|
version 1.1.2.1, 2012/01/24 13:50:37
|
version 1.1.2.2, 2012/02/15 17:46:57
|
|
|
|
| |
// Copyright (c) 2010 DMTF. All rights reserved. |
| |
[Version ( "2.26.0" ), |
| |
UMLPackagePath ( "CIM::User::Role" ), |
| |
Description ( |
| |
"The CIM_RoleBasedAuthorizationService class represents the " |
| |
"authorization service that manages and configures roles on a " |
| |
"managed system. The CIM_RoleBasedAuthorizationService is " |
| |
"responsible for creating, and deleting CIM_Role instances. " |
| |
"Privileges of the roles are represented through the " |
| |
"instance(s) of CIM_Privilege class associated to CIM_Role " |
| |
"instances through the CIM_MemberOfCollection association. As a " |
| |
"result of creating, and deleting CIM_Role instances the " |
| |
"CIM_Privilege instances can also be affected. The limiting " |
| |
"scope of the role is determined by the CIM_RoleLimitedToTarget " |
| |
"association." )] |
| |
class CIM_RoleBasedAuthorizationService : CIM_PrivilegeManagementService { |
| |
|
| |
|
| |
[Description ( |
| |
"AssignRoles() removes a security principal from any " |
| |
"Rolesto which it currently belongs and assigns it to the " |
| |
"Roles identified by the Roles[] parameter. Upon " |
| |
"successful completion of the method, the instance of " |
| |
"CIM_Identity identified by the Identity parameter shall " |
| |
"be associated to each Role referenced by the Roles " |
| |
"parameter through the CIM_MemberOfCollection association " |
| |
"and shall not be associated to an instance of CIM_Role " |
| |
"unless a reference to it is contained in the Roles " |
| |
"parameter." ), |
| |
ValueMap { "0", "1", "2", "..", "32000..65535" }, |
| |
Values { "Success", "Not Supported", "Failed", |
| |
"Method Reserved", "Vendor Specific" }] |
| |
uint32 AssignRoles( |
| |
[Required, IN, Description ( |
| |
"The Identity instance representing the security " |
| |
"principalwhose role membership is being modified." )] |
| |
CIM_Identity REF Identity, |
| |
[Required, IN, Description ( |
| |
"The set of Roles to which the Identity will be " |
| |
"associated through CIM_MemberOfCollection.If the " |
| |
"Roles parameter is an empty array, then the " |
| |
"successful execution of the method will unassign " |
| |
"all the roles from the identity represented by the " |
| |
"Identity parameter." )] |
| |
CIM_Role REF Roles[]); |
| |
|
| |
[Description ( |
| |
"ModifyRole method modifies the privileges and the scope " |
| |
"of the specified instance of the targeted CIM_Role " |
| |
"instance. The call may result in the creation, deletion, " |
| |
"or modification of CIM_Privilege instances. The call may " |
| |
"result in the creation and deletion of " |
| |
"CIM_RoleLimitedTarget association instances." ), |
| |
ValueMap { "0", "1", "2", "3", "4", "5", "6", "..", |
| |
"32000..65535" }, |
| |
Values { "Success", "Not Supported", "Unknown", "Timeout", |
| |
"Failed", "Invalid Parameter", "Inappropriate Privilege", |
| |
"DMTF Reserved", "Vendor Specific" }] |
| |
uint32 ModifyRole( |
| |
[IN, Description ( |
| |
"Privileges parameter represents the desired " |
| |
"privileges for the targeted role. When this " |
| |
"parameter is non-null, upon successful completion " |
| |
"of the method, the instances of CIM_Privilege " |
| |
"associated with the targeted CIM_Role instance " |
| |
"shall convey equivalent privileges as those " |
| |
"indicated by the specified embedded CIM_Privilege " |
| |
"instances. The Privilege parameter is an array of " |
| |
"elements of CIM_Privilege, encoded as a string " |
| |
"valued embedded instance parameter. The embedded " |
| |
"instances allow the client to convey the " |
| |
"privileges desired for the targeted CIM_Role " |
| |
"instance. The method may result in the creation, " |
| |
"deletion, or modification of the CIM_Privilege " |
| |
"instances. The rights indicated by a CIM_Privilege " |
| |
"may be revoked by passing the embedded instance of " |
| |
"CIM_Privilege with PrivilegeGranted property set " |
| |
"to \"FALSE.\". When the parameter is null, the " |
| |
"privileges for the CIM_Role shall not be modified." ), |
| |
EmbeddedInstance ( "CIM_Privilege" )] |
| |
string Privileges[], |
| |
[IN, Description ( |
| |
"RoleLimitedToTargets parameter references all of " |
| |
"the CIM_ManagedElement instances to which the role " |
| |
"shall be limited. When this parameter is non-null, " |
| |
"upon successful completion of the method, the " |
| |
"targeted CIM_Role instanceshall be associated " |
| |
"through the CIM_RoleLimitedToTarget association " |
| |
"with only the specified instances of " |
| |
"CIM_ManagedElement. This may result in the " |
| |
"creation and deletion of instances of " |
| |
"CIM_RoleLimitedToTarget. When this parameter is " |
| |
"null, the set of instances of " |
| |
"CIM_RoleLimitedToTarget that reference the " |
| |
"targeted CIM_Role instance shall not be modified." )] |
| |
CIM_ManagedElement REF RoleLimitedToTargets[], |
| |
[Required, IN, Description ( |
| |
"Role parameter is the reference to the targeted " |
| |
"CIM_Role instance for which the privileges will be " |
| |
"modified." )] |
| |
CIM_Role REF Role); |
| |
|
| |
[Description ( |
| |
"ShowRoles reports the Privileges (i.e., rights) granted " |
| |
"to a particular Subject, for a particular Target, or to " |
| |
"a particular Subject for a particular Target through " |
| |
"membership in, or scoping to instances of CIM_Role. The " |
| |
"Subject parameter, Target parameter, or both shall be " |
| |
"specified. \n" |
| |
"When the Subject parameter is specified and the Target " |
| |
"parameter is not specified, the method shall return all " |
| |
"of Roles to which the subject is associated through " |
| |
"CIM_MemberOfCollection. When Target parameter is " |
| |
"specified and the Subject parameter is not specified, " |
| |
"the method shall all instances of CIM_Role within whose " |
| |
"scope the Target Parameter lies.\n" |
| |
"When the Subject parameter and Target parameter are both " |
| |
"specified, the method shall return an instance of " |
| |
"CIM_Role if and only if the Subject Parameter is " |
| |
"associated to the instance of CIM_Role through " |
| |
"CIM_MemberOfCollection and the Target Parameter lies " |
| |
"within the scope of the instance of CIM_Role.\n" |
| |
"For each instance of CIM_Role returned in the Roles " |
| |
"parameter, the corresponding index of the Privileges " |
| |
"parameter may contain an instance of CIM_Privilege. The " |
| |
"corresponding index of the Privileges parameter may be " |
| |
"null when rights granted through a CIM_Role are not " |
| |
"explicitly managed, or when there are not currently any " |
| |
"instances of CIM_Privilege associated with the CIM_Role " |
| |
"instance. When the corresponding index of of the " |
| |
"Privileges parameter is non-null, the embedded instance " |
| |
"of CIM_Privilege shall reflect the cumulative rights " |
| |
"granted through membership in the Role. \n" |
| |
"Each embedded instance of CIM_Role contained in the " |
| |
"Roles parameter shall correspond to an instrumented " |
| |
"instance of CIM_Role. Each embedded instance of " |
| |
"CIM_Privilege contained in the Privileges parameter may " |
| |
"correspond to an instance of CIM_Privilege associated to " |
| |
"the corresponding instance of CIM_Role through the " |
| |
"CIM_MemberOfCollection. However, this is not required. " |
| |
"Embedded instances of CIM_Role are returned rather than " |
| |
"References in order to simplify the query operation for " |
| |
"clients. The properties of the instances of CIM_Role " |
| |
"provide context to aid a client in selecting which " |
| |
"instance(s) to modify in order to change the privileges " |
| |
"of a Subject or for a Target." ), |
| |
ValueMap { "0", "1", "2", "..", "32000..65535" }, |
| |
Values { "Success", "Not Supported", "Failed", |
| |
"Method Reserved", "Vendor Specific" }] |
| |
uint32 ShowRoles( |
| |
[IN, Description ( |
| |
"The Subject parameter identifies the instance of " |
| |
"CIM_Identity whose containing instances of " |
| |
"CIM_Role will be returned." )] |
| |
CIM_Identity REF Subject, |
| |
[IN, Description ( |
| |
"The Target parameter identifies an instance of " |
| |
"CIM_ManagedElement whose scoping instances of " |
| |
"CIM_Role will be returned." )] |
| |
CIM_ManagedElement REF Target, |
| |
[IN ( false ), OUT, Description ( |
| |
"The set of instances of CIM_Role filtered " |
| |
"according to the Subject and Target parameters." ), |
| |
EmbeddedInstance ( "CIM_Role" ), |
| |
ArrayType ( "Indexed" ), |
| |
ModelCorrespondence { |
| |
"CIM_PrivilegeManagementService.ShowAccess.Privileges" }] |
| |
string Roles[], |
| |
[IN ( false ), OUT, Description ( |
| |
"The cumulative rights granted through membership " |
| |
"in the instance of CIM_Role located at the same " |
| |
"array index in the Roles parameter." ), |
| |
EmbeddedInstance ( "CIM_Privilege" ), |
| |
ArrayType ( "Indexed" ), |
| |
ModelCorrespondence { |
| |
"CIM_PrivilegeManagementService.ShowAccess.Roles" }] |
| |
string Privileges[]); |
| |
|
| |
}; |
Return to
CIM_RoleBasedAuthorizationService.mof
CVS log
Up to [Pegasus] / pegasus / Schemas / CIM231 / DMTF / User