Return to
User_Privilege.mof
CVS log
Up to [Pegasus] / pegasus / Schemas / CIM29
|
Return to
User_Privilege.mof
CVS log
|
Up to [Pegasus] / pegasus / Schemas / CIM29
|
|
File: [Pegasus] / pegasus / Schemas / CIM29 / User_Privilege.mof
(download)
Revision: 1.1, Thu Feb 17 00:09:56 2005 UTC (19 years, 3 months ago) by a.dunfey Branch: MAIN CVS Tags: preBug9676, postBug9676, TASK_PEP328_SOLARIS_NEVADA_PORT, TASK_PEP317_1JUNE_2013, TASK_PEP233_EmbeddedInstSupport-merge_out_trunk, TASK_BUG_5314_IPC_REFACTORING_ROOT, TASK_BUG_5314_IPC_REFACTORING_BRANCH, TASK_BUG_5314_IPC_REFACTORING-V1, TASK_BUG_5191_QUEUE_CONSOLIDATION_ROOT, TASK_BUG_5191_QUEUE_CONSOLIDATION_BRANCH, TASK-TASK_PEP362_RestfulService_branch-root, TASK-TASK_PEP362_RestfulService_branch-merged_out_from_trunk, TASK-TASK_PEP362_RestfulService_branch-merged_in_to_trunk, TASK-TASK_PEP362_RestfulService_branch-merged_in_from_branch, TASK-TASK_PEP362_RestfulService_branch-branch, TASK-TASK-BUG4011_WinLocalConnect-branch-New-root, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_out_to_branch, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_out_from_trunk, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_in_to_trunk, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_in_from_branch, TASK-TASK-BUG4011_WinLocalConnect-branch-New-branch, TASK-PEP362_RestfulService-root, TASK-PEP362_RestfulService-merged_out_to_branch, TASK-PEP362_RestfulService-merged_out_from_trunk, TASK-PEP362_RestfulService-merged_in_to_trunk, TASK-PEP362_RestfulService-merged_in_from_branch, TASK-PEP362_RestfulService-branch, TASK-PEP348_SCMO-root, TASK-PEP348_SCMO-merged_out_to_branch, TASK-PEP348_SCMO-merged_out_from_trunk, TASK-PEP348_SCMO-merged_in_to_trunk, TASK-PEP348_SCMO-merged_in_from_branch, TASK-PEP348_SCMO-branch, TASK-PEP328_SOLARIS_NEVADA_PORT_v2-root, TASK-PEP328_SOLARIS_NEVADA_PORT_v2-branch, TASK-PEP328_SOLARIS_NEVADA_PORT-root, TASK-PEP328_SOLARIS_NEVADA_PORT-branch, TASK-PEP328_SOLARIS_IX86_CC_PORT-root, TASK-PEP328_SOLARIS_IX86_CC_PORT-branch-v2, TASK-PEP328_SOLARIS_IX86_CC_PORT-branch, TASK-PEP317_pullop-root, TASK-PEP317_pullop-merged_out_to_branch, TASK-PEP317_pullop-merged_out_from_trunk, TASK-PEP317_pullop-merged_in_to_trunk, TASK-PEP317_pullop-merged_in_from_branch, TASK-PEP317_pullop-branch, TASK-PEP311_WSMan-root, TASK-PEP311_WSMan-branch, TASK-PEP305_VXWORKS-root, TASK-PEP305_VXWORKS-branch-pre-solaris-port, TASK-PEP305_VXWORKS-branch-post-solaris-port, TASK-PEP305_VXWORKS-branch-beta2, TASK-PEP305_VXWORKS-branch, TASK-PEP305_VXWORKS-2008-10-23, TASK-PEP291_IPV6-root, TASK-PEP291_IPV6-branch, TASK-PEP286_PRIVILEGE_SEPARATION-root, TASK-PEP286_PRIVILEGE_SEPARATION-branch, TASK-PEP274_dacim-root, TASK-PEP274_dacim-merged_out_to_branch, TASK-PEP274_dacim-merged_out_from_trunk, TASK-PEP274_dacim-merged_in_to_trunk, TASK-PEP274_dacim-merged_in_from_branch, TASK-PEP274_dacim-branch, TASK-PEP268_SSLClientCertificatePropagation-root, TASK-PEP268_SSLClientCertificatePropagation-merged_out_to_branch, TASK-PEP268_SSLClientCertificatePropagation-merged_out_from_trunk, TASK-PEP268_SSLClientCertificatePropagation-merged_in_to_trunk, TASK-PEP268_SSLClientCertificatePropagation-merged_in_from_branch, TASK-PEP268_SSLClientCertificatePropagation-branch, TASK-PEP267_SLPReregistrationSupport-root, TASK-PEP267_SLPReregistrationSupport-merging_out_to_branch, TASK-PEP267_SLPReregistrationSupport-merging_out_from_trunk, TASK-PEP267_SLPReregistrationSupport-merged_out_to_branch, TASK-PEP267_SLPReregistrationSupport-merged_out_from_trunk, TASK-PEP267_SLPReregistrationSupport-merged_in_to_trunk, TASK-PEP267_SLPReregistrationSupport-merged_in_from_branch, TASK-PEP267_SLPReregistrationSupport-branch, TASK-PEP250_RPMProvider-root, TASK-PEP250_RPMProvider-merged_out_to_branch, TASK-PEP250_RPMProvider-merged_out_from_trunk, TASK-PEP250_RPMProvider-merged_in_to_trunk, TASK-PEP250_RPMProvider-merged_in_from_branch, TASK-PEP250_RPMProvider-branch, TASK-PEP245_CimErrorInfrastructure-root, TASK-PEP245_CimErrorInfrastructure-merged_out_to_branch, TASK-PEP245_CimErrorInfrastructure-merged_out_from_trunk, TASK-PEP245_CimErrorInfrastructure-merged_in_to_trunk, TASK-PEP245_CimErrorInfrastructure-merged_in_from_branch, TASK-PEP245_CimErrorInfrastructure-branch, TASK-PEP241_OpenPegasusStressTests-root, TASK-PEP241_OpenPegasusStressTests-merged_out_to_branch, TASK-PEP241_OpenPegasusStressTests-merged_out_from_trunk, TASK-PEP241_OpenPegasusStressTests-merged_in_to_trunk, TASK-PEP241_OpenPegasusStressTests-merged_in_from_branch, TASK-PEP241_OpenPegasusStressTests-branch, TASK-Bugs5690_3913_RemoteCMPI-root, TASK-Bugs5690_3913_RemoteCMPI-merged_out_to_branch, TASK-Bugs5690_3913_RemoteCMPI-merged_out_from_trunk, TASK-Bugs5690_3913_RemoteCMPI-merged_in_to_trunk, TASK-Bugs5690_3913_RemoteCMPI-merged_in_from_branch, TASK-Bugs5690_3913_RemoteCMPI-branch, TASK-Bug2102_RCMPIWindows-root, TASK-Bug2102_RCMPIWindows-merged_out_to_branch, TASK-Bug2102_RCMPIWindows-merged_out_from_trunk, TASK-Bug2102_RCMPIWindows-merged_in_to_trunk, TASK-Bug2102_RCMPIWindows-merged_in_from_branch, TASK-Bug2102_RCMPIWindows-branch, TASK-Bug2102Final-root, TASK-Bug2102Final-merged_out_to_branch, TASK-Bug2102Final-merged_out_from_trunk, TASK-Bug2102Final-merged_in_to_trunk, TASK-Bug2102Final-merged_in_from_branch, TASK-Bug2102Final-branch, TASK-Bug2021_RemoteCMPIonWindows-root, TASK-Bug2021_RemoteCMPIonWindows-merged_out_to_branch, TASK-Bug2021_RemoteCMPIonWindows-merged_out_from_trunk, TASK-Bug2021_RemoteCMPIonWindows-merged_in_to_trunk, TASK-Bug2021_RemoteCMPIonWindows-merged_in_from_branch, TASK-Bug2021_RemoteCMPIonWindows-branch, TASK-Bug2021_RCMPIonWindows-root, TASK-Bug2021_RCMPIonWindows-merged_out_to_branch, TASK-Bug2021_RCMPIonWindows-merged_out_from_trunk, TASK-Bug2021_RCMPIonWindows-merged_in_to_trunk, TASK-Bug2021_RCMPIonWindows-merged_in_from_branch, TASK-Bug2021_RCMPIonWindows-branch, TASK-BUG7240-root, TASK-BUG7240-branch, TASK-BUG7146_SqlRepositoryPrototype-root, TASK-BUG7146_SqlRepositoryPrototype-merged_out_to_branch, TASK-BUG7146_SqlRepositoryPrototype-merged_out_from_trunk, TASK-BUG7146_SqlRepositoryPrototype-merged_in_to_trunk, TASK-BUG7146_SqlRepositoryPrototype-merged_in_from_branch, TASK-BUG7146_SqlRepositoryPrototype-branch, TASK-BUG4011_WinLocalConnect-root, TASK-BUG4011_WinLocalConnect-merged_out_to_branch, TASK-BUG4011_WinLocalConnect-merged_out_from_trunk, TASK-BUG4011_WinLocalConnect-merged_in_to_trunk, TASK-BUG4011_WinLocalConnect-merged_in_from_branch, TASK-BUG4011_WinLocalConnect-branch-New, TASK-BUG4011_WinLocalConnect-branch, STABLE, RELEASE_2_9_2-RC2, RELEASE_2_9_2-RC1, RELEASE_2_9_2, RELEASE_2_9_1-RC1, RELEASE_2_9_1, RELEASE_2_9_0-RC1, RELEASE_2_9_0-FC, RELEASE_2_9_0, RELEASE_2_9-root, RELEASE_2_9-branch, RELEASE_2_8_2-RC1, RELEASE_2_8_2, RELEASE_2_8_1-RC1, RELEASE_2_8_1, RELEASE_2_8_0_BETA, RELEASE_2_8_0-RC2, RELEASE_2_8_0-RC1, RELEASE_2_8_0-FC, RELEASE_2_8_0, RELEASE_2_8-root, RELEASE_2_8-branch, RELEASE_2_7_3-RC1, RELEASE_2_7_3, RELEASE_2_7_2-RC1, RELEASE_2_7_2, RELEASE_2_7_1-RC1, RELEASE_2_7_1, RELEASE_2_7_0-RC1, RELEASE_2_7_0-BETA, RELEASE_2_7_0, RELEASE_2_7-root, RELEASE_2_7-branch, RELEASE_2_6_3-RC2, RELEASE_2_6_3-RC1, RELEASE_2_6_3, RELEASE_2_6_2-RC1, RELEASE_2_6_2, RELEASE_2_6_1-RC1, RELEASE_2_6_1, RELEASE_2_6_0-RC1, RELEASE_2_6_0-FC, RELEASE_2_6_0, RELEASE_2_6-root, RELEASE_2_6-branch-clean, RELEASE_2_6-branch, RELEASE_2_5_5-RC2, RELEASE_2_5_5-RC1, RELEASE_2_5_5, RELEASE_2_5_4-RC2, RELEASE_2_5_4-RC1, RELEASE_2_5_4, RELEASE_2_5_3-RC1, RELEASE_2_5_3, RELEASE_2_5_2-RC1, RELEASE_2_5_2, RELEASE_2_5_1-RC1, RELEASE_2_5_1, RELEASE_2_5_0-RC1, RELEASE_2_5_0, RELEASE_2_5-root, RELEASE_2_5-branch, RELEASE_2_14_1, RELEASE_2_14_0-RC2, RELEASE_2_14_0-RC1, RELEASE_2_14_0, RELEASE_2_14-root, RELEASE_2_14-branch, RELEASE_2_13_0-RC2, RELEASE_2_13_0-RC1, RELEASE_2_13_0-FC, RELEASE_2_13_0, RELEASE_2_13-root, RELEASE_2_13-branch, RELEASE_2_12_1-RC1, RELEASE_2_12_1, RELEASE_2_12_0-RC1, RELEASE_2_12_0-FC, RELEASE_2_12_0, RELEASE_2_12-root, RELEASE_2_12-branch, RELEASE_2_11_2-RC1, RELEASE_2_11_2, RELEASE_2_11_1-RC1, RELEASE_2_11_1, RELEASE_2_11_0-RC1, RELEASE_2_11_0-FC, RELEASE_2_11_0, RELEASE_2_11-root, RELEASE_2_11-branch, RELEASE_2_10_1-RC1, RELEASE_2_10_1, RELEASE_2_10_0-RC2, RELEASE_2_10_0-RC1, RELEASE_2_10_0, RELEASE_2_10-root, RELEASE_2_10-branch, PREAUG25UPDATE, POSTAUG25UPDATE, PEP286_PRIVILEGE_SEPARATION_ROOT, PEP286_PRIVILEGE_SEPARATION_CODE_FREEZE, PEP286_PRIVILEGE_SEPARATION_BRANCH, PEP286_PRIVILEGE_SEPARATION_1, PEP244_ServerProfile-root, PEP244_ServerProfile-branch, PEP233_EmbeddedInstSupport-root, PEP233_EmbeddedInstSupport-branch, PEP214ROOT, PEP214BRANCH, PEP214-root, PEP214-branch, PEP-214B-root, PEGASUS_2_5_0_PerformanceDev-string-end, PEGASUS_2_5_0_PerformanceDev-rootlt, PEGASUS_2_5_0_PerformanceDev-root, PEGASUS_2_5_0_PerformanceDev-r2, PEGASUS_2_5_0_PerformanceDev-r1, PEGASUS_2_5_0_PerformanceDev-lit-end, PEGASUS_2_5_0_PerformanceDev-buffer-end, PEGASUS_2_5_0_PerformanceDev-branch, PEGASUS_2_5_0_PerformanceDev-AtomicInt-branch, PEG25_IBM_5_16_05, NPEGASUS_2_5_0_PerformanceDev-String-root, NNPEGASUS_2_5_0_PerformanceDev-String-branch, Makefile, HPUX_TEST, HEAD, CIMRS_WORK_20130824, BeforeUpdateToHeadOct82011, BUG_4225_PERFORMANCE_VERSION_1_DONE PEP#: 215 TITLE: Adding CIM29 to Repository DESCRIPTION: I added CIM 2.9 Final to the Pegasus Repository. I did NOT make any build changes. This just makes the CIM29 schema available for testing until a time is designated for switching the default schema from 2.8 to 2.9. |
// ===================================================================
// Title: User_Privilege
// $State: Exp $
// $Date: 2005/02/17 00:09:56 $
// $RCSfile: User_Privilege.mof,v $
