// ================================================================== // Title: Core Policy MOF Specification 2.5 // Filename: CIM_Policy25.MOF // Version: 2.5 // Release: 0 // Status: Final // Date: 06/12/2001 // =================================================================== // Copyright "2001" Distributed Management Task Force, Inc. (DMTF). // All rights reserved. // DMTF is a not-for-profit association of industry members dedicated // to promoting enterprise and systems management and interoperability. // DMTF specifications and documents may be reproduced for uses // consistent with this purpose by members and non-members, // provided that correct attribution is given. // As DMTF specifications may be revised from time to time, // the particular version and release cited should always be noted. // Description: These object classes define the user and security // model for CIM and includes classes needed to represent // users, groups and organizational entities as well as // security services and authentication and authorization // information. // The object classes below are listed in an order that // avoids forward references. Required objects, defined // by other working groups, are omitted. // =================================================================== // Description: The object classes below are listed in an order that // avoids forward references. Required objects, defined // by other working groups, are omitted. // Date: 06/27/2000 // CIMCR516a - Rooted the model associations under Policy // Component or PolicyInSystem. Corrected PolicyCondition/ // PolicyActionInPolicyRepository to subclass from // PolicyInSystem (similar to Groups and Roles 'InSystem') // ================================================================== // Author: DMTF SLA (Service Level Agreement) Working Group // ================================================================== // Pragmas // ================================================================== #pragma Locale ("en-US") // ================================================================== // Policy // ================================================================== [Abstract, Description ( "An abstract class describing common properties of all " "policy rule-related subclasses, such as PolicyGroup, Policy" "Rule and PolicyCondition. All instances of policy rule-" "related entities will be created from subclasses of CIM_" "Policy. The exception to this statement is PolicyRepository " "which is a type of CIM_System.") ] class CIM_Policy : CIM_ManagedElement { [Description ( "A user-friendly name of this policy-related object.") ] string CommonName; [Description ( "An array of keywords for characterizing / categorizing " "policy objects. Keywords are of one of two types: \n" " o Keywords defined in this and other MOFs, or in DMTF " " white papers. These keywords provide a vendor-" " independent, installation-independent way of " " characterizing policy objects. \n" " o Installation-dependent keywords for characterizing " " policy objects. Examples include 'Engineering', " " 'Billing', and 'Review in December 2000'. \n" "This MOF defines the following keywords: 'UNKNOWN', " "'CONFIGURATION', 'USAGE', 'SECURITY', 'SERVICE', " "'MOTIVATIONAL', 'INSTALLATION', and 'EVENT'. These " "concepts are self-explanatory and are further discussed " "in the SLA/Policy White Paper. One additional keyword " "is defined: 'POLICY'. The role of this keyword is to " "identify policy-related instances that may not be otherwise " "identifiable, in some implementations. The keyword 'POLICY' " "is NOT mutually exclusive of the other keywords " "specified above.") ] string PolicyKeywords []; }; // ================================================================== // PolicyComponent // ================================================================== [Association, Abstract, Aggregation, Description ( "CIM_PolicyComponent is a generic association used to " "establish 'part of' relationships between the subclasses of " "CIM_Policy. For example, the PolicyConditionInPolicyRule " "association defines that PolicyConditions are part of a " "PolicyRule.") ] class CIM_PolicyComponent { [Aggregate, Key, Description ( "The parent Policy in the association.") ] CIM_Policy REF GroupComponent; [Key, Description ( "The child/part Policy in the association.") ] CIM_Policy REF PartComponent; }; // ================================================================== // PolicyInSystem // ================================================================== [Association, Abstract, Description ( " CIM_PolicyInSystem is a generic association used to " "establish dependency relationships between Policies and the " "Systems that host them. These Systems may be ComputerSystems " "where Policies are 'running' or they may be Policy" "Repositories where Policies are stored. This relationship " "is similar to the concept of CIM_Services being dependent " "on CIM_Systems as defined by the HostedService " "association. \n" " Cardinality is Max(1) for the Antecedent/System " "reference since Policies can only be hosted in at most one " "System context. Some subclasses of the association will " "further refine this definition to make the Policies Weak " "to Systems. Other subclasses of PolicyInSystem will " "define an optional hosting relationship. Examples of each " "of these are the PolicyRuleInSystem and PolicyConditionIn" "PolicyRepository associations, respectively.") ] class CIM_PolicyInSystem : CIM_Dependency { [Override ("Antecedent"), Max (1), Description ( "The hosting System.") ] CIM_System REF Antecedent; [Override ("Dependent"), Description ( "The hosted Policy.") ] CIM_Policy REF Dependent; }; // ================================================================== // PolicyGroup // ================================================================== [Description ( "A container for a set of related PolicyGroups " "and/or PolicyRules. Policy" "Groups are defined and named