1 karl 1.1 // ===================================================================
2 // Title: User-Security Access Control 2.7
3 // Filename: User27_AccessControl.mof
4 // Version: 2.7.0
5 // Status: Preliminary
6 // Date: 07/07/2002
7 // ===================================================================
8 // Copyright 2000-2002 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 karl 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 karl 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the concepts and classes for
47 // access control.
48 //
49 // The object classes below are listed in an order that
50 // avoids forward references. Required objects, defined
51 // by other working groups, are omitted.
52 // ===================================================================
53 // Change Log for v2.7 - None
54 // ===================================================================
55
56 #pragma Locale ("en_US")
57
58
59 // ==================================================================
60 // AccessControlInformation
61 // ==================================================================
62 [Version ("2.6.0"), Description (
63 "CIM_AccessControlInformation provides, through its properties "
64 karl 1.1 "and its associations, the specification of the access rights "
65 "granted to a set of subject users to a set of target resources. "
66 "The AccessControlInformation class is weak to the system (e.g., "
67 "Computer System or Administrative Domain) for which the access "
68 "controls apply.") ]
69 class CIM_AccessControlInformation : CIM_LogicalElement {
70
71 [Propagated ("CIM_System.CreationClassName"), Key, MaxLen (256),
72 Description ("Hosting system creation class name.") ]
73 string SystemCreationClassName;
74
75 [Propagated ("CIM_System.Name"), Key, MaxLen (256),
76 Description ("Hosting system name.") ]
77 string SystemName;
78
79 [Key, MaxLen (256), Description (
80 "CreationClassName indicates the name of the class or the "
81 "subclass used in the creation of an instance. When used "
82 "with the other key properties of this class, this property "
83 "allows all instances of this class and its subclasses to "
84 "be uniquely identified.") ]
85 karl 1.1 string CreationClassName;
86
87 [Key, MaxLen (256), Override ("Name"), Description (
88 "The Name property defines the unique label, in the context of "
89 "the hosting system, by which the AccessControlInformation "
90 "is known.") ]
91 string Name;
92
93 [Description (
94 "The SecurityClassification property specifies a named level "
95 "of security associated with the AccessControlInformation, "
96 "e.g., 'Confidential', 'Top Secret', etc.") ]
97 string SecurityClassification;
98
99 [Description (
100 "The AccessType property is an array of string values that "
101 "specifies the type of access for which the corresponding "
102 "permission applies. For example, it can be used to specify a "
103 "generic access such as 'Read-only', 'Read/Write', etc. for "
104 "file or record access control or it can be used to specifiy "
105 "an entry point name for service access control."),
106 karl 1.1 ModelCorrespondence {
107 "CIM_AccessControlInformation.AccessQualifier",
108 "CIM_AccessControlInformation.Permission"} ]
109 string AccessType[];
110
111 [Description (
112 "The AccessQualifier property is an array of string values "
113 "may be used to further qualify the type of access for which "
114 "the corresponding permission applies. For example, it may be "
115 "used to specify a set of parameters that are permitted or "
116 "denied in conjunction with the corresponding AccessType entry "
117 "point name."),
118 ModelCorrespondence {
119 "CIM_AccessControlInformation.AccessType",
120 "CIM_AccessControlInformation.Permission"} ]
121 string AccessQualifier[];
122
123 [Description (
124 "The Permission property is an array of string values "
125 "indicating the permission that applies to the corrsponding "
126 "AccessType and AccessQualifier array values. The values "
127 karl 1.1 "may be extended in subclasses to provide more specific access "
128 "controls."),
129 ValueMap {"Unknown", "Allow", "Deny", "Manage"},
130 ModelCorrespondence {
131 "CIM_AccessControlInformation.AccessType",
132 "CIM_AccessControlInformation.AccessQualifier"} ]
133 string Permission[];
134 };
135
136
137 // ==================================================================
138 // HostedACI
139 // ==================================================================
140 [Association, Version ("2.6.0"), Description (
141 "CIM_HostedACI is an association used to provide the namespace "
142 "scoping of AccessControlInformation. The hosted ACI may or may "
143 "not apply to resources on the hosting system.") ]
144 class CIM_HostedACI : CIM_Dependency {
145
146 [Min (1), Max (1), Override ("Antecedent"),
147 Description ("The hosting system.") ]
148 karl 1.1 CIM_System REF Antecedent;
149
150 [Override ("Dependent"), Weak,
151 Description ("The hosted AccessControlInformation.") ]
152 CIM_AccessControlInformation REF Dependent;
153 };
154
155
156 // ==================================================================
157 // AuthorizedUse
158 // ==================================================================
159 [Association, Version ("2.6.0"), Description (
160 "CIM_AuthorizedUse is an association used to provide an "
161 "AuthorizationService with the AccessControlInformation it needs "
162 "to do its job.") ]
163 class CIM_AuthorizedUse : CIM_Dependency {
164
165 [Override ("Antecedent"),
166 Description ("Access Control Information.") ]
167 CIM_AccessControlInformation REF Antecedent;
168
169 karl 1.1 [Override ("Dependent"),
170 Description ("AuthorizationService that uses an ACI.") ]
171 CIM_AuthorizationService REF Dependent;
172 };
173
174
175 // ==================================================================
176 // AuthorizationSubject
177 // ==================================================================
178 [Association, Version ("2.6.0"), Description (
179 "CIM_AuthorizationSubject is an association used to apply "
180 "authorization decisions to specific subjects (i.e., users). The "
181 "subjects may be identified directly or they may be aggregated "
182 "into a collection that may, in turn, use the MemberPrincipal "
183 "association to provide further indirection in the specification "
184 "of the subject set.") ]
185 class CIM_AuthorizationSubject : CIM_Dependency {
186
187 [Override ("Antecedent"), Description (
188 "AccessControlInformation that applies to a subject set.") ]
189 CIM_AccessControlInformation REF Antecedent;
190 karl 1.1
191 [Override ("Dependent"), Description (
192 "The subject set may be specified as a collection or as a set "
193 "of associations to ManagedElements that represent users.") ]
194 CIM_ManagedElement REF Dependent;
195 };
196
197
198 // ==================================================================
199 // AuthorizationTarget
200 // ==================================================================
201 [Association, Version ("2.6.0"), Description (
202 "CIM_AuthorizationTarget is an association used to apply "
203 "authorization decisions to specific target resources. The "
204 "target resources may be aggregated into a collection or may be "
205 "represented as a set of associations to ManagedElements.") ]
206 class CIM_AuthorizationTarget : CIM_Dependency {
207
208 [Override ("Antecedent"), Description (
209 "AccessControlInformation that applies to the target set.") ]
210 CIM_AccessControlInformation REF Antecedent;
211 karl 1.1
212 [Override ("Dependent"), Description (
213 "The target set of resources may be specified as a collection "
214 "or as a set of associations to ManagedElements that represent "
215 "target resources.") ]
216 CIM_ManagedElement REF Dependent;
217 };
218
219
220 // ===================================================================
221 // end of file
222 // ===================================================================
|