Return to User28_Privilege.mof CVS log | Up to [Pegasus] / pegasus / Schemas / CIM28 |
File: [Pegasus] / pegasus / Schemas / CIM28 / Attic / User28_Privilege.mof
(download)
Revision: 1.1, Tue Jan 27 16:32:53 2004 UTC (20 years, 5 months ago) by tony Branch: MAIN CVS Tags: pegasus25BeforeLicenseUpdate, TASK_PEP233_EmbeddedInstSupport-merge_out_trunk, TASK_BUG_5314_IPC_REFACTORING_ROOT, TASK_BUG_5314_IPC_REFACTORING_BRANCH, TASK_BUG_5314_IPC_REFACTORING-V1, TASK_BUG_5191_QUEUE_CONSOLIDATION_ROOT, TASK_BUG_5191_QUEUE_CONSOLIDATION_BRANCH, TASK-TASK-BUG4011_WinLocalConnect-branch-New-root, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_out_to_branch, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_out_from_trunk, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_in_to_trunk, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_in_from_branch, TASK-TASK-BUG4011_WinLocalConnect-branch-New-branch, TASK-PEP268_SSLClientCertificatePropagation-root, TASK-PEP268_SSLClientCertificatePropagation-merged_out_to_branch, TASK-PEP268_SSLClientCertificatePropagation-merged_out_from_trunk, TASK-PEP268_SSLClientCertificatePropagation-merged_in_to_trunk, TASK-PEP268_SSLClientCertificatePropagation-merged_in_from_branch, TASK-PEP268_SSLClientCertificatePropagation-branch, TASK-PEP267_SLPReregistrationSupport-root, TASK-PEP267_SLPReregistrationSupport-merging_out_to_branch, TASK-PEP267_SLPReregistrationSupport-merging_out_from_trunk, TASK-PEP267_SLPReregistrationSupport-merged_out_to_branch, TASK-PEP267_SLPReregistrationSupport-merged_out_from_trunk, TASK-PEP267_SLPReregistrationSupport-merged_in_to_trunk, TASK-PEP267_SLPReregistrationSupport-merged_in_from_branch, TASK-PEP267_SLPReregistrationSupport-branch, TASK-PEP250_RPMProvider-root, TASK-PEP250_RPMProvider-merged_out_to_branch, TASK-PEP250_RPMProvider-merged_out_from_trunk, TASK-PEP250_RPMProvider-merged_in_to_trunk, TASK-PEP250_RPMProvider-merged_in_from_branch, TASK-PEP250_RPMProvider-branch, TASK-PEP245_CimErrorInfrastructure-root, TASK-PEP245_CimErrorInfrastructure-merged_out_to_branch, TASK-PEP245_CimErrorInfrastructure-merged_out_from_trunk, TASK-PEP245_CimErrorInfrastructure-merged_in_to_trunk, TASK-PEP245_CimErrorInfrastructure-merged_in_from_branch, TASK-PEP245_CimErrorInfrastructure-branch, TASK-PEP241_OpenPegasusStressTests-root, TASK-PEP241_OpenPegasusStressTests-merged_out_to_branch, TASK-PEP241_OpenPegasusStressTests-merged_out_from_trunk, TASK-PEP241_OpenPegasusStressTests-merged_in_to_trunk, TASK-PEP241_OpenPegasusStressTests-merged_in_from_branch, TASK-PEP241_OpenPegasusStressTests-branch, TASK-Bugs5690_3913_RemoteCMPI-root, TASK-Bugs5690_3913_RemoteCMPI-merged_out_to_branch, TASK-Bugs5690_3913_RemoteCMPI-merged_out_from_trunk, TASK-Bugs5690_3913_RemoteCMPI-merged_in_to_trunk, TASK-Bugs5690_3913_RemoteCMPI-merged_in_from_branch, TASK-Bugs5690_3913_RemoteCMPI-branch, TASK-Bug2021_RemoteCMPIonWindows-root, TASK-Bug2021_RemoteCMPIonWindows-merged_out_to_branch, TASK-Bug2021_RemoteCMPIonWindows-merged_out_from_trunk, TASK-Bug2021_RemoteCMPIonWindows-merged_in_to_trunk, TASK-Bug2021_RemoteCMPIonWindows-merged_in_from_branch, TASK-Bug2021_RemoteCMPIonWindows-branch, TASK-Bug2021_RCMPIonWindows-root, TASK-Bug2021_RCMPIonWindows-merged_out_to_branch, TASK-Bug2021_RCMPIonWindows-merged_out_from_trunk, TASK-Bug2021_RCMPIonWindows-merged_in_to_trunk, TASK-Bug2021_RCMPIonWindows-merged_in_from_branch, TASK-Bug2021_RCMPIonWindows-branch, TASK-BUG7240-root, TASK-BUG7240-branch, TASK-BUG4011_WinLocalConnect-root, TASK-BUG4011_WinLocalConnect-merged_out_to_branch, TASK-BUG4011_WinLocalConnect-merged_out_from_trunk, TASK-BUG4011_WinLocalConnect-merged_in_to_trunk, TASK-BUG4011_WinLocalConnect-merged_in_from_branch, TASK-BUG4011_WinLocalConnect-branch-New, TASK-BUG4011_WinLocalConnect-branch, STABLE, SLPPERFINST-root, SLPPERFINST-branch