relative to the CIM_System " "which provides their context.") ] class CIM_PolicyGroup : CIM_Policy { [Propagated("CIM_System.CreationClassName"), Key, MaxLen (256), Description ("The scoping System's CreationClassName.") ] string SystemCreationClassName; [Propagated("CIM_System.Name"), Key, MaxLen (256), Description ("The scoping System's Name.") ] string SystemName; [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (256), Description ( "A user-friendly name of this PolicyGroup.") ] string PolicyGroupName; }; // ================================================================== // PolicyGroupInPolicyGroup // ================================================================== [Association, Aggregation, Description ( "A relationship that aggregates one or more lower-level " "PolicyGroups into a higher-level Group. A Policy" "Group may aggregate PolicyRules and/or other Policy" "Groups.") ] class CIM_PolicyGroupInPolicyGroup : CIM_PolicyComponent { [Override ("GroupComponent"), Aggregate, Description ( "A PolicyGroup that aggregates other Groups.") ] CIM_PolicyGroup REF GroupComponent; [Override ("PartComponent"), Description ( "A PolicyGroup aggregated by another Group.") ] CIM_PolicyGroup REF PartComponent; }; // ================================================================== // PolicyGroupInSystem // ================================================================== [Association, Description ( "An association that links a PolicyGroup to the System " "in whose scope the Group is defined.") ] class CIM_PolicyGroupInSystem : CIM_PolicyInSystem { [Override ("Antecedent"), Min(1), Max(1), Description ( "The System in whose scope a PolicyGroup is defined.") ] CIM_System REF Antecedent; [Override ("Dependent"), Weak, Description ( "A PolicyGroup named within the scope of a System.") ] CIM_PolicyGroup REF Dependent; }; // ================================================================== // PolicyRule // ================================================================== [Description ( " The central class for representing the 'If Condition then " "Action' semantics associated with a policy rule. " "A PolicyRule condition, in the most general sense, is " "represented as either an ORed set of ANDed conditions " "(Disjunctive Normal Form, or DNF) or an ANDed set of ORed " "conditions (Conjunctive Normal Form, or CNF). Individual " "conditions may either be negated (NOT C) or unnegated (C). " "The actions specified by a PolicyRule are to be performed " "if and only if the PolicyRule condition (whether it is " "represented in DNF or CNF) evaluates to TRUE.\n\n" " " "The conditions and actions associated with a PolicyRule " "are modeled, respectively, with subclasses of Policy" "Condition and PolicyAction. These condition and action " "objects are tied to instances of PolicyRule by the Policy" "ConditionInPolicyRule and PolicyActionInPolicyRule " "aggregations.\n\n" " " "A PolicyRule may also be associated with one or more policy " "time periods, indicating the schedule according to which the " "policy rule is active and inactive. In this case it is the " "PolicyRuleValidityPeriod aggregation that provides this " "linkage.\n\n" " " "The PolicyRule class uses the property ConditionListType, to " "indicate whether the conditions for the rule are in DNF or " "CNF. The PolicyConditionInPolicyRule aggregation contains " "two additional properties to complete the representation of " "the Rule's conditional expression. The first of these " "properties is an integer to partition the referenced " "PolicyConditions into one or more groups, and the second is a " "Boolean to indicate whether a referenced Condition is " "negated. An example shows how ConditionListType and these " "two additional properties provide a unique representation " "of a set of PolicyConditions in either DNF or CNF.\n\n" " " "Suppose we have a PolicyRule that aggregates five " "PolicyConditions C1 through C5, with the following values " "in the properties of the five PolicyConditionInPolicyRule " "associations:\n" " C1: GroupNumber = 1, ConditionNegated = FALSE\n " " C2: GroupNumber = 1, ConditionNegated = TRUE\n " " C3: GroupNumber = 1, ConditionNegated = FALSE\n " " C4: GroupNumber = 2, ConditionNegated = FALSE\n " " C5: GroupNumber = 2, ConditionNegated = FALSE\n\n " " " "If ConditionListType = DNF, then the overall condition for " "the PolicyRule is:\n" " (C1 AND (NOT C2) AND C3) OR (C4 AND C5)\n\n" " " "On the other hand, if ConditionListType = CNF, then the " "overall condition for the PolicyRule is:\n" " (C1 OR (NOT C2) OR C3) AND (C4 OR C5)\n\n" " " "In both cases, there is an unambiguous specification of " "the overall condition that is tested to determine whether " "to perform the PolicyActions associated with the PolicyRule.") ] class CIM_PolicyRule : CIM_Policy { [Propagated("CIM_System.CreationClassName"), Key, MaxLen (256), Description ("The scoping System's CreationClassName.") ] string SystemCreationClassName; [Propagated("CIM_System.Name"), Key, MaxLen (256), Description ("The scoping System's Name.") ] string SystemName; [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (256), Description ( "A user-friendly name of this PolicyRule.") ] string PolicyRuleName; [Description ( "Indicates whether this PolicyRule is administratively " "enabled, administratively disabled, or enabled for " "debug. When the property has the value 3 (\"enabledFor" "Debug\"), the entity evaluating the PolicyConditions is " "instructed to evaluate the conditions for the Rule, but not " "to perform the actions if the PolicyConditions evaluate to " "TRUE. This serves as a debug vehicle when attempting to " "determine what policies would execute in a particular " "scenario, without taking any actions to change state " "during the debugging. The default value is 1 (\"enabled\")."), ValueMap { "1", "2", "3" }, Values { "enabled", "disabled", "enabledForDebug" } ] uint16 Enabled; [Description ( "Indicates whether the list of PolicyConditions " "associated with this PolicyRule is in disjunctive " "normal form (DNF) or conjunctive normal form (CNF)." "The default value is 1 (\"DNF\")."), ValueMap { "1", "2" }, Values { "DNF", "CNF" } ] uint16 ConditionListType; [Description ( "A free-form string that can be used to provide " "guidelines on how this PolicyRule should be used.") ] string RuleUsage; [Description ( "A non-negative integer for prioritizing this Policy" "Rule relative to other Rules. A larger value " "indicates a higher priority. The default value is 0.") ] uint16 Priority; [Description ( "A flag indicating that the evaluation of the Policy" "Conditions and execution of PolicyActions (if the " "Conditions evaluate to TRUE) is required. The " "evaluation of a PolicyRule MUST be attempted if the " "Mandatory property value is TRUE. If the Mandatory " "property is FALSE, then the evaluation of the Rule " "is 'best effort' and MAY be ignored.") ] boolean Mandatory; [Description ( "This property gives a policy administrator a way " "of specifying how the ordering of the PolicyActions " "associated with this PolicyRule is to be interpreted. " "Three values are supported:\n" " o mandatory(1): Do the actions in the indicated " " order, or don't do them at all.\n" " o recommended(2): Do the actions in the indicated " " order if you can, but if you can't do them in this " " order, do them in another order if you can.\n" " o dontCare(3): Do them -- I don't care about the " " order.\n" "The default value is 3 (\"dontCare\")."), ValueMap { "1", "2", "3" }, Values { "mandatory", "recommended", "dontCare" } ] uint16 SequencedActions; [Description ( "This property represents the roles and role combinations " "associated with a PolicyRule. Each value represents one " "role or role combination. Since this is a multi-valued " "property, more than one role or combination can be associated " "with a single policy rule. Each value is a string of the " "form:\n" " [&&]*\n" "where the individual role names appear in alphabetical order " "(according to the collating sequence for UCS-2).") ] string PolicyRoles []; }; // ================================================================== // PolicyRuleInPolicyGroup // ================================================================== [Association, Aggregation, Description ( "A relationship that aggregates one or more PolicyRules " "into a PolicyGroup. A PolicyGroup may aggregate " "PolicyRules and/or other PolicyGroups.") ] class CIM_PolicyRuleInPolicyGroup : CIM_PolicyComponent { [Override ("GroupComponent"), Aggregate, Description ( "A PolicyGroup that aggregates one or more PolicyRules.") ] CIM_PolicyGroup REF GroupComponent; [Override ("PartComponent"), Description ( "A PolicyRule aggregated by a PolicyGroup.") ] CIM_PolicyRule REF PartComponent; }; // ================================================================== // PolicyRuleInSystem // ================================================================== [Association, Description ( "An association that links a PolicyRule to the System " "in whose scope the Rule is defined.") ] class CIM_PolicyRuleInSystem : CIM_PolicyInSystem { [Override ("Antecedent"), Min(1), Max(1), Description ( "The System in whose scope a PolicyRule is defined.") ] CIM_System REF Antecedent; [Override ("Dependent"), Weak, Description ( "A PolicyRule named within the scope of a System.") ] CIM_PolicyRule REF Dependent; }; // ================================================================== // PolicyRepository // ================================================================== [Description ( "A class representing an administratively defined " "container for reusable policy-related information. " "This class does not introduce any additional " "properties beyond those in its superclass " "AdminDomain. It does, however, participate in a " "number of unique associations." "\n\n" "An instance of this class uses the NameFormat value" "\"PolicyRepository\", which is defined in the AdminDomain" "class.") ] class CIM_PolicyRepository : CIM_AdminDomain { }; // ================================================================== // PolicyRepositoryInPolicyRepository // ================================================================== [Association, Aggregation, Description ( "A relationship that aggregates one or more lower-level " "PolicyRepositories into a higher-level Repository.") ] class CIM_PolicyRepositoryInPolicyRepository : CIM_SystemComponent { [Override ("GroupComponent"), Aggregate, Description ( "A PolicyRepository that aggregates other Repositories.") ] CIM_PolicyRepository REF GroupComponent; [Override ("PartComponent"), Description ( "A PolicyRepository aggregated by another Repository.") ] CIM_PolicyRepository REF PartComponent; }; // ================================================================== // PolicyCondition // ================================================================== [Abstract, Description ( "A class representing a rule-specific or reusable policy " "condition to be evaluated in conjunction with a Policy" "Rule. Since all operational details of a PolicyCondition " "are provided in subclasses of this object, this class is " "abstract.") ] class CIM_PolicyCondition : CIM_Policy { [Key, MaxLen (256), Description ( " The name of the class or the subclass used in the " "creation of the System object in whose scope this " "PolicyCondition is defined.\n\n" " " "This property helps to identify the System object in " "whose scope this instance of PolicyCondition exists. " "For a rule-specific PolicyCondition, this is the System " "in whose context the PolicyRule is defined. For a " "reusable PolicyCondition, this is the instance of " "PolicyRepository (which is a subclass of System) that " "holds the Condition.