// =================================================================== // Title: User_PrivilegeManagementService // $State: Exp $ // $Date: 2005/02/17 00:09:56 $ // $RCSfile: User_PrivilegeManagementService.mof,v $ // $Revision: 1.1 $ // =================================================================== //#pragma inLine ("Includes/copyright.inc") // Copyright 1998-2005 Distributed Management Task Force, Inc. (DMTF). // All rights reserved. // DMTF is a not-for-profit association of industry members dedicated // to promoting enterprise and systems management and interoperability. // DMTF specifications and documents may be reproduced for uses // consistent with this purpose by members and non-members, // provided that correct attribution is given. // As DMTF specifications may be revised from time to time, // the particular version and release date should always be noted. // // Implementation of certain elements of this standard or proposed // standard may be subject to third party patent rights, including // provisional patent rights (herein "patent rights"). DMTF makes // no representations to users of the standard as to the existence // of such rights, and is not responsible to recognize, disclose, or // identify any or all such third party patent right, owners or // claimants, nor for any incomplete or inaccurate identification or // disclosure of such rights, owners or claimants. DMTF shall have no // liability to any party, in any manner or circumstance, under any // legal theory whatsoever, for failure to recognize, disclose, or // identify any such third party patent rights, or for such party's // reliance on the standard or incorporation thereof in its product, // protocols or testing procedures. DMTF shall have no liability to // any party implementing such standard, whether such implementation // is foreseeable or not, nor to any patent owner or claimant, and shall // have no liability or responsibility for costs or losses incurred if // a standard is withdrawn or modified after publication, and shall be // indemnified and held harmless by any party implementing the // standard from any and all claims of infringement by a patent owner // for such implementations. // // For information about patents held by third-parties which have // notified the DMTF that, in their opinion, such patent may relate to // or impact implementations of DMTF standards, visit // http://www.dmtf.org/about/policies/disclosures.php. //#pragma inLine // =================================================================== // Description: The User Model extends the management concepts that // are related to users and security. // This file defines the concepts and classes related to // hardware World Wide Names used as credentials // for accessing Storage services and credentials. // // The object classes below are listed in an order that // avoids forward references. Required objects, defined // by other working groups, are omitted. // =================================================================== // Change Log for v2.8 Final // CR1186 - Modified AssignAccess to be atomic, clarified Description, // and used AuthorizedPrivilege as an input template // CR1221 - Promoted PrivilegeManagementService to Final // CR1229 - Removed ArrayType from properties that are not arrays // CR1235 - Corrected copyright, changed RemoveAccess's return value // from "Unknown" to "Unspecified Error", and corrected // ValueMap/Values entries for the enumerated parameters of // AssignAccess / Clarified that methods apply to Authorized // Privilege and not the Privilege superclass // // Change Log for v2.8 Preliminary (Company Review) // CR1102 - Fixed PrivilegeManagementService for application to // Storage LUN Masking. // // Change Log for v2.8 Preliminary - // CR1017 - Created this file // =================================================================== #pragma Locale ("en_US") // ================================================================== // PrivilegeManagementService // ================================================================== [Version ( "2.8.0" ), Description ( "The PrivilegeManagementService is responsible for creating, " "deleting, and associating AuthorizedPrivilege instances. " "References to 'subject' and 'target' define the entities that " "are associated with an AuthorizedPrivilege instance via the " "relationships, AuthorizedSubject and AuthorizedTarget, " "respectively. When created, an AuthorizedPrivilege instance is " "related to this (PrivilegeManagement)Service via the " "association, ConcreteDependency.")] class CIM_PrivilegeManagementService : CIM_AuthorizationService { [Description ( "When this method is called, a provider updates the " "specified Subject's rights to the Target according to the " "parameters of this call. The rights are modeled via an " "AuthorizedPrivilege instance. If an AuthorizedPrivilege " "instance is created as a result of this call, it MUST be " "linked to the Subject and Target via the AuthorizedSubject " "and AuthorizedTarget associations, respectively. When " "created, the AuthorizedPrivilege instance is associated to " "this PrivilegeManagementService via ConcreteDependency. If " "the execution of this call results in no rights between the " "Subject and Target, then they MUST NOT be linked to a " "particular AuthorizedPrivilege instance via " "AuthorizedSubject and AuthorizedTarget respectively. \n" "\n" "Note that regardless of whether specified via parameter, or " "template, the