version 1.1.2.1, 2012/01/24 13:50:37
|
version 1.1.2.2, 2012/02/15 17:46:57
|
|
|
|
// Copyright (c) 2008 DMTF. All rights reserved. |
|
[Version ( "2.20.0" ), |
|
UMLPackagePath ( "CIM::User::PrivilegeManagementService" ), |
|
Description ( |
|
"The PrivilegeManagementService is responsible for creating, " |
|
"deleting, and associating AuthorizedPrivilege instances. " |
|
"References to \'subject\' and \'target\' define the entities " |
|
"that are associated with an AuthorizedPrivilege instance via " |
|
"the relationships, AuthorizedSubject and AuthorizedTarget, " |
|
"respectively. When created, an AuthorizedPrivilege instance is " |
|
"related to this (PrivilegeManagement)Service via the " |
|
"association, ConcreteDependency." )] |
|
class CIM_PrivilegeManagementService : CIM_AuthorizationService { |
|
|
|
|
|
[Description ( |
|
"When this method is called, a provider updates the " |
|
"specified Subject\'s rights to the Target according to " |
|
"the parameters of this call. The rights are modeled via " |
|
"an AuthorizedPrivilege instance. If an " |
|
"AuthorizedPrivilege instance is created as a result of " |
|
"this call, it MUST be linked to the Subject and Target " |
|
"via the AuthorizedSubject and AuthorizedTarget " |
|
"associations, respectively. When created, the " |
|
"AuthorizedPrivilege instance is associated to this " |
|
"PrivilegeManagementService via ConcreteDependency. If " |
|
"the execution of this call results in no rights between " |
|
"the Subject and Target, then they MUST NOT be linked to " |
|
"a particular AuthorizedPrivilege instance via " |
|
"AuthorizedSubject and AuthorizedTarget respectively. \n" |
|
"\n" |
|
"Note that regardless of whether specified via parameter, " |
|
"or template, the Activities, ActivityQualifiers and " |
|
"QualifierFormats, are mutually indexed. Also note that " |
|
"Subject and Target references MUST be supplied. \n" |
|
"\n" |
|
"The successful completion of the method SHALL create any " |
|
"necessary AuthorizedSubject, AuthorizedTarget, " |
|
"AuthorizedPrivilege, HostedDependency, and " |
|
"ConcreteDependency instances." ), |
|
ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000", |
|
"16001", "16002", "16003", "16004", "16005..31999", |
|
"32000..65535" }, |
|
Values { "Success", "Not Supported", "Unspecified Error", |
|
"Timeout", "Failed", "Invalid Parameter", "DMTF Reserved", |
|
"Unsupported Subject", "Unsupported Privilege", |
|
"Unsupported Target", "Authorization Error", |
|
"NULL not supported", "Method Reserved", "Vendor Specific" }] |
|
uint32 AssignAccess( |
|
[Required, IN, Description ( |
|
"The Subject parameter is a reference to a " |
|
"ManagedElement instance. This parameter MUST be " |
|
"supplied." )] |
|
CIM_ManagedElement REF Subject, |
|
[IN, Description ( |
|
"MUST be NULL unless Privilege is NULL on input. " |
|
"The PrivilegeGranted flag indicates whether the " |
|
"rights defined by the parameters in this call " |
|
"should be granted or denied to the named " |
|
"Subject/Target pair." ), |
|
ModelCorrespondence { |
|
"CIM_AuthorizedPrivilege.PrivilegeGranted", |
|
"CIM_PrivilegeManagementService.AssignAccess.Privilege" }] |
|
boolean PrivilegeGranted, |
|
[IN, Description ( |
|
"MUST be NULL unless the Privilege is NULL on " |
|
"input. This parameter specifies the activities to " |
|
"be granted or denied." ), |
|
ValueMap { "1", "2", "3", "4", "5", "6", "7", "..", |
|
"16000..65535" }, |
|
Values { "Other", "Create", "Delete", "Detect", "Read", |
|
"Write", "Execute", "DMTF Reserved", |
|
"Vendor Reserved" }, |
|
ArrayType ( "Indexed" ), |
|
ModelCorrespondence { |
|
"CIM_AuthorizedPrivilege.Activities", |
|
"CIM_PrivilegeManagementService.AssignAccess.Privilege" }] |
|
uint16 Activities[], |
|
[IN, Description ( |
|
"MUST be NULL unless Privilege is NULL on input. " |
|
"This parameter defines the activity qualifiers for " |
|
"the Activities to be granted or denied." ), |
|
ArrayType ( "Indexed" ), |
|
ModelCorrespondence { |
|
"CIM_AuthorizedPrivilege.ActivityQualifers", |
|
"CIM_PrivilegeManagementService.AssignAccess.Privilege" }] |
|
string ActivityQualifiers[], |
|
[IN, Description ( |
|
"MUST be NULL unless Privilege is NULL on input. " |
|
"This parameter defines the qualifier formats for " |
|
"the corresponding ActivityQualifiers." ), |
|
ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", |
|
"10..15999", "16000..65535" }, |
|
Values { "Class Name", "<Class.>Property", |
|
"<Class.>Method", "Object Reference", "Namespace", |
|
"URL", "Directory/File Name", |
|
"Command Line Instruction", "DMTF Reserved", |