\n\n" " " "Note that this property, and the analogous property " "SystemName, do not represent propagated keys from an " "instance of the class System. Instead, they are " "properties defined in the context of this class, which " "repeat the values from the instance of System to which " "this PolicyCondition is related, either directly via the " "PolicyConditionInPolicyRepository association or indirectly " "via the PolicyConditionInPolicyRule aggregation.") ] string SystemCreationClassName; [Key, MaxLen (256), Description ( " The name of the System object in whose scope this " "PolicyCondition is defined.\n\n" " " "This property completes the identification of the System " "object in whose scope this instance of PolicyCondition " "exists. For a rule-specific PolicyCondition, this is the " "System in whose context the PolicyRule is defined. For a " "reusable PolicyCondition, this is the instance of " "PolicyRepository (which is a subclass of System) that " "holds the Condition.") ] string SystemName; [Key, MaxLen (256), Description ( "For a rule-specific PolicyCondition, the " "CreationClassName of the PolicyRule object with which " "this Condition is associated. For a reusable Policy" "Condition, a special value, 'NO RULE', should be used to " "indicate that this Condition is reusable and not " "associated with a single PolicyRule.") ] string PolicyRuleCreationClassName; [Key, MaxLen (256), Description ( "For a rule-specific PolicyCondition, the name of " "the PolicyRule object with which this Condition is " "associated. For a reusable PolicyCondition, a " "special value, 'NO RULE', should be used to indicate " "that this Condition is reusable and not associated " "with a single PolicyRule.") ] string PolicyRuleName; [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (256), Description ( "A user-friendly name of this PolicyCondition.") ] string PolicyConditionName; }; // ================================================================== // PolicyConditionInPolicyRule // ================================================================== [Association, Aggregation, Description ( " A PolicyRule aggregates zero or more instances of the " "PolicyCondition class, via the PolicyConditionInPolicyRule " "association. A Rule that aggregates zero Conditions is not " "valid -- it may, however, be in the process of being entered " "into a PolicyRepository or being defined for a System. Note " "that a PolicyRule should have no effect until it is valid.\n\n" " " "The Conditions aggregated by a PolicyRule are grouped into " "two levels of lists: either an ORed set of ANDed sets of " "conditions (DNF, the default) or an ANDed set of ORed sets " "of conditions (CNF). Individual PolicyConditions in these " "lists may be negated. The property ConditionListType " "specifies which of these two grouping schemes applies to a " "particular PolicyRule.\n\n" " " "In either case, PolicyConditions are used to determine whether " "to perform the PolicyActions associated with the PolicyRule.\n\n" " " "One or more PolicyTimePeriodConditions may be among the " "conditions associated with a PolicyRule via the Policy" "ConditionInPolicyRule association. In this case, the time " "periods are simply additional Conditions to be evaluated " "along with any others that are specified for the Rule. ") ] class CIM_PolicyConditionInPolicyRule : CIM_PolicyComponent { [Override ("GroupComponent"), Aggregate, Description ( "This property represents the PolicyRule that " "contains one or more PolicyConditions.") ] CIM_PolicyRule REF GroupComponent; [Override ("PartComponent"), Description ( "This property holds the name of a PolicyCondition " "contained by one or more PolicyRules.") ] CIM_PolicyCondition REF PartComponent; [Description ( "Unsigned integer indicating the group to which the " "PolicyCondition identified by the ContainedCondition " "property belongs. This integer segments the Conditions " "into the ANDed sets (when the ConditionListType is " "\"DNF\") or similarly the ORed sets (when the Condition" "ListType is \"CNF\") that are then evaluated.") ] uint16 GroupNumber; [Description ( "Indication of whether the Condition identified by " "the ContainedCondition property is negated. TRUE " "indicates that the PolicyCondition IS negated, FALSE " "indicates that it IS NOT negated.") ] boolean ConditionNegated; }; // ================================================================== // PolicyConditionInPolicyRepository // ================================================================== [Association, Description ( " A class representing the hosting of reusable " "PolicyConditions by a PolicyRepository. A reusable Policy" "Condition is always related to a single PolicyRepository, " "via this association.\n\n" " " "Note, that an instance of PolicyCondition can be either " "reusable or rule-specific. When the Condition is rule-" "specific, it shall not be related to any " "PolicyRepository via the PolicyConditionInPolicyRepository " "association.") ] class CIM_PolicyConditionInPolicyRepository : CIM_PolicyInSystem { [Override ("Antecedent"), Max(1), Description ( "This property identifies a PolicyRepository " "hosting one or more PolicyConditions. A reusable " "PolicyCondition is always related to exactly one " "PolicyRepository via the PolicyConditionInPolicyRepository " "association. The [0..1] cardinality for this property " "covers the two types of PolicyConditions: 0 for a " "rule-specific PolicyCondition, 1 for a reusable one.") ] CIM_PolicyRepository REF Antecedent; [Override ("Dependent"), Description ( "This property holds the name of a PolicyCondition" "hosted in the PolicyRepository. ") ] CIM_PolicyCondition REF Dependent; }; // ================================================================== // PolicyTimePeriodCondition // ================================================================== [Description ( " This class provides a means of representing the time " "periods during which a PolicyRule is valid, i.e., active. " "At all times that fall outside these time periods, the " "PolicyRule has no effect. A Rule is treated as valid " "at ALL times, if it does not specify a " "PolicyTimePeriodCondition.