Activities, ActivityQualifiers and " "QualifierFormats, are mutually indexed. Also note that " "Subject and Target references MUST be supplied. \n" "\n" "The successful completion of the method SHALL create any " "necessary AuthorizedSubject, AuthorizedTarget, " "AuthorizedPrivilege, HostedDependency, and " "ConcreteDependency instances."), ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000", "16001", "16002", "16003", "16004", "16005..31999", "32000..65535" }, Values { "Success", "Not Supported", "Unspecified Error", "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved", "Unsupported Subject", "Unsupported Privilege", "Unsupported Target", "Authorization Error", "NULL not supported", "Method Reserved", "Vendor Specific" }] uint32 AssignAccess ( [Required, IN, Description ( "The Subject parameter is a reference to a ManagedElement " "instance. This parameter MUST be supplied.")] CIM_ManagedElement REF Subject, [IN, Description ( "MUST be NULL unless Privilege is NULL on input. The " "PrivilegeGranted flag indicates whether the rights " "defined by the parameters in this call should be granted " "or denied to the named Subject/Target pair."), ModelCorrespondence { "CIM_AuthorizedPrivilege.PrivilegeGranted", "CIM_PrivilegeManagementService.AssignAccess.Privilege" }] boolean PrivilegeGranted, [IN, Description ( "MUST be NULL unless the Privilege is NULL on input. This " "parameter specifies the activities to be granted or " "denied."), ValueMap { "1", "2", "3", "4", "5", "6", "7", "..", "16000..65535" }, Values { "Other", "Create", "Delete", "Detect", "Read", "Write", "Execute", "DMTF Reserved", "Vendor Reserved" }, ArrayType ( "Indexed" ), ModelCorrespondence { "CIM_AuthorizedPrivilege.Activities", "CIM_PrivilegeManagementService.AssignAccess.Privilege" }] uint16 Activities[], [IN, Description ( "MUST be NULL unless Privilege is NULL on input. This " "parameter defines the activity qualifiers for the " "Activities to be granted or denied."), ArrayType ( "Indexed" ), ModelCorrespondence { "CIM_AuthorizedPrivilege.ActivityQualifers", "CIM_PrivilegeManagementService.AssignAccess.Privilege" }] string ActivityQualifiers[], [IN, Description ( "MUST be NULL unless Privilege is NULL on input. This " "parameter defines the qualifier formats for the " "corresponding ActivityQualifiers."), ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", "10..15999", "16000..65535" }, Values { "Class Name", "Property", "Method", "Object Reference", "Namespace", "URL", "Directory/File Name", "Command Line Instruction", "DMTF Reserved", "Vendor Reserved" }, ArrayType ( "Indexed" ), ModelCorrespondence { "CIM_AuthorizedPrivilege.QualifierFormats", "CIM_PrivilegeManagementService.AssignAccess.Privilege" }] uint16 QualifierFormats[], [Required, IN, Description ( "The Target parameter is a reference to an instance of " "ManagedElement. This parameter MUST be supplied.")] CIM_ManagedElement REF Target, [IN, OUT, Description ( "On input, this reference MUST be either NULL or refer to " "an instance of AuthorizedPrivilege that is used as a " "template. The rights granted by corresponding entries in " "the Activities, ActivityQualifiers and QualifierFormats " "array properties are applied incrementally and do not " "affect unnamed rights. If the property, " "PrivilegeGranted, is false, then the named rights are " "removed. If PrivilegeGranted is True, then the named " "rights are added. (Note that the RemoveAccess method " "SHOULD be used to completely remove all privileges " "between a subject and a target. On output, this property " "references an AuthorizedPrivilege instance that " "represents the resulting rights between the named " "Subject and the named Target. AuthorizedPrivilege " "instances used as a templates in this property SHOULD " "have a HostedDependency association to the " "PriviligeManagementService and SHOULD NOT have any " "AuthorizedTarget or AuthorizedSubject associations to " "it.")] CIM_AuthorizedPrivilege REF Privilege ); [Description ( "This method revokes a specific AuthorizedPrivilege or all " "privileges for a particular target, subject, or " "subject/target pair. If an AuthorizedPrivilege instance is " "left with no AuthorizedTarget associations, it SHOULD be " "deleted. The successful completion of the method SHALL " "remove the directly or indirectly requested " "AuthorizedSubject, AuthorizedTarget and AuthorizedPrivilege " "instances."), ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000", "16001", "16002", "16003", "16004..32767", "32768..65535" }, Values { "Success", "Not Supported", "Unspecified Error", "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved", "Unsupported Privilege", "Unsupported Target", "Authorization Error", "Null parameter not supported", "Method Reserved", "Vendor Specific" }] uint32 RemoveAccess ( [IN, Description ( "The Subject parameter is a reference to a ManagedElement " "instance (associated via AuthorizedSubject) for which " "privileges are to be revoked.")] CIM_ManagedElement REF Subject, [IN, Description ( "A reference to the AuthorizedPrivilege to be revoked.")] CIM_AuthorizedPrivilege REF Privilege, [IN, Description ( "The Target parameter is a reference to a ManagedElement " "(associated via AuthorizedTarget) which will no longer " "be protected via the AuthorizedPrivilege.")] CIM_ManagedElement REF Target ); }; // =================================================================== // end of file // ===================================================================