// $Revision: 1.1 $
// ===================================================================
//#pragma inLine ("Includes/copyright.inc")
// Copyright 1998-2005 Distributed Management Task Force, Inc. (DMTF).
// All rights reserved.
// DMTF is a not-for-profit association of industry members dedicated
// to promoting enterprise and systems management and interoperability.
// DMTF specifications and documents may be reproduced for uses
// consistent with this purpose by members and non-members,
// provided that correct attribution is given.
// As DMTF specifications may be revised from time to time,
// the particular version and release date should always be noted.
//
// Implementation of certain elements of this standard or proposed
// standard may be subject to third party patent rights, including
// provisional patent rights (herein "patent rights"). DMTF makes
// no representations to users of the standard as to the existence
// of such rights, and is not responsible to recognize, disclose, or
// identify any or all such third party patent right, owners or
// claimants, nor for any incomplete or inaccurate identification or
// disclosure of such rights, owners or claimants. DMTF shall have no
// liability to any party, in any manner or circumstance, under any
// legal theory whatsoever, for failure to recognize, disclose, or
// identify any such third party patent rights, or for such party's
// reliance on the standard or incorporation thereof in its product,
// protocols or testing procedures. DMTF shall have no liability to
// any party implementing such standard, whether such implementation
// is foreseeable or not, nor to any patent owner or claimant, and shall
// have no liability or responsibility for costs or losses incurred if
// a standard is withdrawn or modified after publication, and shall be
// indemnified and held harmless by any party implementing the
// standard from any and all claims of infringement by a patent owner
// for such implementations.
//
// For information about patents held by third-parties which have
// notified the DMTF that, in their opinion, such patent may relate to
// or impact implementations of DMTF standards, visit
// http://www.dmtf.org/about/policies/disclosures.php.
//#pragma inLine
// ===================================================================
// Description: The User Model extends the management concepts that
// are related to users and security.
// This file defines the concepts and classes related to
// Privileges
//
// The object classes below are listed in an order that
// avoids forward references. Required objects, defined
// by other working groups, are omitted.
// ===================================================================
// Change Log for v2.8 Final -
// CR1219 - Created subclass of Privilege, AuthorizedPrivilege,
// moved AuthorizedSubject/Target associations to Authorized
// Privilege, and promoted Privilege-related classes from
// Experimental to Final
// CR1221 - Also promoted Privilege-related classes to Final
// CR1229 - Added ArrayType ("Indexed") qualifier to
// Privilege.Activites
// CR1235 - Corrected copyright
//
// Change Log for v2.8 Preliminary -
// CR1011 - Created this file.
