|
version 1.1.2.1, 2012/01/24 13:50:37
|
version 1.1.2.2, 2012/02/15 17:46:57
|
|
|
|
| |
// Copyright (c) 2008 DMTF. All rights reserved. |
| |
[Version ( "2.20.0" ), |
| |
UMLPackagePath ( "CIM::User::PrivilegeManagementService" ), |
| |
Description ( |
| |
"The PrivilegeManagementService is responsible for creating, " |
| |
"deleting, and associating AuthorizedPrivilege instances. " |
| |
"References to \'subject\' and \'target\' define the entities " |
| |
"that are associated with an AuthorizedPrivilege instance via " |
| |
"the relationships, AuthorizedSubject and AuthorizedTarget, " |
| |
"respectively. When created, an AuthorizedPrivilege instance is " |
| |
"related to this (PrivilegeManagement)Service via the " |
| |
"association, ConcreteDependency." )] |
| |
class CIM_PrivilegeManagementService : CIM_AuthorizationService { |
| |
|
| |
|
| |
[Description ( |
| |
"When this method is called, a provider updates the " |
| |
"specified Subject\'s rights to the Target according to " |
| |
"the parameters of this call. The rights are modeled via " |
| |
"an AuthorizedPrivilege instance. If an " |
| |
"AuthorizedPrivilege instance is created as a result of " |
| |
"this call, it MUST be linked to the Subject and Target " |
| |
"via the AuthorizedSubject and AuthorizedTarget " |
| |
"associations, respectively. When created, the " |
| |
"AuthorizedPrivilege instance is associated to this " |
| |
"PrivilegeManagementService via ConcreteDependency. If " |
| |
"the execution of this call results in no rights between " |
| |
"the Subject and Target, then they MUST NOT be linked to " |
| |
"a particular AuthorizedPrivilege instance via " |
| |
"AuthorizedSubject and AuthorizedTarget respectively. \n" |
| |
"\n" |
| |
"Note that regardless of whether specified via parameter, " |
| |
"or template, the Activities, ActivityQualifiers and " |
| |
"QualifierFormats, are mutually indexed. Also note that " |
| |
"Subject and Target references MUST be supplied. \n" |
| |
"\n" |
| |
"The successful completion of the method SHALL create any " |
| |
"necessary AuthorizedSubject, AuthorizedTarget, " |
| |
"AuthorizedPrivilege, HostedDependency, and " |
| |
"ConcreteDependency instances." ), |
| |
ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000", |
| |
"16001", "16002", "16003", "16004", "16005..31999", |
| |
"32000..65535" }, |
| |
Values { "Success", "Not Supported", "Unspecified Error", |
| |
"Timeout", "Failed", "Invalid Parameter", "DMTF Reserved", |
| |
"Unsupported Subject", "Unsupported Privilege", |
| |
"Unsupported Target", "Authorization Error", |
| |
"NULL not supported", "Method Reserved", "Vendor Specific" }] |
| |
uint32 AssignAccess( |
| |
[Required, IN, Description ( |
| |
"The Subject parameter is a reference to a " |
| |
"ManagedElement instance. This parameter MUST be " |
| |
"supplied." )] |
| |
CIM_ManagedElement REF Subject, |
| |
[IN, Description ( |
| |
"MUST be NULL unless Privilege is NULL on input. " |
| |
"The PrivilegeGranted flag indicates whether the " |
| |
"rights defined by the parameters in this call " |
| |
"should be granted or denied to the named " |
| |
"Subject/Target pair." ), |
| |
ModelCorrespondence { |
| |
"CIM_AuthorizedPrivilege.PrivilegeGranted", |
| |
"CIM_PrivilegeManagementService.AssignAccess.Privilege" }] |
| |
boolean PrivilegeGranted, |
| |
[IN, Description ( |
| |
"MUST be NULL unless the Privilege is NULL on " |
| |
"input. This parameter specifies the activities to " |
| |
"be granted or denied." ), |
| |
ValueMap { "1", "2", "3", "4", "5", "6", "7", "..", |
| |
"16000..65535" }, |
| |