\n\n" " " "In some cases a Policy Consumer may need to perform " "certain setup / cleanup actions when a PolicyRule becomes " "active / inactive. For example, sessions that were " "established while a Rule was active might need to " "be taken down when the Rule becomes inactive. In other " "cases, however, such sessions might be left up. In this " "case, the effect of deactivating the PolicyRule would " "just be to prevent the establishment of new sessions. \n\n" " " "Setup / cleanup behaviors on validity period " "transitions are not currently addressed by the Policy " "Model, and must be specified in 'guideline' documents or " "via subclasses of CIM_PolicyRule, CIM_PolicyTimePeriod" "Condition or other concrete subclasses of CIM_Policy. If " "such behaviors need to be under the control of the policy " "administrator, then a mechanism to allow this control " "must also be specified in the subclasses.\n\n" " " "PolicyTimePeriodCondition is defined as a subclass of " "PolicyCondition. This is to allow the inclusion of " "time-based criteria in the AND/OR condition definitions " "for a PolicyRule.\n\n" " " "Instances of this class may have up to five properties " "identifying time periods at different levels. The values " "of all the properties present in an instance are ANDed " "together to determine the validity period(s) for the " "instance. For example, an instance with an overall " "validity range of January 1, 2000 through December 31, " "2000; a month mask that selects March and April; a " "day-of-the-week mask that selects Fridays; and a time " "of day range of 0800 through 1600 would be represented " "using the following time periods:\n" " Friday, March 5, 2000, from 0800 through 1600;\n " " Friday, March 12, 2000, from 0800 through 1600;\n " " Friday, March 19, 2000, from 0800 through 1600;\n " " Friday, March 26, 2000, from 0800 through 1600;\n " " Friday, April 2, 2000, from 0800 through 1600;\n " " Friday, April 9, 2000, from 0800 through 1600;\n " " Friday, April 16, 2000, from 0800 through 1600;\n " " Friday, April 23, 2000, from 0800 through 1600;\n " " Friday, April 30, 2000, from 0800 through 1600.\n\n" " " "Properties not present in an instance of " "PolicyTimePeriodCondition are implicitly treated as having " "their value 'always enabled'. Thus, in the example above, " "the day-of-the-month mask is not present, and so the " "validity period for the instance implicitly includes a " "day-of-the-month mask that selects all days of the month. " "If this 'missing property' rule is applied to its fullest, we " "see that there is a second way to indicate that a Policy" "Rule is always enabled: associate with it an instance of " "PolicyTimePeriodCondition whose only properties with " "specific values are its key properties.") ] class CIM_PolicyTimePeriodCondition : CIM_PolicyCondition { [Description ( " This property identifies an overall range of calendar " "dates and times over which a PolicyRule is valid. It is " "formatted as a string representing a start date and time, " "in which the character 'T' indicates the beginning of the " "time portion, followed by the solidus character '/', " "followed by a similar string representing an end date and " "time. The first date indicates the beginning of the range, " "while the second date indicates the end. Thus, the second " "date and time must be later than the first. Date/times are " "expressed as substrings of the form yyyymmddThhmmss. For " "example: \n" " 20000101T080000/20000131T120000 defines \n" " January 1, 2000, 0800 through January 31, 2000, noon\n\n" " " "There are also two special cases in which one of the " "date/time strings is replaced with a special string defined " "in RFC 2445.\n " " o If the first date/time is replaced with the string " " 'THISANDPRIOR', then the property indicates that a " " PolicyRule is valid [from now] until the date/time " " that appears after the '/'.\n" " o If the second date/time is replaced with the string " " 'THISANDFUTURE', then the property indicates that a " " PolicyRule becomes valid on the date/time that " " appears before the '/', and remains valid from that " " point on. "), ModelCorrespondence { "CIM_PolicyTimePeriodCondition.MonthOfYearMask", "CIM_PolicyTimePeriodCondition.DayOfMonthMask", "CIM_PolicyTimePeriodCondition.DayOfWeekMask", "CIM_PolicyTimePeriodCondition.TimeOfDayMask", "CIM_PolicyTimePeriodCondition.LocalOrUtcTime"} ] string TimePeriod; [Octetstring, Description ( " The purpose of this property is to refine the valid time " "period that is defined by the TimePeriod property, by " "explicitly specifying in which months the PolicyRule is " "valid. These properties work together, with the " "TimePeriod used to specify the overall time period in " "which the PolicyRule is valid, and the MonthOfYearMask used " "to pick out the months during which the Rule is valid.\n\n" " " "This property is formatted as an octet string, structured " "as follows:\n" " o a 4-octet length field, indicating the length of the " " entire octet string; this field is always set to " " 0x00000006 for this property;\n" " o a 2-octet field consisting of 12 bits identifying the " " 12 months of the year, beginning with January and " " ending with December, followed by 4 bits that are " " always set to '0'. For each month, the value '1' " " indicates that the policy is valid for that month, " " and the value '0' indicates that it is not valid.\n\n" " " "The value 0x000000060830, for example, indicates that a " "PolicyRule is valid only in the months May, November, " "and December.\n\n" " " "If a value for this property is not provided, then the " "PolicyRule is treated as valid for all twelve months, and " "only restricted by its TimePeriod property value and the " "other Mask properties."), ModelCorrespondence { "CIM_PolicyTimePeriodCondition.TimePeriod", "CIM_PolicyTimePeriodCondition.LocalOrUtcTime"} ] uint8 MonthOfYearMask[]; [Octetstring, Description ( " The purpose of this property is to refine the valid time " "period that is defined by the TimePeriod property, by " "explicitly specifying in which days of the month the Policy" "Rule is valid. These properties work together, " "with the TimePeriod used to specify the overall time period " "in which the PolicyRule is valid, and the DayOfMonthMask used " "to pick out the days of the month during which the Rule " "is valid.