// CR1082 - Fixed Value/ValueMap defintions for properties in Privilege
// ===================================================================
#pragma Locale ("en_US")
// ==================================================================
// Privilege
// ==================================================================
[Version ( "2.8.0" ), Description (
"Privilege is the base class for all types of activities which "
"are granted or denied by a Role or an Identity. Whether an "
"individual Privilege is granted or denied is defined using the "
"PrivilegeGranted boolean. Any Privileges not specifically "
"granted are assumed to be denied. An explicit deny (Privilege "
"Granted = FALSE) takes precedence over any granted Privileges. "
"\n\n"
"The association of subjects (Roles and Identities) to "
"Privileges is accomplished using policy or explicitly via the "
"associations on a subclass. The entities that are protected "
"(targets) can be similarly defined. \n"
"\n"
"Note that Privileges may be inherited through hierarchical "
"Roles, or may overlap. For example, a Privilege denying any "
"instance Writes in a particular CIM Server Namespace would "
"overlap with a Privilege defining specific access rights at an "
"instance level within that Namespace. In this example, the "
"AuthorizedSubjects are either Identities or Roles, and the "
"AuthorizedTargets are a Namespace in the former case, and a "
"particular instance in the latter.")]
class CIM_Privilege : CIM_ManagedElement {
[Key, Description (
"Within the scope of the instantiating Namespace, InstanceID "
"opaquely and uniquely identifies an instance of this class. "
"In order to ensure uniqueness within the NameSpace, the "
"value of InstanceID SHOULD be constructed using the "
"following 'preferred' algorithm: \n"
"<OrgID>:<LocalID> \n"
"Where <OrgID> and <LocalID> are separated by a colon ':', "
"and where <OrgID> MUST include a copyrighted, trademarked "
"or otherwise unique name that is owned by the business "
"entity creating/defining the InstanceID, or is a registered "
"ID that is assigned to the business entity by a recognized "
"global authority. (This is similar to the <Schema "
"Name>_<Class Name> structure of Schema class names.) In "
"addition, to ensure uniqueness <OrgID> MUST NOT contain a "
"colon (':'). When using this algorithm, the first colon to "
"appear in InstanceID MUST appear between <OrgID> and "
"<LocalID>. \n"
"<LocalID> is chosen by the business entity and SHOULD not "
"be re-used to identify different underlying (real-world) "
"elements. If the above 'preferred' algorithm is not used, "
"the defining entity MUST assure that the resultant "
"InstanceID is not re-used across any InstanceIDs produced "
"by this or other providers for this instance's NameSpace. "
"For DMTF defined instances, the 'preferred' algorithm MUST "
"be used with the <OrgID> set to 'CIM'.")]
string InstanceID;
[Description (
"Boolean indicating whether the Privilege is granted (TRUE) "
"or denied (FALSE). The default is to grant permission.")]
boolean PrivilegeGranted = TRUE;
[Description (
"An enumeration indicating the activities that are granted "
"or denied. These activities apply to all entities specified "
"in the ActivityQualifiers array. The values in the "
"enumeration are straightforward except for one, "
"4=\"Detect\". This value indicates that the existence or "
"presence of an entity may be determined, but not "
"necessarily specific data (which requires the Read "
"privilege to be true). This activity is exemplified by "
"'hidden files'- if you list the contents of a directory, "
"you will not see hidden files. However, if you know a "
"specific file name, or know how to expose hidden files, "
"then they can be 'detected'. Another example is the ability "
"to define search privileges in directory implementations."),
ValueMap { "1", "2", "3", "4", "5", "6", "7", "..15999",
"16000.." },
Values { "Other", "Create", "Delete", "Detect", "Read", "Write",
"Execute", "DMTF Reserved", "Vendor Reserved" },
ArrayType ( "Indexed" ),
ModelCorrespondence { "CIM_Privilege.ActivityQualifiers" }]
uint16 Activities[];
[Description (
"The ActivityQualifiers property is an array of string "
"values used to further qualify and specify the privileges "
"granted or denied. For example, it is used to specify a set "
"of files for which 'Read'/'Write' access is permitted or "
"denied. Or, it defines a class' methods that may be "
"'Executed'. Details on the semantics of the individual "
"entries in ActivityQualifiers are provided by corresponding "
"entries in the QualifierFormats array."),
ArrayType ( "Indexed" ),
ModelCorrespondence { "CIM_Privilege.Activities",
"CIM_Privilege.QualifierFormats" }]
string ActivityQualifiers[];
[Description (
"Defines the semantics of corresponding entries in the "
"ActivityQualifiers array. An example of each of these "
"'formats' and their use follows: \n"
"- 2=Class Name. Example: If the authorization target is a "
"CIM Service or a Namespace, then the ActivityQualifiers "
"entries can define a list of classes that the authorized "
"subject is able to create or delete. \n"
