1 a.dunfey 1.1 // ===================================================================
2 // Title: User_PrivilegeManagementService
3 // $State: Exp $
4 // $Date: 2004/11/29 18:31:43 $
5 // $RCSfile: User_PrivilegeManagementService.mof,v $
6 // $Revision: 1.2.2.3 $
7 // ===================================================================
8 //#pragma inLine ("Includes/copyright.inc")
9 // Copyright 1998-2005 Distributed Management Task Force, Inc. (DMTF).
10 // All rights reserved.
11 // DMTF is a not-for-profit association of industry members dedicated
12 // to promoting enterprise and systems management and interoperability.
13 // DMTF specifications and documents may be reproduced for uses
14 // consistent with this purpose by members and non-members,
15 // provided that correct attribution is given.
16 // As DMTF specifications may be revised from time to time,
17 // the particular version and release date should always be noted.
18 //
19 // Implementation of certain elements of this standard or proposed
20 // standard may be subject to third party patent rights, including
21 // provisional patent rights (herein "patent rights"). DMTF makes
22 a.dunfey 1.1 // no representations to users of the standard as to the existence
23 // of such rights, and is not responsible to recognize, disclose, or
24 // identify any or all such third party patent right, owners or
25 // claimants, nor for any incomplete or inaccurate identification or
26 // disclosure of such rights, owners or claimants. DMTF shall have no
27 // liability to any party, in any manner or circumstance, under any
28 // legal theory whatsoever, for failure to recognize, disclose, or
29 // identify any such third party patent rights, or for such party's
30 // reliance on the standard or incorporation thereof in its product,
31 // protocols or testing procedures. DMTF shall have no liability to
32 // any party implementing such standard, whether such implementation
33 // is foreseeable or not, nor to any patent owner or claimant, and shall
34 // have no liability or responsibility for costs or losses incurred if
35 // a standard is withdrawn or modified after publication, and shall be
36 // indemnified and held harmless by any party implementing the
37 // standard from any and all claims of infringement by a patent owner
38 // for such implementations.
39 //
40 // For information about patents held by third-parties which have
41 // notified the DMTF that, in their opinion, such patent may relate to
42 // or impact implementations of DMTF standards, visit
43 a.dunfey 1.1 // http://www.dmtf.org/about/policies/disclosures.php.
44 //#pragma inLine
45 // ===================================================================
46 // Description: The User Model extends the management concepts that
47 // are related to users and security.
48 // This file defines the concepts and classes related to
49 // hardware World Wide Names used as credentials
50 // for accessing Storage services and credentials.
51 //
52 // The object classes below are listed in an order that
53 // avoids forward references. Required objects, defined
54 // by other working groups, are omitted.
55 // ===================================================================
56 // Change Log for v2.8 Final
57 // CR1186 - Modified AssignAccess to be atomic, clarified Description,
58 // and used AuthorizedPrivilege as an input template
59 // CR1221 - Promoted PrivilegeManagementService to Final
60 // CR1229 - Removed ArrayType from properties that are not arrays
61 // CR1235 - Corrected copyright, changed RemoveAccess's return value
62 // from "Unknown" to "Unspecified Error", and corrected
63 // ValueMap/Values entries for the enumerated parameters of
64 a.dunfey 1.1 // AssignAccess / Clarified that methods apply to Authorized
65 // Privilege and not the Privilege superclass
66 //
67 // Change Log for v2.8 Preliminary (Company Review)
68 // CR1102 - Fixed PrivilegeManagementService for application to
69 // Storage LUN Masking.
70 //
71 // Change Log for v2.8 Preliminary -
72 // CR1017 - Created this file
73 // ===================================================================
74
75 #pragma Locale ("en_US")
76
77
78 // ==================================================================
79 // PrivilegeManagementService
80 // ==================================================================
81 [Version ( "2.8.0" ), Description (
82 "The PrivilegeManagementService is responsible for creating, "
83 "deleting, and associating AuthorizedPrivilege instances. "
84 "References to 'subject' and 'target' define the entities that "
85 a.dunfey 1.1 "are associated with an AuthorizedPrivilege instance via the "
86 "relationships, AuthorizedSubject and AuthorizedTarget, "
87 "respectively. When created, an AuthorizedPrivilege instance is "
88 "related to this (PrivilegeManagement)Service via the "
89 "association, ConcreteDependency.")]
90 class CIM_PrivilegeManagementService : CIM_AuthorizationService {
91
92 [Description (
93 "When this method is called, a provider updates the "
94 "specified Subject's rights to the Target according to the "
95 "parameters of this call. The rights are modeled via an "
96 "AuthorizedPrivilege instance. If an AuthorizedPrivilege "
97 "instance is created as a result of this call, it MUST be "
98 "linked to the Subject and Target via the AuthorizedSubject "
99 "and AuthorizedTarget associations, respectively. When "
100 "created, the AuthorizedPrivilege instance is associated to "
101 "this PrivilegeManagementService via ConcreteDependency. If "
102 "the execution of this call results in no rights between the "
103 "Subject and Target, then they MUST NOT be linked to a "
104 "particular AuthorizedPrivilege instance via "
105 "AuthorizedSubject and AuthorizedTarget respectively. \n"
106 a.dunfey 1.1 "\n"
107 "Note that regardless of whether specified via parameter, or "
108 "template, the Activities, ActivityQualifiers and "
109 "QualifierFormats, are mutually indexed. Also note that "
110 "Subject and Target references MUST be supplied. \n"
111 "\n"
112 "The successful completion of the method SHALL create any "
113 "necessary AuthorizedSubject, AuthorizedTarget, "
114 "AuthorizedPrivilege, HostedDependency, and "
115 "ConcreteDependency instances."),
116 ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000",
117 "16001", "16002", "16003", "16004", "16005..31999",
118 "32000..65535" },
119 Values { "Success", "Not Supported", "Unspecified Error",
120 "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
121 "Unsupported Subject", "Unsupported Privilege",
122 "Unsupported Target", "Authorization Error",
123 "NULL not supported", "Method Reserved", "Vendor Specific" }]
124 uint32 AssignAccess (
125
126 [Required, IN, Description (
127 a.dunfey 1.1 "The Subject parameter is a reference to a ManagedElement "
128 "instance. This parameter MUST be supplied.")]
