "NULL, then there exist NO rights that the requestor is " "authorized to view between the Subject/Target pair. \n" "\n" "Note that the Privileges returned by this method MAY NOT " "correspond to what is actually instantiated in the " "model, and MAY be optimized for ease of reporting. " "Hence, the data is passed \'by value\', as embedded " "objects. Also, note that multiple Privileges MAY be " "defined for a given Subject/Target pair. \n" "\n" "Other mechanisms MAY also be used to retrieve this " "information. CIM Operations\' EnumerateInstances MAY be " "used to return all Privileges currently instantiated " "within a namespace. Also, if the AuthorizedPrivilege " "subclass is instantiated, the CIM Operation Associators " "MAY be used to navigate from the Privilege to " "AuthorizedSubjects and AuthorizedTargets. These CIM " "Operations will not generally provide the functionality " "or optimizations available with ShowAccess." ), ValueMap { "0", "1", "2", "3", "4", "5", "..", "16000", "16002", "16003", "16004", "16005..31999", "32000..65535" }, Values { "Success", "Not Supported", "Unknown", "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved", "Unsupported Subject", "Unsupported Target", "Authorization Error", "NULL not supported", "Method Reserved", "Vendor Specific" }] uint32 ShowAccess( [IN, Description ( "The Subject parameter references an instance of " "ManagedElement. The result of this operation is " "that the cumulative rights of the Subject to " "access or define authorization rights for the " "Target will be reported. If no Subject is " "specified, then a Target MUST be supplied and ALL " "Subjects that have rights to access or define " "authorizations for the Target will be reported. " "(It should be noted that the information reported " "MUST be filtered by the rights of the requestor to " "view that data.) If the Subject element is a " "Collection, then the operation will specifically " "report the Privileges for all elements associated " "to the Collection via MemberOfCollection. These " "elements will be reported individually in the " "returned OutSubjects array." ), ModelCorrespondence { "CIM_PrivilegeManagementService.ShowAccess.Target" }] CIM_ManagedElement REF Subject, [IN, Description ( "The Target parameter references an instance of " "ManagedElement. The result of this operation is " "that the cumulative rights of the Subject to " "access or define authorization rights for the " "Target will be reported. If no Target is " "specified, then a Subject MUST be supplied and ALL " "Targets for which that the Subject has rights to " "access or define authorization will be reported. " "(It should be noted that the information reported " "MUST be filtered by the rights of the requestor to " "view that data.) If the Target element is a " "Collection, then the operation will be applied to " "all elements associated to the Collection via " "MemberOfCollection. These elements will be " "reported individually in the returned OutTargets " "array." ), ModelCorrespondence { "CIM_PrivilegeManagementService.ShowAccess.Subject" }] CIM_ManagedElement REF Target, [IN ( false ), OUT, Description ( "The array of Subject REFs corresponding to the " "individual Privileges and OutTargets arrays. The " "resulting OutSubjects, Privileges and OutTargets " "arrays define the cumulative rights granted " "between the Subject/Target at the corresponding " "index (filtered to return the information that the " "requestor is authorized to view)." ), ArrayType ( "Indexed" ), ModelCorrespondence { "CIM_PrivilegeManagementService.ShowAccess.Subject", "CIM_PrivilegeManagementService.ShowAccess.Privileges", "CIM_PrivilegeManagementService.ShowAccess.OutTargets" }] CIM_ManagedElement REF OutSubjects[], [IN ( false ), OUT, Description ( "The array of Target REFs corresponding to the " "individual Privileges and OutSubjects arrays. The " "resulting OutSubjects, Privileges and OutTargets " "arrays define the cumulative rights granted " "between the Subject/Target at the corresponding " "index (filtered to return the information that the " "requestor is authorized to view)." ), ArrayType ( "Indexed" ), ModelCorrespondence { "CIM_PrivilegeManagementService.ShowAccess.Target", "CIM_PrivilegeManagementService.ShowAccess.Privileges", "CIM_PrivilegeManagementService.ShowAccess.OutSubjects" }] CIM_ManagedElement REF OutTargets[], [IN ( false ), OUT, Description ( "The returned Privilege objects represent the " "cumulative rights granted between the OutSubjects " "and OutTargets at the same array index (filtered " "to return the information that the requestor is " "authorized to view). If a specific array entry is " "NULL, then there exist NO rights that the " "requestor is authorized to view between the " "Subject/Target pair." ), EmbeddedObject, ArrayType ( "Indexed" ), ModelCorrespondence { "CIM_PrivilegeManagementService.ShowAccess.OutTargets", "CIM_PrivilegeManagementService.ShowAccess.OutSubjects" }] string Privileges[]); };