\n\n " " " "This property is formatted as an octet string, structured " "as follows:\n" " o a 4-octet length field, indicating the length of the " " entire octet string; this field is always set to " " 0x0000000C for this property; \n" " o an 8-octet field consisting of 31 bits identifying " " the days of the month counting from the beginning, " " followed by 31 more bits identifying the days of the " " month counting from the end, followed by 2 bits that " " are always set to '0'. For each day, the value '1' " " indicates that the policy is valid for that day, and " " the value '0' indicates that it is not valid. \n\n" " " "The value 0x0000000C8000000100000000, for example, " "indicates that a PolicyRule is valid on the first and " "last days of the month.\n\n " " " "For months with fewer than 31 days, the digits corresponding " "to days that the months do not have (counting in both " "directions) are ignored.\n\n" " " "If a value for this property is not provided, then the " "PolicyRule is treated as valid for all days of the month, and " "only restricted by its TimePeriod property value and the " "other Mask properties."), ModelCorrespondence { "CIM_PolicyTimePeriodCondition.TimePeriod", "CIM_PolicyTimePeriodCondition.LocalOrUtcTime"} ] uint8 DayOfMonthMask[]; [Octetstring, Description ( " The purpose of this property is to refine the valid time " "period that is defined by the TimePeriod property, by " "explicitly specifying in which days of the month the Policy" "Rule is valid. These properties work together, " "with the TimePeriod used to specify the overall time period " "in which the PolicyRule is valid, and the DayOfWeekMask used " "to pick out the days of the week during which the Rule " "is valid.\n\n " " " "This property is formatted as an octet string, structured " "as follows:\n " " o a 4-octet length field, indicating the length of the " " entire octet string; this field is always set to " " 0x00000005 for this property;\n" " o a 1-octet field consisting of 7 bits identifying the 7 " " days of the week, beginning with Sunday and ending with " " Saturday, followed by 1 bit that is always set to '0'. " " For each day of the week, the value '1' indicates that " " the policy is valid for that day, and the value '0' " " indicates that it is not valid. \n\n" " " "The value 0x000000057C, for example, indicates that a " "PolicyRule is valid Monday through Friday.\n\n" " " "If a value for this property is not provided, then the " "PolicyRule is treated as valid for all days of the week, " "and only restricted by its TimePeriod property value and " "the other Mask properties."), ModelCorrespondence { "CIM_PolicyTimePeriodCondition.TimePeriod", "CIM_PolicyTimePeriodCondition.LocalOrUtcTime"} ] uint8 DayOfWeekMask[]; [Description ( " The purpose of this property is to refine the valid time " "period that is defined by the TimePeriod property, by " "explicitly specifying a range of times in a day during which " "the PolicyRule is valid. These properties work " "together, with the TimePeriod used to specify the overall " "time period in which the PolicyRule is valid, and the " "TimeOfDayMask used to pick out the range of time periods " "in a given day of during which the Rule is valid. \n\n" " " "This property is formatted in the style of RFC 2445: a " "time string beginning with the character 'T', followed by " "the solidus character '/', followed by a second time string. " "The first time indicates the beginning of the range, while " "the second time indicates the end. Times are expressed as " "substrings of the form 'Thhmmss'. \n\n" " " "The second substring always identifies a later time than " "the first substring. To allow for ranges that span " "midnight, however, the value of the second string may be " "smaller than the value of the first substring. Thus, " "'T080000/T210000' identifies the range from 0800 until 2100, " "while 'T210000/T080000' identifies the range from 2100 until " "0800 of the following day. \n\n" " " "When a range spans midnight, it by definition includes " "parts of two successive days. When one of these days is " "also selected by either the MonthOfYearMask, " "DayOfMonthMask, and/or DayOfWeekMask, but the other day is " "not, then the policy is active only during the portion of " "the range that falls on the selected day. For example, if " "the range extends from 2100 until 0800, and the day of " "week mask selects Monday and Tuesday, then the policy is " "active during the following three intervals:\n" " From midnight Sunday until 0800 Monday; \n" " From 2100 Monday until 0800 Tuesday; \n" " From 2100 Tuesday until 23:59:59 Tuesday. \n\n" " " "If a value for this property is not provided, then the " "PolicyRule is treated as valid for all hours of the day, " "and only restricted by its TimePeriod property value and " "the other Mask properties."), ModelCorrespondence { "CIM_PolicyTimePeriodCondition.TimePeriod", "CIM_PolicyTimePeriodCondition.LocalOrUtcTime"} ] string TimeOfDayMask; [Description ( " This property indicates whether the times represented " "in the TimePeriod property and in the various Mask " "properties represent local times or UTC times. There is " "no provision for mixing of local times and UTC times: the " "value of this property applies to all of the other " "time-related properties."), ValueMap { "1", "2" }, Values { "localTime", "utcTime" }, ModelCorrespondence { "CIM_PolicyTimePeriodCondition.TimePeriod", "CIM_PolicyTimePeriodCondition.MonthOfYearMask", "CIM_PolicyTimePeriodCondition.DayOfMonthMask", "CIM_PolicyTimePeriodCondition.DayOfWeekMask", "CIM_PolicyTimePeriodCondition.TimeOfDayMask"} ] uint16 LocalOrUtcTime; }; // ================================================================== // PolicyRuleValidityPeriod // ================================================================== [Association, Aggregation, Description ( "The PolicyRuleValidityPeriod aggregation represents " "scheduled activation and deactivation of a PolicyRule. " "If a PolicyRule is associated with multiple policy time " "periods via this association, then the Rule is active if " "at least one of the time periods indicates that it is " "active. (In other words, the PolicyTimePeriodConditions " "are ORed to determine whether the Rule is active.) A Time" "Period may be aggregated by multiple PolicyRules. A Rule " "that does not point to a PolicyTimePeriodCondition via this " "association is, from the point of view of scheduling, " "always active. It may, however, be inactive for other " "reasons. For example, the Rule's Enabled property may " "be set to \"disabled\" (value=2).") ] class CIM_PolicyRuleValidityPeriod : CIM_PolicyComponent { [Override ("GroupComponent"), Aggregate, Description ( "This property contains the name of a PolicyRule that " "contains one or more PolicyTimePeriodConditions.") ] CIM_PolicyRule REF GroupComponent; [Override ("PartComponent"), Description ( "This property contains the name of a " "PolicyTimePeriodCondition defining the valid time periods " "for one or more PolicyRules.") ] CIM_PolicyTimePeriodCondition REF PartComponent; }; // ================================================================== // VendorPolicyCondition // ================================================================== [Description ( " A class that provides a general extension mechanism for " "representing PolicyConditions that have not been modeled " "with specific properties. Instead, the two properties " "Constraint and ConstraintEncoding are used to define the " "content and format of the Condition, as explained below.\n\n" " " "As its name suggests, VendorPolicyCondition is intended for " "vendor-specific extensions to the Policy Core Information " "Model. Standardized extensions are not expected to use " "this class.") ] class CIM_VendorPolicyCondition : CIM_PolicyCondition { [Octetstring, Description ( "This property provides a general extension mechanism for " "representing PolicyConditions that have not been " "modeled with specific properties. The format of the " "octet strings in the array is left unspecified in " "this definition. It is determined by the OID value " "stored in the property ConstraintEncoding. Since " "ConstraintEncoding is single-valued, all the values of " "Constraint share the same format and semantics."), ModelCorrespondence { "CIM_VendorPolicyCondition.ConstraintEncoding"} ] string Constraint []; [Description ( "An OID encoded as a string, identifying the format " "and semantics for this instance's Constraint property."), ModelCorrespondence { "CIM_VendorPolicyCondition.Constraint"} ] string ConstraintEncoding; }; // ================================================================== // PolicyAction // ================================================================== [Abstract, Description ( "A class representing a rule-specific or reusable policy " "action to be performed if the PolicyConditions for a Policy" "Rule evaluate to TRUE. Since all operational details of a " "PolicyAction are provided in subclasses of this object, " "this class is abstract.") ] class CIM_PolicyAction : CIM_Policy { [Key, MaxLen (256), Description ( " The name of the class or the subclass used in the " "creation of the System object in whose scope this " "PolicyAction is defined. \n\n" " " "This property helps to identify the System object in " "whose scope this instance of PolicyAction exists. " "For a rule-specific PolicyAction, this is the System " "in whose context the PolicyRule is defined. For a " "reusable PolicyAction, this is the instance of " "PolicyRepository (which is a subclass of System) that " "holds the Action. \n\n" " " "Note that this property, and the analogous property " "SystemName, do not represent propagated keys from an " "instance of the class System. Instead, they are " "properties defined in the context of this class, which " "repeat the values from the instance of System to which " "this PolicyAction is related, either directly via the " "PolicyActionInPolicyRepository association or indirectly " "via the PolicyActionInPolicyRule aggregation.") ] string SystemCreationClassName; [Key, MaxLen (256), Description ( " The name of the System object in whose scope this " "PolicyAction is defined. \n\n" " " "This property completes the identification of the System " "object in whose scope this instance of PolicyAction " "exists. For a rule-specific PolicyAction, this is the " "System in whose context the PolicyRule is defined. For " "a reusable PolicyAction, this is the instance of " "PolicyRepository (which is a subclass of System) that " "holds the Action.") ] string SystemName; [Key, MaxLen (256), Description ( "For a rule-specific PolicyAction, the CreationClassName " "of the PolicyRule object with which this Action is " "associated. For a reusable PolicyAction, a " "special value, 'NO RULE', should be used to " "indicate that this Action is reusable and not " "associated with a single PolicyRule.") ] string PolicyRuleCreationClassName; [Key, MaxLen (256), Description ( "For a rule-specific PolicyAction, the name of " "the PolicyRule object with which this Action is " "associated. For a reusable PolicyAction, a " "special value, 'NO RULE', should be used to " "indicate that this Action is reusable and not " "associated with a single PolicyRule.") ] string PolicyRuleName; [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (256), Description ( "A user-friendly name of this PolicyAction.") ] string PolicyActionName; }; // ================================================================== // PolicyActionInPolicyRepository // ================================================================== [Association, Description ( " A class representing the hosting of reusable " "PolicyActions by a PolicyRepository. A reusable Policy" "Action is always related to a single PolicyRepository, " "via this association.