"- 3=<Class.>Property. Example: If the authorization target "
"is a CIM Service, Namespace or Collection of instances, "
"then the ActivityQualifiers entries can define the class "
"properties that may or may not be accessed. In this case, "
"the class names are specified with the property names to "
"avoid ambiguity - since a CIM Service, Namespace or "
"Collection could manage multiple classes. On the other "
"hand, if the authorization target is an individual "
"instance, then there is no possible ambiguity and the class "
"name may be omitted. To specify ALL properties, the "
"wildcard string \"*\" should be used. \n"
"- 4=<Class.>Method. This example is very similar to the "
"Property one, above. And, as above, the string \"*\" may be "
"specified to select ALL methods. \n"
"- 5=Object Reference. Example: If the authorization target "
"is a CIM Service or Namespace, then the ActivityQualifiers "
"entries can define a list of object references (as strings) "
"that the authorized subject can access. \n"
"- 6=Namespace. Example: If the authorization target is a "
"CIM Service, then the ActivityQualifiers entries can define "
"a list of Namespaces that the authorized subject is able to "
"access. \n"
"- 7=URL. Example: An authorization target may not be "
"defined, but a Privilege could be used to deny access to "
"specific URLs by individual Identities or for specific "
"Roles, such as the 'under 17' Role. \n"
"- 8=Directory/File Name. Example: If the authorization "
"target is a FileSystem, then the ActivityQualifiers entries "
"can define a list of directories and files whose access is "
"protected. \n"
"- 9=Command Line Instruction. Example: If the authorization "
"target is a ComputerSystem or Service, then the "
"ActivityQualifiers entries can define a list of command "
"line instructions that may or may not be 'Executed' by the "
"authorized subjects."),
ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", "..15999",
"16000.." },
Values { "Class Name", "<Class.>Property", "<Class.>Method",
"Object Reference", "Namespace", "URL",
"Directory/File Name", "Command Line Instruction",
"DMTF Reserved", "Vendor Reserved" }, ArrayType ( "Indexed" ),
ModelCorrespondence { "CIM_Privilege.ActivityQualifiers" }]
uint16 QualifierFormats[];
};
// ==================================================================
// AuthorizedPrivilege
// ==================================================================
[Version ( "2.8.0" ), Description (
"Privilege is the base class for all types of activities which "
"are granted or denied to a Role or an Identity. "
"AuthorizedPrivilege is a subclass defining static renderings "
"of authorization policy rules. The association of Roles and "
"Identities to AuthorizedPrivilege is accomplished using the "
"AuthorizedSubject relationship. The entities that are "
"protected are defined using the AuthorizedTarget relationship. "
"\n\n"
"Note that this class and its AuthorizedSubject/Target "
"associations provide a short-hand, static mechanism to "
"represent authorization policies.")]
class CIM_AuthorizedPrivilege : CIM_Privilege {
};
// ==================================================================
// AuthorizedSubject
// ==================================================================
[Association, Version ( "2.8.0" ), Description (
"CIM_AuthorizedSubject is an association used to tie specific "
"AuthorizedPrivileges to specific subjects (i.e., Identities, "
"Roles or Collections of these). At this time, only Identities "
"and Roles (or Collections of Identities and Roles) should be "
"associated to AuthorizedPrivileges using this relationship. "
"Note that any Privileges not explicitly granted to a subject, "
"SHOULD be denied.")]
class CIM_AuthorizedSubject {
[Key, Description (
"The AuthorizedPrivilege either granted or denied to an "
"Identity, Role or Collection. Whether the privilege is "
"granted or denied is defined by the inherited property, "
"CIM_Privilege.PrivilegeGranted.")]
CIM_AuthorizedPrivilege REF Privilege;
[Key, Description (
"The Subject for which AuthorizedPrivileges are granted or "
"denied. Whether the privilege is granted or denied is "
"defined by the property, CIM_Privilege.PrivilegeGranted.")]
CIM_ManagedElement REF PrivilegedElement;
};
// ==================================================================
// AuthorizedTarget
// ==================================================================
[Association, Version ( "2.8.0" ), Description (
"CIM_AuthorizedTarget is an association used to tie an "
"Identity's or Role's AuthorizedPrivileges to specific target "
"resources.")]
class CIM_AuthorizedTarget {
[Key, Description (
"The AuthorizedPrivilege affecting the target resource.")]
CIM_AuthorizedPrivilege REF Privilege;
[Key, Description (
"The target set of resources to which the "
"AuthorizedPrivilege applies.")]
CIM_ManagedElement REF TargetElement;
};
// ===================================================================
// end of file
// ===================================================================
| No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |