1 tony 1.1 // ===================================================================
2 // Title: User-Security Privilege Management Service ID 2.8
3 // Filename: User28_PrivilegeManagementService.mof
4 // Version: 2.8
5 // Release: Final
6 // Date: Jan 26, 2004
7 // ===================================================================
8 // Copyright 2003-2004 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the concepts and classes related to
47 // hardware World Wide Names used as credentials
48 // for accessing Storage services and credentials.
49 //
50 // The object classes below are listed in an order that
51 // avoids forward references. Required objects, defined
52 // by other working groups, are omitted.
53 // ===================================================================
54 // Change Log for v2.8 Final
55 // CR1186 - Modified AssignAccess to be atomic, clarified Description,
56 // and used AuthorizedPrivilege as an input template
57 // CR1221 - Promoted PrivilegeManagementService to Final
58 // CR1229 - Removed ArrayType from properties that are not arrays
59 // CR1235 - Corrected copyright, changed RemoveAccess's return value
60 // from "Unknown" to "Unspecified Error", and corrected
61 // ValueMap/Values entries for the enumerated parameters of
62 // AssignAccess / Clarified that methods apply to Authorized
63 // Privilege and not the Privilege superclass
64 tony 1.1 //
65 // Change Log for v2.8 Preliminary (Company Review)
66 // CR1102 - Fixed PrivilegeManagementService for application to
67 // Storage LUN Masking.
68 //
69 // Change Log for v2.8 Preliminary -
70 // CR1017 - Created this file
71 // ===================================================================
72
73 #pragma Locale ("en_US")
74
75
76 // ==================================================================
77 // PrivilegeManagementService
78 // ==================================================================
79 [Version ( "2.8.0" ), Description (
80 "The PrivilegeManagementService is responsible for creating, "
81 "deleting, and associating AuthorizedPrivilege instances. "
82 "References to 'subject' and 'target' define the entities that "
83 "are associated with an AuthorizedPrivilege instance via the "
84 "relationships, AuthorizedSubject and AuthorizedTarget, "
85 tony 1.1 "respectively. When created, an AuthorizedPrivilege instance is "
86 "related to this (PrivilegeManagement)Service via the "
87 "association, ConcreteDependency.")]
88 class CIM_PrivilegeManagementService : CIM_AuthorizationService {
89
90 [Description (
91 "When this method is called, a provider updates the "
92 "specified Subject's rights to the Target according to the "
93 "parameters of this call. The rights are modeled via an "
94 "AuthorizedPrivilege instance. If an AuthorizedPrivilege "
95 "instance is created as a result of this call, it MUST be "
96 "linked to the Subject and Target via the AuthorizedSubject "
97 "and AuthorizedTarget associations, respectively. When "
98 "created, the AuthorizedPrivilege instance is associated to "
99 "this PrivilegeManagementService via ConcreteDependency. If "
100 "the execution of this call results in no rights between the "
101 "Subject and Target, then they MUST NOT be linked to a "
102 "particular AuthorizedPrivilege instance via "
103 "AuthorizedSubject and AuthorizedTarget respectively. \n"
104 "\n"
105 "Note that regardless of whether specified via parameter, or "
106 tony 1.1 "template, the Activities, ActivityQualifiers and "
107 "QualifierFormats, are mutually indexed. Also note that "
108 "Subject and Target references MUST be supplied. \n"
109 "\n"
110 "The successful completion of the method SHALL create any "
111 "necessary AuthorizedSubject, AuthorizedTarget, "
112 "AuthorizedPrivilege, HostedDependency, and "
113 "ConcreteDependency instances."),
114 ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000",
115 "16001", "16002", "16003", "16004", "16005..31999",
116 "32000..65535" },
117 Values { "Success", "Not Supported", "Unspecified Error",
118 "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
119 "Unsupported Subject", "Unsupported Privilege",
120 "Unsupported Target", "Authorization Error",
121 "NULL not supported", "Method Reserved", "Vendor Specific" }]
122 uint32 AssignAccess (
123
124 [Required, IN, Description (
125 "The Subject parameter is a reference to a ManagedElement "
126 "instance. This parameter MUST be supplied.")]
127 tony 1.1 CIM_ManagedElement REF Subject,
128
129 [IN, Description (
130 "MUST be NULL unless Privilege is NULL on input. The "
131 "PrivilegeGranted flag indicates whether the rights "
132 "defined by the parameters in this call should be granted "
133 "or denied to the named Subject/Target pair."),
134 ModelCorrespondence {
135 "CIM_AuthorizedPrivilege.PrivilegeGranted",
136 "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
137 boolean PrivilegeGranted,
138
139 [IN, Description (
140 "MUST be NULL unless the Privilege is NULL on input. This "
141 "parameter specifies the activities to be granted or "
142 "denied."),
143 ValueMap { "1", "2", "3", "4", "5", "6", "7", "..",
144 "16000..65535" },
145 Values { "Other", "Create", "Delete", "Detect", "Read",
146 "Write", "Execute", "DMTF Reserved", "Vendor Reserved" },
147 ArrayType ( "Indexed" ),
148 tony 1.1 ModelCorrespondence { "CIM_AuthorizedPrivilege.Activities",
149 "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
150 uint16 Activities[],
151
152 [IN, Description (
153 "MUST be NULL unless Privilege is NULL on input. This "
154 "parameter defines the activity qualifiers for the "
155 "Activities to be granted or denied."),
156 ArrayType ( "Indexed" ),
157 ModelCorrespondence {
158 "CIM_AuthorizedPrivilege.ActivityQualifers",
159 "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
160 string ActivityQualifiers[],
161
162 [IN, Description (
163 "MUST be NULL unless Privilege is NULL on input. This "
164 "parameter defines the qualifier formats for the "
165 "corresponding ActivityQualifiers."),
166 ValueMap { "2", "3", "4", "5", "6", "7", "8", "9",
167 "10..15999", "16000..65535" },
168 Values { "Class Name", "<Class.>Property", "<Class.>Method",
169 tony 1.1 "Object Reference", "Namespace", "URL",
170 "Directory/File Name", "Command Line Instruction",
171 "DMTF Reserved", "Vendor Reserved" },
172 ArrayType ( "Indexed" ),
173 ModelCorrespondence {
174 "CIM_AuthorizedPrivilege.QualifierFormats",
175 "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
176 uint16 QualifierFormats[],
177
178 [Required, IN, Description (
179 "The Target parameter is a reference to an instance of "
180 "ManagedElement. This parameter MUST be supplied.")]
181 CIM_ManagedElement REF Target,
182
183 [IN, OUT, Description (
184 "On input, this reference MUST be either NULL or refer to "
185 "an instance of AuthorizedPrivilege that is used as a "
186 "template. The rights granted by corresponding entries in "
187 "the Activities, ActivityQualifiers and QualifierFormats "
188 "array properties are applied incrementally and do not "
189 "affect unnamed rights. If the property, "
190 tony 1.1 "PrivilegeGranted, is false, then the named rights are "
191 "removed. If PrivilegeGranted is True, then the named "
192 "rights are added. (Note that the RemoveAccess method "
193 "SHOULD be used to completely remove all privileges "
194 "between a subject and a target. On output, this property "
195 "references an AuthorizedPrivilege instance that "
196 "represents the resulting rights between the named "
197 "Subject and the named Target. AuthorizedPrivilege "
198 "instances used as a templates in this property SHOULD "
199 "have a HostedDependency association to the "
200 "PriviligeManagementService and SHOULD NOT have any "
201 "AuthorizedTarget or AuthorizedSubject associations to "
202 "it.")]
203 CIM_AuthorizedPrivilege REF Privilege );
204
205 [Description (
206 "This method revokes a specific AuthorizedPrivilege or all "
207 "privileges for a particular target, subject, or "
208 "subject/target pair. If an AuthorizedPrivilege instance is "
209 "left with no AuthorizedTarget associations, it SHOULD be "
210 "deleted. The successful completion of the method SHALL "
211 tony 1.1 "remove the directly or indirectly requested "
212 "AuthorizedSubject, AuthorizedTarget and AuthorizedPrivilege "
213 "instances."),
214 ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000",
215 "16001", "16002", "16003", "16004..32767", "32768..65535" },
216 Values { "Success", "Not Supported", "Unspecified Error",
217 "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
218 "Unsupported Privilege", "Unsupported Target",
219 "Authorization Error", "Null parameter not supported",
220 "Method Reserved", "Vendor Specific" }]
221 uint32 RemoveAccess (
222 [IN, Description (
223 "The Subject parameter is a reference to a ManagedElement "
224 "instance (associated via AuthorizedSubject) for which "
225 "privileges are to be revoked.")]
226 CIM_ManagedElement REF Subject,
227
228 [IN, Description (
229 "A reference to the AuthorizedPrivilege to be revoked.")]
230 CIM_AuthorizedPrivilege REF Privilege,
231
232 tony 1.1 [IN, Description (
233 "The Target parameter is a reference to a ManagedElement "
234 "(associated via AuthorizedTarget) which will no longer "
235 "be protected via the AuthorizedPrivilege.")]
236 CIM_ManagedElement REF Target );
237 };
238
239
240 // ===================================================================
241 // end of file
242 // ===================================================================
|