1 marek 1.1 // Copyright (c) 2008 DMTF. All rights reserved.
2 [Version ( "2.20.0" ),
3 UMLPackagePath ( "CIM::User::PrivilegeManagementService" ),
4 Description (
5 "The PrivilegeManagementService is responsible for creating, "
6 "deleting, and associating AuthorizedPrivilege instances. "
7 "References to \'subject\' and \'target\' define the entities "
8 "that are associated with an AuthorizedPrivilege instance via "
9 "the relationships, AuthorizedSubject and AuthorizedTarget, "
10 "respectively. When created, an AuthorizedPrivilege instance is "
11 "related to this (PrivilegeManagement)Service via the "
12 "association, ConcreteDependency." )]
13 class CIM_PrivilegeManagementService : CIM_AuthorizationService {
14
15
16 [Description (
17 "When this method is called, a provider updates the "
18 "specified Subject\'s rights to the Target according to "
19 "the parameters of this call. The rights are modeled via "
20 "an AuthorizedPrivilege instance. If an "
21 "AuthorizedPrivilege instance is created as a result of "
22 marek 1.1 "this call, it MUST be linked to the Subject and Target "
23 "via the AuthorizedSubject and AuthorizedTarget "
24 "associations, respectively. When created, the "
25 "AuthorizedPrivilege instance is associated to this "
26 "PrivilegeManagementService via ConcreteDependency. If "
27 "the execution of this call results in no rights between "
28 "the Subject and Target, then they MUST NOT be linked to "
29 "a particular AuthorizedPrivilege instance via "
30 "AuthorizedSubject and AuthorizedTarget respectively. \n"
31 "\n"
32 "Note that regardless of whether specified via parameter, "
33 "or template, the Activities, ActivityQualifiers and "
34 "QualifierFormats, are mutually indexed. Also note that "
35 "Subject and Target references MUST be supplied. \n"
36 "\n"
37 "The successful completion of the method SHALL create any "
38 "necessary AuthorizedSubject, AuthorizedTarget, "
39 "AuthorizedPrivilege, HostedDependency, and "
40 "ConcreteDependency instances." ),
41 ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000",
42 "16001", "16002", "16003", "16004", "16005..31999",
43 marek 1.1 "32000..65535" },
44 Values { "Success", "Not Supported", "Unspecified Error",
45 "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
46 "Unsupported Subject", "Unsupported Privilege",
47 "Unsupported Target", "Authorization Error",
48 "NULL not supported", "Method Reserved", "Vendor Specific" }]
49 uint32 AssignAccess(
50 [Required, IN, Description (
51 "The Subject parameter is a reference to a "
52 "ManagedElement instance. This parameter MUST be "
53 "supplied." )]
54 CIM_ManagedElement REF Subject,
55 [IN, Description (
56 "MUST be NULL unless Privilege is NULL on input. "
57 "The PrivilegeGranted flag indicates whether the "
58 "rights defined by the parameters in this call "
59 "should be granted or denied to the named "
60 "Subject/Target pair." ),
61 ModelCorrespondence {
62 "CIM_AuthorizedPrivilege.PrivilegeGranted",
63 "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
64 marek 1.1 boolean PrivilegeGranted,
65 [IN, Description (
66 "MUST be NULL unless the Privilege is NULL on "
67 "input. This parameter specifies the activities to "
68 "be granted or denied." ),
69 ValueMap { "1", "2", "3", "4", "5", "6", "7", "..",
70 "16000..65535" },
71 Values { "Other", "Create", "Delete", "Detect", "Read",
72 "Write", "Execute", "DMTF Reserved",
73 "Vendor Reserved" },
74 ArrayType ( "Indexed" ),
75 ModelCorrespondence {
76 "CIM_AuthorizedPrivilege.Activities",
77 "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
78 uint16 Activities[],
79 [IN, Description (
80 "MUST be NULL unless Privilege is NULL on input. "
81 "This parameter defines the activity qualifiers for "
82 "the Activities to be granted or denied." ),
83 ArrayType ( "Indexed" ),
84 ModelCorrespondence {
85 marek 1.1 "CIM_AuthorizedPrivilege.ActivityQualifers",
86 "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
87 string ActivityQualifiers[],
88 [IN, Description (
89 "MUST be NULL unless Privilege is NULL on input. "
90 "This parameter defines the qualifier formats for "
91 "the corresponding ActivityQualifiers." ),
92 ValueMap { "2", "3", "4", "5", "6", "7", "8", "9",
93 "10..15999", "16000..65535" },
94 Values { "Class Name", "<Class.>Property",
95 "<Class.>Method", "Object Reference", "Namespace",
96 "URL", "Directory/File Name",
97 "Command Line Instruction", "DMTF Reserved",
98 "Vendor Reserved" },
99 ArrayType ( "Indexed" ),
100 ModelCorrespondence {
101 "CIM_AuthorizedPrivilege.QualifierFormats",
102 "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
103 uint16 QualifierFormats[],
104 [Required, IN, Description (
105 "The Target parameter is a reference to an instance "
106 marek 1.1 "of ManagedElement. This parameter MUST be "
107 "supplied." )]
108 CIM_ManagedElement REF Target,
109 [IN, OUT, Description (
110 "On input, this reference MUST be either NULL or "
111 "refer to an instance of AuthorizedPrivilege that "
112 "is used as a template. The rights granted by "
113 "corresponding entries in the Activities, "
114 "ActivityQualifiers and QualifierFormats array "
115 "properties are applied incrementally and do not "
116 "affect unnamed rights. If the property, "
117 "PrivilegeGranted, is false, then the named rights "
118 "are removed. If PrivilegeGranted is True, then the "
119 "named rights are added. (Note that the "
120 "RemoveAccess method SHOULD be used to completely "
121 "remove all privileges between a subject and a "
122 "target. On output, this property references an "
123 "AuthorizedPrivilege instance that represents the "
124 "resulting rights between the named Subject and the "
125 "named Target. AuthorizedPrivilege instances used "
126 "as a templates in this property SHOULD have a "
127 marek 1.1 "HostedDependency association to the "
128 "PriviligeManagementService and SHOULD NOT have any "
129 "AuthorizedTarget or AuthorizedSubject associations "
130 "to it." )]
131 CIM_AuthorizedPrivilege REF Privilege);
132
133 [Description (
134 "This method revokes a specific AuthorizedPrivilege or "
135 "all privileges for a particular target, subject, or "
136 "subject/target pair. If an AuthorizedPrivilege instance "
137 "is left with no AuthorizedTarget associations, it SHOULD "
138 "be deleted. The successful completion of the method "
139 "SHALL remove the directly or indirectly requested "
140 "AuthorizedSubject, AuthorizedTarget and "
141 "AuthorizedPrivilege instances." ),
142 ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000",
143 "16001", "16002", "16003", "16004..32767", "32768..65535" },
144 Values { "Success", "Not Supported", "Unspecified Error",
145 "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
146 "Unsupported Privilege", "Unsupported Target",
147 "Authorization Error", "Null parameter not supported",
148 marek 1.1 "Method Reserved", "Vendor Specific" }]
149 uint32 RemoveAccess(
150 [IN, Description (
151 "The Subject parameter is a reference to a "
152 "ManagedElement instance (associated via "
153 "AuthorizedSubject) for which privileges are to be "
154 "revoked." )]
155 CIM_ManagedElement REF Subject,
156 [IN, Description (
157 "A reference to the AuthorizedPrivilege to be revoked."
158 )]
159 CIM_AuthorizedPrivilege REF Privilege,
160 [IN, Description (
161 "The Target parameter is a reference to a "
162 "ManagedElement (associated via AuthorizedTarget) "
163 "which will no longer be protected via the "
164 "AuthorizedPrivilege." )]
165 CIM_ManagedElement REF Target);
166
167 [Description (
168 "ShowAccess reports the Privileges (i.e., rights) granted "
169 marek 1.1 "to a particular Subject and/or Target pair. Either a "
170 "Subject, a Target or both MUST be specified. In the case "
171 "where only one is specified, the method will return all "
172 "rights to all Targets for the specified Subject, or all "
173 "rights for all subjects which apply to the specified "
174 "Target. \n"
175 "\n"
176 "ShowAccess returns the cumulative rights granted between "
177 "the OutSubjects and OutTargets at the same array index "
178 "(filtered to return the information that the requestor "
179 "is authorized to view). If a specific array entry is "
180 "NULL, then there exist NO rights that the requestor is "
181 "authorized to view between the Subject/Target pair. \n"
182 "\n"
183 "Note that the Privileges returned by this method MAY NOT "
184 "correspond to what is actually instantiated in the "
185 "model, and MAY be optimized for ease of reporting. "
186 "Hence, the data is passed \'by value\', as embedded "
187 "objects. Also, note that multiple Privileges MAY be "
188 "defined for a given Subject/Target pair. \n"
189 "\n"
190 marek 1.1 "Other mechanisms MAY also be used to retrieve this "
191 "information. CIM Operations\' EnumerateInstances MAY be "
192 "used to return all Privileges currently instantiated "
193 "within a namespace. Also, if the AuthorizedPrivilege "
194 "subclass is instantiated, the CIM Operation Associators "
195 "MAY be used to navigate from the Privilege to "
196 "AuthorizedSubjects and AuthorizedTargets. These CIM "