Values { "Other", "Create", "Delete", "Detect", "Read", |
| |
"Write", "Execute", "DMTF Reserved", |
| |
"Vendor Reserved" }, |
| |
ArrayType ( "Indexed" ), |
| |
ModelCorrespondence { |
| |
"CIM_AuthorizedPrivilege.Activities", |
| |
"CIM_PrivilegeManagementService.AssignAccess.Privilege" }] |
| |
uint16 Activities[], |
| |
[IN, Description ( |
| |
"MUST be NULL unless Privilege is NULL on input. " |
| |
"This parameter defines the activity qualifiers for " |
| |
"the Activities to be granted or denied." ), |
| |
ArrayType ( "Indexed" ), |
| |
ModelCorrespondence { |
| |
"CIM_AuthorizedPrivilege.ActivityQualifers", |
| |
"CIM_PrivilegeManagementService.AssignAccess.Privilege" }] |
| |
string ActivityQualifiers[], |
| |
[IN, Description ( |
| |
"MUST be NULL unless Privilege is NULL on input. " |
| |
"This parameter defines the qualifier formats for " |
| |
"the corresponding ActivityQualifiers." ), |
| |
ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", |
| |
"10..15999", "16000..65535" }, |
| |
Values { "Class Name", "<Class.>Property", |
| |
"<Class.>Method", "Object Reference", "Namespace", |
| |
"URL", "Directory/File Name", |
| |
"Command Line Instruction", "DMTF Reserved", |
| |
"Vendor Reserved" }, |
| |
ArrayType ( "Indexed" ), |
| |
ModelCorrespondence { |
| |
"CIM_AuthorizedPrivilege.QualifierFormats", |
| |
"CIM_PrivilegeManagementService.AssignAccess.Privilege" }] |
| |
uint16 QualifierFormats[], |
| |
[Required, IN, Description ( |
| |
"The Target parameter is a reference to an instance " |
| |
"of ManagedElement. This parameter MUST be " |
| |
"supplied." )] |
| |
CIM_ManagedElement REF Target, |
| |
[IN, OUT, Description ( |
| |
"On input, this reference MUST be either NULL or " |
| |
"refer to an instance of AuthorizedPrivilege that " |
| |
"is used as a template. The rights granted by " |
| |
"corresponding entries in the Activities, " |
| |
"ActivityQualifiers and QualifierFormats array " |
| |
"properties are applied incrementally and do not " |
| |
"affect unnamed rights. If the property, " |
| |
"PrivilegeGranted, is false, then the named rights " |
| |
"are removed. If PrivilegeGranted is True, then the " |
| |
"named rights are added. (Note that the " |
| |
"RemoveAccess method SHOULD be used to completely " |
| |
"remove all privileges between a subject and a " |
| |
"target. On output, this property references an " |
| |
"AuthorizedPrivilege instance that represents the " |
| |
"resulting rights between the named Subject and the " |
| |
"named Target. AuthorizedPrivilege instances used " |
| |
"as a templates in this property SHOULD have a " |
| |
"HostedDependency association to the " |
| |
"PriviligeManagementService and SHOULD NOT have any " |
| |
"AuthorizedTarget or AuthorizedSubject associations " |
| |
"to it." )] |
| |
CIM_AuthorizedPrivilege REF Privilege); |
| |
|
| |
[Description ( |
| |
"This method revokes a specific AuthorizedPrivilege or " |
| |
"all privileges for a particular target, subject, or " |
| |
"subject/target pair. If an AuthorizedPrivilege instance " |
| |
"is left with no AuthorizedTarget associations, it SHOULD " |
| |
"be deleted. The successful completion of the method " |
| |
"SHALL remove the directly or indirectly requested " |
| |
"AuthorizedSubject, AuthorizedTarget and " |
| |
"AuthorizedPrivilege instances." ), |
| |
ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000", |
| |
"16001", "16002", "16003", "16004..32767", "32768..65535" }, |
| |
Values { "Success", "Not Supported", "Unspecified Error", |
| |
"Timeout", "Failed", "Invalid Parameter", "DMTF Reserved", |
| |
"Unsupported Privilege", "Unsupported Target", |
| |
"Authorization Error", "Null parameter not supported", |
| |
"Method Reserved", "Vendor Specific" }] |
| |
uint32 RemoveAccess( |
| |
[IN, Description ( |
| |
"The Subject parameter is a reference to a " |
| |
"ManagedElement instance (associated via " |
| |
"AuthorizedSubject) for which privileges are to be " |
| |
"revoked." )] |
| |
CIM_ManagedElement REF Subject, |
| |
[IN, Description ( |
| |
"A reference to the AuthorizedPrivilege to be revoked." |
| |
)] |
| |
CIM_AuthorizedPrivilege REF Privilege, |
| |
[IN, Description ( |
| |
"The Target parameter is a reference to a " |
| |
"ManagedElement (associated via AuthorizedTarget) " |
| |
"which will no longer be protected via the " |
| |
"AuthorizedPrivilege." )] |
| |
CIM_ManagedElement REF Target); |
| |
|
| |
[Description ( |
| |
"ShowAccess reports the Privileges (i.e., rights) granted " |
| |
"to a particular Subject and/or Target pair. Either a " |
| |
"Subject, a Target or both MUST be specified. In the case " |
| |
"where only one is specified, the method will return all " |
| |
"rights to all Targets for the specified Subject, or all " |
| |
"rights for all subjects which apply to the specified " |
| |
"Target. \n" |
| |
"\n" |
| |
"ShowAccess returns the cumulative rights granted between " |
| |
"the OutSubjects and OutTargets at the same array index " |
| |
"(filtered to return the information that the requestor " |
| |
"is authorized to view). If a specific array entry is " |
| |
"NULL, then there exist NO rights that the requestor is " |
| |
"authorized to view between the Subject/Target pair. \n" |
| |
"\n" |
| |
"Note that the Privileges returned by this method MAY NOT " |
| |
"correspond to what is actually instantiated in the " |
| |
"model, and MAY be optimized for ease of reporting. " |
| |
"Hence, the data is passed \'by value\', as embedded " |
| |
"objects. Also, note that multiple Privileges MAY be " |
| |
"defined for a given Subject/Target pair. \n" |
| |
"\n" |
| |
"Other mechanisms MAY also be used to retrieve this " |
| |
"information. CIM Operations\' EnumerateInstances MAY be " |
| |
"used to return all Privileges currently instantiated " |
| |
"within a namespace. Also, if the AuthorizedPrivilege " |
| |
"subclass is instantiated, the CIM Operation Associators " |
| |
"MAY be used to navigate from the Privilege to " |
| |
"AuthorizedSubjects and AuthorizedTargets. These CIM " |
| |
"Operations will not generally provide the functionality " |
| |
"or optimizations available with ShowAccess." ), |
| |
ValueMap { "0", "1", "2", "3", "4", "5", "..", "16000", |
| |
"16002", "16003", "16004", "16005..31999", "32000..65535" }, |
| |
Values { "Success", "Not Supported", "Unknown", "Timeout", |
| |
"Failed", "Invalid Parameter", "DMTF Reserved", |
| |
"Unsupported Subject", "Unsupported Target", |
| |
"Authorization Error", "NULL not supported", |
| |
"Method Reserved", "Vendor Specific" }] |
| |
uint32 ShowAccess( |
| |
[IN, Description ( |
| |
"The Subject parameter references an instance of " |
| |
"ManagedElement. The result of this operation is " |
| |
"that the cumulative rights of the Subject to " |
| |
"access or define authorization rights for the " |
| |
"Target will be reported. If no Subject is " |
| |
"specified, then a Target MUST be supplied and ALL " |
| |
"Subjects that have rights to access or define " |
| |
"authorizations for the Target will be reported. " |
| |
"(It should be noted that the information reported " |
| |
"MUST be filtered by the rights of the requestor to " |
| |
"view that data.) If the Subject element is a " |
| |
"Collection, then the operation will specifically " |
| |
"report the Privileges for all elements associated " |
| |
"to the Collection via MemberOfCollection. These " |
| |
"elements will be reported individually in the " |
| |
"returned OutSubjects array." ), |
| |
ModelCorrespondence { |
| |
"CIM_PrivilegeManagementService.ShowAccess.Target" }] |
| |
CIM_ManagedElement REF Subject, |
| |
[IN, Description ( |
| |
"The Target parameter references an instance of " |
| |
"ManagedElement. The result of this operation is " |
| |
"that the cumulative rights of the Subject to " |
| |
"access or define authorization rights for the " |
| |
"Target will be reported. If no Target is " |
| |
"specified, then a Subject MUST be supplied and ALL " |
| |
"Targets for which that the Subject has rights to " |
| |
"access or define authorization will be reported. " |
| |
"(It should be noted that the information reported " |
| |
"MUST be filtered by the rights of the requestor to " |
| |
"view that data.) If the Target element is a " |
| |
"Collection, then the operation will be applied to " |
| |
"all elements associated to the Collection via " |
| |
"MemberOfCollection. These elements will be " |
| |
"reported individually in the returned OutTargets " |
| |
"array." ), |
| |
ModelCorrespondence { |
| |
"CIM_PrivilegeManagementService.ShowAccess.Subject" }] |
| |
CIM_ManagedElement REF Target, |
| |
[IN ( false ), OUT, Description ( |
| |
"The array of Subject REFs corresponding to the " |
| |
"individual Privileges and OutTargets arrays. The " |
| |
"resulting OutSubjects, Privileges and OutTargets " |
| |
"arrays define the cumulative rights granted " |
| |
"between the Subject/Target at the corresponding " |
| |
"index (filtered to return the information that the " |
| |
"requestor is authorized to view)." ), |
| |
ArrayType ( "Indexed" ), |
| |
ModelCorrespondence { |
| |
"CIM_PrivilegeManagementService.ShowAccess.Subject", |
| |
"CIM_PrivilegeManagementService.ShowAccess.Privileges", |
| |
"CIM_PrivilegeManagementService.ShowAccess.OutTargets" }] |
| |
CIM_ManagedElement REF OutSubjects[], |
| |
[IN ( false ), OUT, Description ( |
| |
"The array of Target REFs corresponding to the " |
| |
"individual Privileges and OutSubjects arrays. The " |
| |
"resulting OutSubjects, Privileges and OutTargets " |
| |
"arrays define the cumulative rights granted " |
| |
"between the Subject/Target at the corresponding " |
| |
"index (filtered to return the information that the " |
| |
"requestor is authorized to view)." ), |
| |
ArrayType ( "Indexed" ), |
| |
ModelCorrespondence { |
| |
"CIM_PrivilegeManagementService.ShowAccess.Target", |
| |
"CIM_PrivilegeManagementService.ShowAccess.Privileges", |
| |
"CIM_PrivilegeManagementService.ShowAccess.OutSubjects" }] |
| |
CIM_ManagedElement REF OutTargets[], |
| |
[IN ( false ), OUT, Description ( |
| |
"The returned Privilege objects represent the " |
| |
"cumulative rights granted between the OutSubjects " |
| |
"and OutTargets at the same array index (filtered " |
| |
"to return the information that the requestor is " |
| |
"authorized to view). If a specific array entry is " |
| |
"NULL, then there exist NO rights that the " |
| |
"requestor is authorized to view between the " |
| |
"Subject/Target pair." ), |
| |
EmbeddedObject, ArrayType ( "Indexed" ), |
| |
ModelCorrespondence { |
| |
"CIM_PrivilegeManagementService.ShowAccess.OutTargets", |
| |
"CIM_PrivilegeManagementService.ShowAccess.OutSubjects" }] |
| |
string Privileges[]); |
| |
|
| |
}; |
Return to
CIM_PrivilegeManagementService.mof
CVS log
Up to [Pegasus] / pegasus / Schemas / CIM231 / DMTF / User