\n\n" " " "Note, that an instance of PolicyAction can be either " "reusable or rule-specific. When the Action is rule-" "specific, it shall not be related to any " "PolicyRepository via the PolicyActionInPolicyRepository " "association.") ] class CIM_PolicyActionInPolicyRepository : CIM_PolicyInSystem { [Override ("Antecedent"), Max(1), Description ( "This property represents a PolicyRepository " "hosting one or more PolicyActions. A reusable " "PolicyAction is always related to exactly one " "PolicyRepository via the PolicyActionInPolicyRepository " "association. The [0..1] cardinality for this property " "covers the two types of PolicyActions: 0 for a " "rule-specific PolicyAction, 1 for a reusable one.") ] CIM_PolicyRepository REF Antecedent; [Override ("Dependent"), Description ( "This property holds the name of a PolicyAction" "hosted in the PolicyRepository. ") ] CIM_PolicyAction REF Dependent; }; // ================================================================== // PolicyActionInPolicyRule // ================================================================== [Association, Aggregation, Description ( " A PolicyRule aggregates zero or more instances of the " "PolicyAction class, via the PolicyActionInPolicyRule " "association. A Rule that aggregates zero Actions is not " "valid -- it may, however, be in the process of being entered " "into a PolicyRepository or being defined for a System. " "Alternately, the actions of the policy may be explicit in " "the definition of the PolicyRule. Note that a PolicyRule " "should have no effect until it is valid.\n\n" " " "The Actions associated with a PolicyRule may be given a " "required order, a recommended order, or no order at all. For " "Actions represented as separate objects, the PolicyActionIn" "PolicyRule aggregation can be used to express an order. \n\n" " " "This aggregation does not indicate whether a specified " "action order is required, recommended, or of no significance; " "the property SequencedActions in the aggregating instance of " "PolicyRule provides this indication.") ] class CIM_PolicyActionInPolicyRule : CIM_PolicyComponent { [Override ("GroupComponent"), Aggregate, Description ( "This property represents the PolicyRule that " "contains one or more PolicyActions.") ] CIM_PolicyRule REF GroupComponent; [Override ("PartComponent"), Description ( "This property holds the name of a PolicyAction " "contained by one or more PolicyRules.") ] CIM_PolicyAction REF PartComponent; [Description ( " This property provides an unsigned integer 'n' that" "indicates the relative position of a PolicyAction in the " "sequence of actions associated with a PolicyRule. " "When 'n' is a positive integer, it indicates a place " "in the sequence of actions to be performed, with " "smaller integers indicating earlier positions in the " "sequence. The special value '0' indicates 'don't care'. " "If two or more PolicyActions have the same non-zero " "sequence number, they may be performed in any order, but " "they must all be performed at the appropriate place in the " "overall action sequence. \n\n" " " "A series of examples will make ordering of PolicyActions " "clearer: \n" " o If all actions have the same sequence number, " " regardless of whether it is '0' or non-zero, any " " order is acceptable.\n " " o The values: \n" " 1:ACTION A \n" " 2:ACTION B \n" " 1:ACTION C \n" " 3:ACTION D \n" " indicate two acceptable orders: A,C,B,D or C,A,B,D, " " since A and C can be performed in either order, but " " only at the '1' position. \n" " o The values: \n" " 0:ACTION A \n" " 2:ACTION B \n" " 3:ACTION C \n" " 3:ACTION D \n" " require that B,C, and D occur either as B,C,D or as " " B,D,C. Action A may appear at any point relative to " " B, C, and D. Thus the complete set of acceptable " " orders is: A,B,C,D; B,A,C,D; B,C,A,D; B,C,D,A; " " A,B,D,C; B,A,D,C; B,D,A,C; B,D,C,A. \n\n" " " "Note that the non-zero sequence numbers need not start " "with '1', and they need not be consecutive. All that " "matters is their relative magnitude.") ] uint16 ActionOrder; }; // ================================================================== // VendorPolicyAction // ================================================================== [Description ( " A class that provides a general extension mechanism for " "representing PolicyActions that have not been modeled " "with specific properties. Instead, the two properties " "ActionData and ActionEncoding are used to define the " "content and format of the Action, as explained below.\n\n" " " "As its name suggests, VendorPolicyAction is intended for " "vendor-specific extensions to the Policy Core Information " "Model. Standardized extensions are not expected to use " "this class.") ] class CIM_VendorPolicyAction : CIM_PolicyAction { [Octetstring, Description ( "This property provides a general extension mechanism for " "representing PolicyActions that have not been " "modeled with specific properties. The format of the " "octet strings in the array is left unspecified in " "this definition. It is determined by the OID value " "stored in the property ActionEncoding. Since " "ActionEncoding is single-valued, all the values of " "ActionData share the same format and semantics."), ModelCorrespondence { "CIM_VendorPolicyAction.ActionEncoding"} ] string ActionData []; [Description ( "An OID encoded as a string, identifying the format " "and semantics for this instance's ActionData property."), ModelCorrespondence { "CIM_VendorPolicyAction.ActionData"} ] string ActionEncoding; }; // =================================================================== // end of file // ===================================================================