, RELEASE_2_6_3-RC2, RELEASE_2_6_3-RC1, RELEASE_2_6_3, RELEASE_2_6_2-RC1, RELEASE_2_6_2, RELEASE_2_6_1-RC1, RELEASE_2_6_1, RELEASE_2_6_0-RC1, RELEASE_2_6_0-FC, RELEASE_2_6_0, RELEASE_2_6-root, RELEASE_2_6-branch-clean, RELEASE_2_6-branch, RELEASE_2_5_5-RC2, RELEASE_2_5_5-RC1, RELEASE_2_5_5, RELEASE_2_5_4-RC2, RELEASE_2_5_4-RC1, RELEASE_2_5_4, RELEASE_2_5_3-RC1, RELEASE_2_5_3, RELEASE_2_5_2-RC1, RELEASE_2_5_2, RELEASE_2_5_1-RC1, RELEASE_2_5_1, RELEASE_2_5_0-RC1, RELEASE_2_5_0, RELEASE_2_5-root, RELEASE_2_5-branch, RELEASE_2_4_FC_CANDIDATE_1, RELEASE_2_4_3, RELEASE_2_4_2, RELEASE_2_4_1-BETA3, RELEASE_2_4_1-BETA2, RELEASE_2_4_1-BETA1, RELEASE_2_4_1, RELEASE_2_4_0-RC3, RELEASE_2_4_0-RC2, RELEASE_2_4_0, RELEASE_2_4-root, RELEASE_2_4-branch, PEP286_PRIVILEGE_SEPARATION_ROOT, PEP286_PRIVILEGE_SEPARATION_CODE_FREEZE, PEP286_PRIVILEGE_SEPARATION_BRANCH, PEP286_PRIVILEGE_SEPARATION_1, PEP244_ServerProfile-root, PEP244_ServerProfile-branch, PEP233_EmbeddedInstSupport-root, PEP233_EmbeddedInstSupport-branch, PEP217_PRE_BRANCH, PEP217_POST_BRANCH, PEP217_BRANCH, PEP214ROOT, PEP214BRANCH, PEP214-root, PEP214-branch, PEP213_SIZE_OPTIMIZATIONS, PEP-214B-root, PEGASUS_2_5_0_PerformanceDev-string-end, PEGASUS_2_5_0_PerformanceDev-rootlt, PEGASUS_2_5_0_PerformanceDev-root, PEGASUS_2_5_0_PerformanceDev-r2, PEGASUS_2_5_0_PerformanceDev-r1, PEGASUS_2_5_0_PerformanceDev-lit-end, PEGASUS_2_5_0_PerformanceDev-buffer-end, PEGASUS_2_5_0_PerformanceDev-branch, PEGASUS_2_5_0_PerformanceDev-AtomicInt-branch, PEG25_IBM_5_16_05, NPEGASUS_2_5_0_PerformanceDev-String-root, NNPEGASUS_2_5_0_PerformanceDev-String-branch, MONITOR_CONSOLIDATION_2_5_BRANCH, IBM_241_April1405, CQL_2_5_BRANCH, CHUNKTESTDONE_PEP140, BUG_4225_PERFORMANCE_VERSION_1_DONE Branch point for: RELEASE_2_3_2-branch Add CIM28 final mof |
// =================================================================== // Title: User-Security Privilege // Filename: User28_Privilege.mof // Version: 2.8 // Release: Final // Date: Jan 26, 2004 // =================================================================== // Copyright 2003-2004 Distributed Management Task Force, Inc. (DMTF). // All rights reserved. // DMTF is a not-for-profit association of industry members dedicated // to promoting enterprise and systems management and interoperability. // DMTF specifications and documents may be reproduced for uses // consistent with this purpose by members and non-members, // provided that correct attribution is given. // As DMTF specifications may be revised from time to time, // the particular version and release date should always be noted. // // Implementation of certain elements of this standard or proposed // standard may be subject to third party patent rights, including // provisional patent rights (herein "patent rights"). DMTF makes // no representations to users of the standard as to the existence // of such rights, and is not responsible to recognize, disclose, or // identify any or all such third party patent right, owners or // claimants, nor for any incomplete or inaccurate identification or // disclosure of such rights, owners or claimants. DMTF shall have no // liability to any party, in any manner or circumstance, under any // legal theory whatsoever, for failure to recognize, disclose, or // identify any such third party patent rights, or for such party's // reliance on the standard or incorporation thereof in its product, // protocols or testing procedures. DMTF shall have no liability to // any party implementing such standard, whether such implementation // is foreseeable or not, nor to any patent owner or claimant, and shall // have no liability or responsibility for costs or losses incurred if // a standard is withdrawn or modified after publication, and shall be // indemnified and held harmless by any party implementing the // standard from any