197 "Operations will not generally provide the functionality "
198 "or optimizations available with ShowAccess." ),
199 ValueMap { "0", "1", "2", "3", "4", "5", "..", "16000",
200 "16002", "16003", "16004", "16005..31999", "32000..65535" },
201 Values { "Success", "Not Supported", "Unknown", "Timeout",
202 "Failed", "Invalid Parameter", "DMTF Reserved",
203 "Unsupported Subject", "Unsupported Target",
204 "Authorization Error", "NULL not supported",
205 "Method Reserved", "Vendor Specific" }]
206 uint32 ShowAccess(
207 [IN, Description (
208 "The Subject parameter references an instance of "
209 "ManagedElement. The result of this operation is "
210 "that the cumulative rights of the Subject to "
211 marek 1.1 "access or define authorization rights for the "
212 "Target will be reported. If no Subject is "
213 "specified, then a Target MUST be supplied and ALL "
214 "Subjects that have rights to access or define "
215 "authorizations for the Target will be reported. "
216 "(It should be noted that the information reported "
217 "MUST be filtered by the rights of the requestor to "
218 "view that data.) If the Subject element is a "
219 "Collection, then the operation will specifically "
220 "report the Privileges for all elements associated "
221 "to the Collection via MemberOfCollection. These "
222 "elements will be reported individually in the "
223 "returned OutSubjects array." ),
224 ModelCorrespondence {
225 "CIM_PrivilegeManagementService.ShowAccess.Target" }]
226 CIM_ManagedElement REF Subject,
227 [IN, Description (
228 "The Target parameter references an instance of "
229 "ManagedElement. The result of this operation is "
230 "that the cumulative rights of the Subject to "
231 "access or define authorization rights for the "
232 marek 1.1 "Target will be reported. If no Target is "
233 "specified, then a Subject MUST be supplied and ALL "
234 "Targets for which that the Subject has rights to "
235 "access or define authorization will be reported. "
236 "(It should be noted that the information reported "
237 "MUST be filtered by the rights of the requestor to "
238 "view that data.) If the Target element is a "
239 "Collection, then the operation will be applied to "
240 "all elements associated to the Collection via "
241 "MemberOfCollection. These elements will be "
242 "reported individually in the returned OutTargets "
243 "array." ),
244 ModelCorrespondence {
245 "CIM_PrivilegeManagementService.ShowAccess.Subject" }]
246 CIM_ManagedElement REF Target,
247 [IN ( false ), OUT, Description (
248 "The array of Subject REFs corresponding to the "
249 "individual Privileges and OutTargets arrays. The "
250 "resulting OutSubjects, Privileges and OutTargets "
251 "arrays define the cumulative rights granted "
252 "between the Subject/Target at the corresponding "
253 marek 1.1 "index (filtered to return the information that the "
254 "requestor is authorized to view)." ),
255 ArrayType ( "Indexed" ),
256 ModelCorrespondence {
257 "CIM_PrivilegeManagementService.ShowAccess.Subject",
258 "CIM_PrivilegeManagementService.ShowAccess.Privileges",
259 "CIM_PrivilegeManagementService.ShowAccess.OutTargets" }]
260 CIM_ManagedElement REF OutSubjects[],
261 [IN ( false ), OUT, Description (
262 "The array of Target REFs corresponding to the "
263 "individual Privileges and OutSubjects arrays. The "
264 "resulting OutSubjects, Privileges and OutTargets "
265 "arrays define the cumulative rights granted "
266 "between the Subject/Target at the corresponding "
267 "index (filtered to return the information that the "
268 "requestor is authorized to view)." ),
269 ArrayType ( "Indexed" ),
270 ModelCorrespondence {
271 "CIM_PrivilegeManagementService.ShowAccess.Target",
272 "CIM_PrivilegeManagementService.ShowAccess.Privileges",
273 "CIM_PrivilegeManagementService.ShowAccess.OutSubjects" }]
274 marek 1.1 CIM_ManagedElement REF OutTargets[],
275 [IN ( false ), OUT, Description (
276 "The returned Privilege objects represent the "
277 "cumulative rights granted between the OutSubjects "
278 "and OutTargets at the same array index (filtered "
279 "to return the information that the requestor is "
280 "authorized to view). If a specific array entry is "
281 "NULL, then there exist NO rights that the "
282 "requestor is authorized to view between the "
283 "Subject/Target pair." ),
284 EmbeddedObject, ArrayType ( "Indexed" ),
285 ModelCorrespondence {
286 "CIM_PrivilegeManagementService.ShowAccess.OutTargets",
287 "CIM_PrivilegeManagementService.ShowAccess.OutSubjects" }]
288 string Privileges[]);
289
290 };
|