|
"Vendor Reserved" }, |
|
ArrayType ( "Indexed" ), |
|
ModelCorrespondence { |
|
"CIM_AuthorizedPrivilege.QualifierFormats", |
|
"CIM_PrivilegeManagementService.AssignAccess.Privilege" }] |
|
uint16 QualifierFormats[], |
|
[Required, IN, Description ( |
|
"The Target parameter is a reference to an instance " |
|
"of ManagedElement. This parameter MUST be " |
|
"supplied." )] |
|
CIM_ManagedElement REF Target, |
|
[IN, OUT, Description ( |
|
"On input, this reference MUST be either NULL or " |
|
"refer to an instance of AuthorizedPrivilege that " |
|
"is used as a template. The rights granted by " |
|
"corresponding entries in the Activities, " |
|
"ActivityQualifiers and QualifierFormats array " |
|
"properties are applied incrementally and do not " |
|
"affect unnamed rights. If the property, " |
|
"PrivilegeGranted, is false, then the named rights " |
|
"are removed. If PrivilegeGranted is True, then the " |
|
"named rights are added. (Note that the " |
|
"RemoveAccess method SHOULD be used to completely " |
|
"remove all privileges between a subject and a " |
|
"target. On output, this property references an " |
|
"AuthorizedPrivilege instance that represents the " |
|
"resulting rights between the named Subject and the " |
|
"named Target. AuthorizedPrivilege instances used " |
|
"as a templates in this property SHOULD have a " |
|
"HostedDependency association to the " |
|
"PriviligeManagementService and SHOULD NOT have any " |
|
"AuthorizedTarget or AuthorizedSubject associations " |
|
"to it." )] |
|
CIM_AuthorizedPrivilege REF Privilege); |
|
|
|
[Description ( |
|
"This method revokes a specific AuthorizedPrivilege or " |
|
"all privileges for a particular target, subject, or " |
|
"subject/target pair. If an AuthorizedPrivilege instance " |
|
"is left with no AuthorizedTarget associations, it SHOULD " |
|
"be deleted. The successful completion of the method " |
|
"SHALL remove the directly or indirectly requested " |
|
"AuthorizedSubject, AuthorizedTarget and " |
|
"AuthorizedPrivilege instances." ), |
|
ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000", |
|
"16001", "16002", "16003", "16004..32767", "32768..65535" }, |
|
Values { "Success", "Not Supported", "Unspecified Error", |
|
"Timeout", "Failed", "Invalid Parameter", "DMTF Reserved", |
|
"Unsupported Privilege", "Unsupported Target", |
|
"Authorization Error", "Null parameter not supported", |
|
"Method Reserved", "Vendor Specific" }] |
|
uint32 RemoveAccess( |
|
[IN, Description ( |
|
"The Subject parameter is a reference to a " |
|
"ManagedElement instance (associated via " |
|
"AuthorizedSubject) for which privileges are to be " |
|
"revoked." )] |
|
CIM_ManagedElement REF Subject, |
|
[IN, Description ( |
|
"A reference to the AuthorizedPrivilege to be revoked." |
|
)] |
|
CIM_AuthorizedPrivilege REF Privilege, |
|
[IN, Description ( |
|
"The Target parameter is a reference to a " |
|
"ManagedElement (associated via AuthorizedTarget) " |
|
"which will no longer be protected via the " |
|
"AuthorizedPrivilege." )] |
|
CIM_ManagedElement REF Target); |
|
|
|
[Description ( |
|
"ShowAccess reports the Privileges (i.e., rights) granted " |
|
"to a particular Subject and/or Target pair. Either a " |
|
"Subject, a Target or both MUST be specified. In the case " |
|
"where only one is specified, the method will return all " |
|
"rights to all Targets for the specified Subject, or all " |
|
"rights for all subjects which apply to the specified " |
|
"Target. \n" |
|
"\n" |
|
"ShowAccess returns the cumulative rights granted between " |
|
"the OutSubjects and OutTargets at the same array index " |
|
"(filtered to return the information that the requestor " |
|
"is authorized to view). If a specific array entry is " |
|
"NULL, then there exist NO rights that the requestor is " |
|
"authorized to view between the Subject/Target pair. \n" |
|
"\n" |
|
"Note that the Privileges returned by this method MAY NOT " |
|
"correspond to what is actually instantiated in the " |
|
"model, and MAY be optimized for ease of reporting. " |
|
"Hence, the data is passed \'by value\', as embedded " |
|
"objects. Also, note that multiple Privileges MAY be " |
|
"defined for a given Subject/Target pair. \n" |
|
"\n" |
|
"Other mechanisms MAY also be used to retrieve this " |
|
"information. CIM Operations\' EnumerateInstances MAY be " |
|
"used to return all Privileges currently instantiated " |
|
"within a namespace. Also, if the AuthorizedPrivilege " |
|
"subclass is instantiated, the CIM Operation Associators " |
|
"MAY be used to navigate from the Privilege to " |
|
"AuthorizedSubjects and AuthorizedTargets. These CIM " |
|
"Operations will not generally provide the functionality " |
|
"or optimizations available with ShowAccess." ), |
|
ValueMap { "0", "1", "2", "3", "4", "5", "..", "16000", |
|
"16002", "16003", "16004", "16005..31999", "32000..65535" }, |
|
Values { "Success", "Not Supported", "Unknown", "Timeout", |
|
"Failed", "Invalid Parameter", "DMTF Reserved", |
|
"Unsupported Subject", "Unsupported Target", |
|
"Authorization Error", "NULL not supported", |
|
"Method Reserved", "Vendor Specific" }] |
|
uint32 ShowAccess( |
|
[IN, Description ( |
|
"The Subject parameter references an instance of " |
|
"ManagedElement. The result of this operation is " |
|
"that the cumulative rights of the Subject to " |
|
"access or define authorization rights for the " |
|
"Target will be reported. If no Subject is " |
|
"specified, then a Target MUST be supplied and ALL " |
|
"Subjects that have rights to access or define " |
|
"authorizations for the Target will be reported. " |
|
"(It should be noted that the information reported " |
|
"MUST be filtered by the rights of the requestor to " |
|
"view that data.) If the Subject element is a " |
|
"Collection, then the operation will specifically " |
|
"report the Privileges for all elements associated " |
|
"to the Collection via MemberOfCollection. These " |
|
"elements will be reported individually in the " |
|
"returned OutSubjects array." ), |
|
ModelCorrespondence { |
|
"CIM_PrivilegeManagementService.ShowAccess.Target" }] |
|
CIM_ManagedElement REF Subject, |
|
[IN, Description ( |
|
"The Target parameter references an instance of " |
|
"ManagedElement. The result of this operation is " |
|
"that the cumulative rights of the Subject to " |
|
"access or define authorization rights for the " |
|
"Target will be reported. If no Target is " |
|
"specified, then a Subject MUST be supplied and ALL " |
|
"Targets for which that the Subject has rights to " |
|
"access or define authorization will be reported. " |
|
"(It should be noted that the information reported " |
|
"MUST be filtered by the rights of the requestor to " |
|
"view that data.) If the Target element is a " |
|
"Collection, then the operation will be applied to " |
|
"all elements associated to the Collection via " |
|
"MemberOfCollection. These elements will be " |
|
"reported individually in the returned OutTargets " |
|
"array." ), |
|
ModelCorrespondence { |
|
"CIM_PrivilegeManagementService.ShowAccess.Subject" }] |
|
CIM_ManagedElement REF Target, |
|
[IN ( false ), OUT, Description ( |
|
"The array of Subject REFs corresponding to the " |
|
"individual Privileges and OutTargets arrays. The " |
|
"resulting OutSubjects, Privileges and OutTargets " |
|
"arrays define the cumulative rights granted " |
|
"between the Subject/Target at the corresponding " |
|
"index (filtered to return the information that the " |
|
"requestor is authorized to view)." ), |
|
ArrayType ( "Indexed" ), |
|
ModelCorrespondence { |
|
"CIM_PrivilegeManagementService.ShowAccess.Subject", |
|
"CIM_PrivilegeManagementService.ShowAccess.Privileges", |
|
"CIM_PrivilegeManagementService.ShowAccess.OutTargets" }] |
|
CIM_ManagedElement REF OutSubjects[], |
|
[IN ( false ), OUT, Description ( |
|
"The array of Target REFs corresponding to the " |
|
"individual Privileges and OutSubjects arrays. The " |
|
"resulting OutSubjects, Privileges and OutTargets " |
|
"arrays define the cumulative rights granted " |
|
"between the Subject/Target at the corresponding " |
|
"index (filtered to return the information that the " |
|
"requestor is authorized to view)." ), |
|
ArrayType ( "Indexed" ), |
|
ModelCorrespondence { |
|
"CIM_PrivilegeManagementService.ShowAccess.Target", |
|
"CIM_PrivilegeManagementService.ShowAccess.Privileges", |
|
"CIM_PrivilegeManagementService.ShowAccess.OutSubjects" }] |
|
CIM_ManagedElement REF OutTargets[], |
|
[IN ( false ), OUT, Description ( |
|
"The returned Privilege objects represent the " |
|
"cumulative rights granted between the OutSubjects " |
|
"and OutTargets at the same array index (filtered " |
|
"to return the information that the requestor is " |
|
"authorized to view). If a specific array entry is " |
|
"NULL, then there exist NO rights that the " |
|
"requestor is authorized to view between the " |
|
"Subject/Target pair." ), |
|
EmbeddedObject, ArrayType ( "Indexed" ), |
|
ModelCorrespondence { |
|
"CIM_PrivilegeManagementService.ShowAccess.OutTargets", |
|
"CIM_PrivilegeManagementService.ShowAccess.OutSubjects" }] |
|
string Privileges[]); |
|
|
|
}; |