and all claims of infringement by a patent owner // for such implementations. // // For information about patents held by third-parties which have // notified the DMTF that, in their opinion, such patent may relate to // or impact implementations of DMTF standards, visit // http://www.dmtf.org/about/policies/disclosures.php. // =================================================================== // Description: The User Model extends the management concepts that // are related to users and security. // This file defines the concepts and classes related to // Privileges // // The object classes below are listed in an order that // avoids forward references. Required objects, defined // by other working groups, are omitted. // =================================================================== // Change Log for v2.8 Final - // CR1219 - Created subclass of Privilege, AuthorizedPrivilege, // moved AuthorizedSubject/Target associations to Authorized // Privilege, and promoted Privilege-related classes from // Experimental to Final // CR1221 - Also promoted Privilege-related classes to Final // CR1229 - Added ArrayType ("Indexed") qualifier to // Privilege.Activites // CR1235 - Corrected copyright // // Change Log for v2.8 Preliminary - // CR1011 - Created this file. // CR1082 - Fixed Value/ValueMap defintions for properties in Privilege // =================================================================== #pragma Locale ("en_US") // ================================================================== // Privilege // ================================================================== [Version ( "2.8.0" ), Description ( "Privilege is the base class for all types of activities which " "are granted or denied by a Role or an Identity. Whether an " "individual Privilege is granted or denied is defined using the " "PrivilegeGranted boolean. Any Privileges not specifically " "granted are assumed to be denied. An explicit deny (Privilege " "Granted = FALSE) takes precedence over any granted Privileges. " "\n\n" "The association of subjects (Roles and Identities) to " "Privileges is accomplished using policy or explicitly via the " "associations on a subclass. The entities that are protected " "(targets) can be similarly defined. \n" "\n" "Note that Privileges may be inherited through hierarchical " "Roles, or may overlap. For example, a Privilege denying any " "instance Writes in a particular CIM Server Namespace would " "overlap with a Privilege defining specific access rights at an " "instance level within that Namespace. In this example, the " "AuthorizedSubjects are either Identities or Roles, and the " "AuthorizedTargets are a Namespace in the former case, and a " "particular instance in the latter.")] class CIM_Privilege : CIM_ManagedElement { [Key, Description ( "Within the scope of the instantiating Namespace, InstanceID " "opaquely and uniquely identifies an instance of this class. " "In order to ensure uniqueness within the NameSpace, the " "value of InstanceID SHOULD be constructed using the " "following 'preferred' algorithm: \n" "<OrgID>:<LocalID> \n" "Where <OrgID> and <LocalID> are separated by a colon ':', " "and where <OrgID> MUST include a copyrighted, trademarked " "or otherwise unique name that is owned by the business " "entity creating/defining the InstanceID, or is a registered " "ID that is assigned to the business entity by a recognized " "global authority. (This is similar to the <Schema " "Name>_<Class Name> structure of Schema class names.) In " "addition, to ensure uniqueness <OrgID> MUST NOT contain a " "colon (':'). When using this algorithm, the first colon to " "appear in InstanceID MUST appear between <OrgID> and " "<LocalID>. \n" "<LocalID> is chosen by the business entity and SHOULD not " "be re-used to identify different underlying (real-world) " "elements. If the above 'preferred' algorithm is not used, " "the defining entity MUST assure that the resultant " "InstanceID is not re-used across any InstanceIDs produced " "by this or other providers for this instance's NameSpace. " "For DMTF defined instances, the 'preferred' algorithm MUST " "be used with the <OrgID> set to 'CIM'.")] string InstanceID; [Description ( "Boolean indicating whether the Privilege is granted (TRUE) " "or denied (FALSE). The default is to grant permission.")] boolean PrivilegeGranted = TRUE; [Description ( "An enumeration indicating the activities that are granted " "or denied. These activities apply to all entities specified " "in the ActivityQualifiers array. The values in the " "enumeration are straightforward except for one, " "4=\"Detect\". This value indicates that the existence or " "presence of an entity may be determined, but not " "necessarily specific data (which requires the Read " "privilege to be true). This activity is exemplified by " "'hidden files'- if you list the contents of a directory, " "you will not see hidden files. However, if you know a " "specific file name, or know how to expose hidden files, " "then they can be 'detected'. Another example is the ability " "to define search privileges in directory implementations."), ValueMap { "1", "2", "3", "4", "5", "6", "7", "..15999", "16000.." }, Values { "Other", "Create", "Delete", "Detect", "Read", "Write", "Execute", "DMTF Reserved", "Vendor Reserved" }, ArrayType ( "Indexed" ), ModelCorrespondence { "CIM_Privilege.ActivityQualifiers" }] uint16 Activities[]; [Description ( "The ActivityQualifiers property is an array of string " "values used to further qualify and specify the privileges " "granted or denied. For example, it is used to specify a set " "of files for which 'Read'/'Write' access is permitted or " "denied. Or, it defines a class' methods that may be " "'Executed'. Details on the semantics of the individual " "entries in ActivityQualifiers are provided by corresponding " "entries in the QualifierFormats array."), ArrayType ( "Indexed" ), ModelCorrespondence { "CIM_Privilege.Activities", "CIM_Privilege.QualifierFormats" }] string ActivityQualifiers[]; [Description ( "Defines the semantics of corresponding entries in the " "ActivityQualifiers array. An example of each of these " "'formats' and their use follows: \n" "- 2=Class Name. Example: If the authorization target is a " "CIM Service or a Namespace, then the ActivityQualifiers " "entries can define a list of classes that the authorized " "subject is able to create or delete. \n" "- 3=<Class.>Property. Example: If the authorization target " "is a CIM Service, Namespace or Collection of instances, " "then the ActivityQualifiers entries can define the class " "properties that may or may not be accessed. In this case, " "the class names are specified with the property names to " "avoid ambiguity - since a CIM Service, Namespace or " "Collection could manage multiple classes. On the other " "hand, if the authorization target is an individual " "instance, then there is no possible ambiguity and the class " "name may be omitted. To specify ALL properties, the " "wildcard string \"*\" should be used. \n" "- 4=<Class.>Method. This example is very similar to the " "Property one, above. And, as above, the string \"*\" may be " "specified to select ALL methods. \n" "- 5=Object Reference. Example: If the authorization target " "is a CIM Service or Namespace, then the ActivityQualifiers " "entries can define a list of object references (as strings) " "that the authorized subject can access. \n" "- 6=Namespace. Example: If the authorization target is a " "CIM Service, then the ActivityQualifiers entries can define " "a list of Namespaces that the authorized subject is able to " "access. \n" "- 7=URL. Example: An authorization target may not be " "defined, but a Privilege could be used to deny access to " "specific URLs by individual Identities or for specific " "Roles, such as the 'under 17' Role. \n" "- 8=Directory/File Name. Example: If the authorization " "target is a FileSystem, then the ActivityQualifiers entries " "can define a list of directories and files whose access is " "protected. \n" "- 9=Command Line Instruction. Example: If the authorization " "target is a ComputerSystem or Service, then the " "ActivityQualifiers entries can define a list of command " "line instructions that may or may not be 'Executed' by the " "authorized subjects."), ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", "..15999", "16000.." }, Values { "Class Name", "<Class.>Property", "<Class.>Method", "Object Reference", "Namespace", "URL", "Directory/File Name", "Command Line Instruction", "DMTF Reserved", "Vendor Reserved" }, ArrayType ( "Indexed" ), ModelCorrespondence { "CIM_Privilege.ActivityQualifiers" }] uint16 QualifierFormats[]; }; // ================================================================== // AuthorizedPrivilege // ================================================================== [Version ( "2.8.0" ), Description ( "Privilege is the base class for all types of activities which " "are granted or denied to a Role or an Identity. " "AuthorizedPrivilege is a subclass defining static renderings " "of authorization policy rules. The association of Roles and " "Identities to AuthorizedPrivilege is accomplished using the " "AuthorizedSubject relationship. The entities that are " "protected are defined using the AuthorizedTarget relationship. " "\n\n" "Note that this class and its AuthorizedSubject/Target " "associations provide a short-hand, static mechanism to " "represent authorization policies.")] class CIM_AuthorizedPrivilege : CIM_Privilege { }; // ================================================================== // AuthorizedSubject // ================================================================== [Association, Version ( "2.8.0" ), Description ( "CIM_AuthorizedSubject is an association used to tie specific " "AuthorizedPrivileges to specific subjects (i.e., Identities, " "Roles or Collections of these). At this time, only Identities " "and Roles (or Collections of Identities and Roles) should be " "associated to AuthorizedPrivileges using this relationship. " "Note that any Privileges not explicitly granted to a subject, " "SHOULD be denied.")] class CIM_AuthorizedSubject { [Key, Description ( "The AuthorizedPrivilege either granted or denied to an " "Identity, Role or Collection. Whether the privilege is " "granted or denied is defined by the inherited property, " "CIM_Privilege.PrivilegeGranted.")] CIM_AuthorizedPrivilege REF Privilege; [Key, Description ( "The Subject for which AuthorizedPrivileges are granted or " "denied. Whether the privilege is granted or denied is " "defined by the property, CIM_Privilege.PrivilegeGranted.")] CIM_ManagedElement REF PrivilegedElement; }; // ================================================================== // AuthorizedTarget // ================================================================== [Association, Version ( "2.8.0" ), Description ( "CIM_AuthorizedTarget is an association used to tie an " "Identity's or Role's AuthorizedPrivileges to specific target " "resources.")] class CIM_AuthorizedTarget { [Key, Description ( "The AuthorizedPrivilege affecting the target resource.")] CIM_AuthorizedPrivilege REF Privilege; [Key, Description ( "The target set of resources to which the " "AuthorizedPrivilege applies.")] CIM_ManagedElement REF TargetElement; }; // =================================================================== // end of file // ===================================================================
No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |