1 a.dunfey 1.1 // ===================================================================
2 // Title: User_AccessControl
3 // $State: Exp $
4 // $Date: 2004/11/29 18:31:43 $
5 // $RCSfile: User_AccessControl.mof,v $
6 // $Revision: 1.2.2.3 $
7 // ===================================================================
8 //#pragma inLine ("Includes/copyright.inc")
9 // Copyright 1998-2005 Distributed Management Task Force, Inc. (DMTF).
10 // All rights reserved.
11 // DMTF is a not-for-profit association of industry members dedicated
12 // to promoting enterprise and systems management and interoperability.
13 // DMTF specifications and documents may be reproduced for uses
14 // consistent with this purpose by members and non-members,
15 // provided that correct attribution is given.
16 // As DMTF specifications may be revised from time to time,
17 // the particular version and release date should always be noted.
18 //
19 // Implementation of certain elements of this standard or proposed
20 // standard may be subject to third party patent rights, including
21 // provisional patent rights (herein "patent rights"). DMTF makes
22 a.dunfey 1.1 // no representations to users of the standard as to the existence
23 // of such rights, and is not responsible to recognize, disclose, or
24 // identify any or all such third party patent right, owners or
25 // claimants, nor for any incomplete or inaccurate identification or
26 // disclosure of such rights, owners or claimants. DMTF shall have no
27 // liability to any party, in any manner or circumstance, under any
28 // legal theory whatsoever, for failure to recognize, disclose, or
29 // identify any such third party patent rights, or for such party's
30 // reliance on the standard or incorporation thereof in its product,
31 // protocols or testing procedures. DMTF shall have no liability to
32 // any party implementing such standard, whether such implementation
33 // is foreseeable or not, nor to any patent owner or claimant, and shall
34 // have no liability or responsibility for costs or losses incurred if
35 // a standard is withdrawn or modified after publication, and shall be
36 // indemnified and held harmless by any party implementing the
37 // standard from any and all claims of infringement by a patent owner
38 // for such implementations.
39 //
40 // For information about patents held by third-parties which have
41 // notified the DMTF that, in their opinion, such patent may relate to
42 // or impact implementations of DMTF standards, visit
43 a.dunfey 1.1 // http://www.dmtf.org/about/policies/disclosures.php.
44 //#pragma inLine
45 // ===================================================================
46 // Description: The User Model extends the management concepts that
47 // are related to users and security.
48 // This file defines the concepts and classes for
49 // access control.
50 //
51 // The object classes below are listed in an order that
52 // avoids forward references. Required objects, defined
53 // by other working groups, are omitted.
54 // ===================================================================
55 // Change Log for v2.8 Final
56 // CR1219 - Changes to AccessControlInfo.Description accepted for
57 // Final,
58 // as well as deprecations of AccessControlInformation,
59 // HostedACI,
60 // AuthorizedUse, AuthorizationSubject, and
61 // AuthorizationTarget
62 // CR1229 - Addition of the ArrayType qualifier to AccessControl
63 // Information's AccessType, AccessQualifier and Permission
64 a.dunfey 1.1 // properties
65 // CR1235 - Updated the deprecation and Description of
66 // AccessControlInformation.Permission / Updated the other
67 // deprecations in AccessControlInformation such that they all
68 // referenced AuthorizedPrivilege / Accepted the subclassing
69 // change for HostedACI
70 //
71 // Change Log for v2.8 Preliminary (Company Review)
72 // CR1128 - Changed subclassing of HostedACI from Dependency to
73 // HostedDependency.
74 //
75 // Change Log for v2.8 Preliminary
76 // CR1011 - Deprecated AccessControlInformation, HostedACI,
77 // AuthorizedUse, AuthorizationTarget, AuthorizationSubject
78 //
79 // Change Log for v2.7 - None
80 // ===================================================================
81
82 #pragma Locale ("en_US")
83
84
85 a.dunfey 1.1 // ==================================================================
86 // AccessControlInformation
87 // ==================================================================
88 [Deprecated { "CIM_AuthorizedPrivilege", "CIM_SecuritySensitivity" },
89 Version ( "2.8.0" ), Description (
90 "CIM_AccessControlInformation provides, through its properties "
91 "and its associations, the specification of the access rights "
92 "granted to a set of subject users to a set of target "
93 "resources. The AccessControlInformation class is weak to the "
94 "system (e.g., Computer System or Administrative Domain) for "
95 "which the access controls apply. \n"
96 "\n"
97 "This class is deprecated in lieu of two others: "
98 "AuthorizedPrivilege (defining specific access details) and "
99 "SecuritySensitivity (defining individual security levels). The "
100 "reasons for this are: 1. More specific access details are "
101 "defined in Privilege (the superclass of AuthorizedPrivilege); "
102 "and, 2. SecuritySensitivity allows security levels to be "
103 "applied to other elements than access control information.")]
104 class CIM_AccessControlInformation : CIM_LogicalElement {
105
106 a.dunfey 1.1 [Deprecated { "No value" }, Key,
107 Propagated ( "CIM_System.CreationClassName" ), Description (
108 "Hosting system creation class name."),
109 MaxLen ( 256 )]
110 string SystemCreationClassName;
111
112 [Deprecated { "No value" }, Key, Propagated ( "CIM_System.Name" ),
113 Description (
114 "Hosting system name."),
115 MaxLen ( 256 )]
116 string SystemName;
117
118 [Deprecated { "No value" }, Key, Description (
119 "CreationClassName indicates the name of the class or the "
120 "subclass used in the creation of an instance. When used "
121 "with the other key properties of this class, this property "
122 "allows all instances of this class and its subclasses to be "
123 "uniquely identified."),
124 MaxLen ( 256 )]
125 string CreationClassName;
126
127 a.dunfey 1.1 [Deprecated { "CIM_AuthorizedPrivilege.InstanceID" }, Key,
128 Override ( "Name" ), Description (
129 "The Name property defines the unique label, in the context "
130 "of the hosting system, by which the "
131 "AccessControlInformation is known."),
132 MaxLen ( 256 )]
133 string Name;
134
135 [Deprecated { "CIM_SecuritySensitivity.SecurityLevel" },
136 Description (
137 "The SecurityClassification property specifies a named level "
138 "of security associated with the AccessControlInformation, "
139 "e.g., 'Confidential', 'Top Secret', etc.")]
140 string SecurityClassification;
141
142 [Deprecated { "CIM_AuthorizedPrivilege.Activities" },
143 Description (
144 "The AccessType property is an array of string values that "
145 "specifies the type of access for which the corresponding "
146 "permission applies. For example, it can be used to specify "
147 "a generic access such as 'Read-only', 'Read/Write', etc. "
148 a.dunfey 1.1 "for file or record access control or it can be used to "
149 "specifiy an entry point name for service access control."),
150 ArrayType ( "Indexed" ),
151 ModelCorrespondence {
152 "CIM_AccessControlInformation.AccessQualifier",
153 "CIM_AccessControlInformation.Permission" }]
154 string AccessType[];
155
156 [Deprecated { "CIM_AuthorizedPrivilege.ActivityQualifiers" },
157 Description (
158 "The AccessQualifier property is an array of string values "
159 "may be used to further qualify the type of access for which "
160 "the corresponding permission applies. For example, it may "
161 "be used to specify a set of parameters that are permitted "
162 "or denied in conjunction with the corresponding AccessType "
163 "entry point name."),
164 ArrayType ( "Indexed" ),
165 ModelCorrespondence { "CIM_AccessControlInformation.AccessType",
166 "CIM_AccessControlInformation.Permission" }]
167 string AccessQualifier[];
168
169 a.dunfey 1.1 [Deprecated { "CIM_AuthorizedPrivilege" }, Description (
170 "The Permission property is an array of string values "
171 "indicating the permission that applies to the corresponding "
172 "AccessType and AccessQualifier array values. The values may "
173 "be extended in subclasses to provide more specific access "
174 "controls. \n"
175 "\n"
176 "This property is deprecated in lieu of the general "
177 "AuthorizedPrivilege class. This is because the Permissions, "
178 "'Access' and 'Deny', are addressed by the PrivilegeGranted "
179 "property, while 'Manage' maps to specific activities with "
180 "their corresponding qualifiers and formats."),
181 ValueMap { "Unknown", "Allow", "Deny", "Manage" },
182 ArrayType ( "Indexed" ),
183 ModelCorrespondence { "CIM_AccessControlInformation.AccessType",
184 "CIM_AccessControlInformation.AccessQualifier" }]
185 string Permission[];
186 };
187
188
189 // ==================================================================
190 a.dunfey 1.1 // HostedACI
191 // ==================================================================
192 [Association, Deprecated { "No value" }, Version ( "2.8.0" ),
193 Description (
194 "CIM_HostedACI is an association used to provide the namespace "
195 "scoping of AccessControlInformation. Since the referenced "
196 "class, AccessControlInformation, is deprecated, this Weak "
197 "association is similarly deprecated. Also, although "
198 "Privileges/access control can be defined in the context of a "
199 "System, this is not a mandatory association nor does it "
200 "provide any additional semantics for the Privilege. Therefore, "
201 "HostedACI is deprecated with no replacement association.")]
202 class CIM_HostedACI : CIM_HostedDependency {
203
204 [Deprecated { "No value" }, Override ( "Antecedent" ), Min ( 1 ),
205 Max ( 1 ), Description (
206 "The hosting system.")]
207 CIM_System REF Antecedent;
208
209 [Deprecated { "No value" }, Override ( "Dependent" ), Weak,
210 Description (
211 a.dunfey 1.1 "The hosted AccessControlInformation.")]
212 CIM_AccessControlInformation REF Dependent;
213 };
214
215
216 // ==================================================================
217 // AuthorizedUse
218 // ==================================================================
219 [Association, Deprecated { "No value" }, Version ( "2.8.0" ),
220 Description (
221 "CIM_AuthorizedUse is an association used to provide an "
222 "AuthorizationService with the AccessControlInformation it "
223 "needs to do its job. This association is deprecated with no "
224 "proposed replacement, since authorization processing will be "
225 "handled via policy or static checking of Privileges.")]
226 class CIM_AuthorizedUse : CIM_Dependency {
227
228 [Deprecated { "No value" }, Override ( "Antecedent" ),
229 Description (
230 "Access Control Information.")]
231 CIM_AccessControlInformation REF Antecedent;
232 a.dunfey 1.1
233 [Deprecated { "No value" }, Override ( "Dependent" ),
234 Description (
235 "AuthorizationService that uses an ACI.")]
236 CIM_AuthorizationService REF Dependent;
237 };
238
239
240 // ==================================================================
241 // AuthorizationSubject
242 // ==================================================================
243 [Association, Deprecated { "CIM_AuthorizedSubject" },
244 Version ( "2.8.0" ), Description (
245 "CIM_AuthorizationSubject is an association used to apply "
246 "authorization decisions to specific subjects (i.e., users). "
247 "This association is deprecated in lieu of a semantically "
248 "equivalent one, AuthorizedSubject, since one of the referenced "
249 "classes (AccessControlInformation) has been deprecated.")]
250 class CIM_AuthorizationSubject : CIM_Dependency {
251
252 [Deprecated { "CIM_AuthorizedSubject.Privilege" },
253 a.dunfey 1.1 Override ( "Antecedent" ), Description (
254 "AccessControlInformation that applies to a subject set.")]
255 CIM_AccessControlInformation REF Antecedent;
256
257 [Deprecated { "CIM_AuthorizedSubject.PrivilegedElement" },
258 Override ( "Dependent" ), Description (
259 "The subject set may be specified as a collection or as a "
260 "set of associations to ManagedElements that represent "
261 "users.")]
262 CIM_ManagedElement REF Dependent;
263 };
264
265
266 // ==================================================================
267 // AuthorizationTarget
268 // ==================================================================
269 [Association, Deprecated { "CIM_AuthorizedTarget" },
270 Version ( "2.8.0" ), Description (
271 "CIM_AuthorizationTarget is an association used to apply "
272 "authorization decisions to specific target resources. The "
273 "target resources may be aggregated into a collection or may be "
274 a.dunfey 1.1 "represented as a set of associations to ManagedElements. This "
275 "association is deprecated in lieu of a semantically equivalent "
276 "one, AuthorizedTarget, since one of the referenced classes "
277 "(AccessControlInformation) has been deprecated.")]
278 class CIM_AuthorizationTarget : CIM_Dependency {
279
280 [Deprecated { "CIM_AuthorizedTarget.Privilege" },
281 Override ( "Antecedent" ), Description (
282 "AccessControlInformation that applies to the target set.")]
283 CIM_AccessControlInformation REF Antecedent;
284
285 [Deprecated { "CIM_AuthorizedTarget.TargetElement" },
286 Override ( "Dependent" ), Description (
287 "The target set of resources may be specified as a "
288 "collection or as a set of associations to ManagedElements "
289 "that represent target resources.")]
290 CIM_ManagedElement REF Dependent;
291 };
292
293
294 // ===================================================================
295 a.dunfey 1.1 // end of file
296 // ===================================================================
|