129 CIM_ManagedElement REF Subject,
130
131 [IN, Description (
132 "MUST be NULL unless Privilege is NULL on input. The "
133 "PrivilegeGranted flag indicates whether the rights "
134 "defined by the parameters in this call should be granted "
135 "or denied to the named Subject/Target pair."),
136 ModelCorrespondence {
137 "CIM_AuthorizedPrivilege.PrivilegeGranted",
138 "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
139 boolean PrivilegeGranted,
140
141 [IN, Description (
142 "MUST be NULL unless the Privilege is NULL on input. This "
143 "parameter specifies the activities to be granted or "
144 "denied."),
145 ValueMap { "1", "2", "3", "4", "5", "6", "7", "..",
146 "16000..65535" },
147 Values { "Other", "Create", "Delete", "Detect", "Read",
148 a.dunfey 1.1 "Write", "Execute", "DMTF Reserved", "Vendor Reserved" },
149 ArrayType ( "Indexed" ),
150 ModelCorrespondence { "CIM_AuthorizedPrivilege.Activities",
151 "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
152 uint16 Activities[],
153
154 [IN, Description (
155 "MUST be NULL unless Privilege is NULL on input. This "
156 "parameter defines the activity qualifiers for the "
157 "Activities to be granted or denied."),
158 ArrayType ( "Indexed" ),
159 ModelCorrespondence {
160 "CIM_AuthorizedPrivilege.ActivityQualifers",
161 "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
162 string ActivityQualifiers[],
163
164 [IN, Description (
165 "MUST be NULL unless Privilege is NULL on input. This "
166 "parameter defines the qualifier formats for the "
167 "corresponding ActivityQualifiers."),
168 ValueMap { "2", "3", "4", "5", "6", "7", "8", "9",
169 a.dunfey 1.1 "10..15999", "16000..65535" },
170 Values { "Class Name", "<Class.>Property", "<Class.>Method",
171 "Object Reference", "Namespace", "URL",
172 "Directory/File Name", "Command Line Instruction",
173 "DMTF Reserved", "Vendor Reserved" },
174 ArrayType ( "Indexed" ),
175 ModelCorrespondence {
176 "CIM_AuthorizedPrivilege.QualifierFormats",
177 "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
178 uint16 QualifierFormats[],
179
180 [Required, IN, Description (
181 "The Target parameter is a reference to an instance of "
182 "ManagedElement. This parameter MUST be supplied.")]
183 CIM_ManagedElement REF Target,
184
185 [IN, OUT, Description (
186 "On input, this reference MUST be either NULL or refer to "
187 "an instance of AuthorizedPrivilege that is used as a "
188 "template. The rights granted by corresponding entries in "
189 "the Activities, ActivityQualifiers and QualifierFormats "
190 a.dunfey 1.1 "array properties are applied incrementally and do not "
191 "affect unnamed rights. If the property, "
192 "PrivilegeGranted, is false, then the named rights are "
193 "removed. If PrivilegeGranted is True, then the named "
194 "rights are added. (Note that the RemoveAccess method "
195 "SHOULD be used to completely remove all privileges "
196 "between a subject and a target. On output, this property "
197 "references an AuthorizedPrivilege instance that "
198 "represents the resulting rights between the named "
199 "Subject and the named Target. AuthorizedPrivilege "
200 "instances used as a templates in this property SHOULD "
201 "have a HostedDependency association to the "
202 "PriviligeManagementService and SHOULD NOT have any "
203 "AuthorizedTarget or AuthorizedSubject associations to "
204 "it.")]
205 CIM_AuthorizedPrivilege REF Privilege );
206
207 [Description (
208 "This method revokes a specific AuthorizedPrivilege or all "
209 "privileges for a particular target, subject, or "
210 "subject/target pair. If an AuthorizedPrivilege instance is "
211 a.dunfey 1.1 "left with no AuthorizedTarget associations, it SHOULD be "
212 "deleted. The successful completion of the method SHALL "
213 "remove the directly or indirectly requested "
214 "AuthorizedSubject, AuthorizedTarget and AuthorizedPrivilege "
215 "instances."),
216 ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000",
217 "16001", "16002", "16003", "16004..32767", "32768..65535" },
218 Values { "Success", "Not Supported", "Unspecified Error",
219 "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
220 "Unsupported Privilege", "Unsupported Target",
221 "Authorization Error", "Null parameter not supported",
222 "Method Reserved", "Vendor Specific" }]
223 uint32 RemoveAccess (
224 [IN, Description (
225 "The Subject parameter is a reference to a ManagedElement "
226 "instance (associated via AuthorizedSubject) for which "
227 "privileges are to be revoked.")]
228 CIM_ManagedElement REF Subject,
229
230 [IN, Description (
231 "A reference to the AuthorizedPrivilege to be revoked.")]
232 a.dunfey 1.1 CIM_AuthorizedPrivilege REF Privilege,
233
234 [IN, Description (
235 "The Target parameter is a reference to a ManagedElement "
236 "(associated via AuthorizedTarget) which will no longer "
237 "be protected via the AuthorizedPrivilege.")]
238 CIM_ManagedElement REF Target );
239 };
240
241
242 // ===================================================================
243 // end of file
244 // ===================================================================
|