1 karl 1.1 // ===================================================================
2 // Title: User-Security Roles 2.9
3 // $State: Preliminary $
4 // $Date: 2004/07/06 16:48:30 $
5 // $Source: /home/dmtf2/dotorg/var/cvs/repositories/dev/Schema/MOF/User_Role.mof,v $
6 // $Revision: 1.3 $
7 // ===================================================================
8 //#pragma inLine ("Includes/copyright.inc")
9 // Copyright 2000-2004 Distributed Management Task Force, Inc. (DMTF).
10 // All rights reserved.
11 // DMTF is a not-for-profit association of industry members dedicated
12 // to promoting enterprise and systems management and interoperability.
13 // DMTF specifications and documents may be reproduced for uses
14 // consistent with this purpose by members and non-members,
15 // provided that correct attribution is given.
16 // As DMTF specifications may be revised from time to time,
17 // the particular version and release date should always be noted.
18 //
19 // Implementation of certain elements of this standard or proposed
20 // standard may be subject to third party patent rights, including
21 // provisional patent rights (herein "patent rights"). DMTF makes
22 karl 1.1 // no representations to users of the standard as to the existence
23 // of such rights, and is not responsible to recognize, disclose, or
24 // identify any or all such third party patent right, owners or
25 // claimants, nor for any incomplete or inaccurate identification or
26 // disclosure of such rights, owners or claimants. DMTF shall have no
27 // liability to any party, in any manner or circumstance, under any
28 // legal theory whatsoever, for failure to recognize, disclose, or
29 // identify any such third party patent rights, or for such party's
30 // reliance on the standard or incorporation thereof in its product,
31 // protocols or testing procedures. DMTF shall have no liability to
32 // any party implementing such standard, whether such implementation
33 // is foreseeable or not, nor to any patent owner or claimant, and shall
34 // have no liability or responsibility for costs or losses incurred if
35 // a standard is withdrawn or modified after publication, and shall be
36 // indemnified and held harmless by any party implementing the
37 // standard from any and all claims of infringement by a patent owner
38 // for such implementations.
39 //
40 // For information about patents held by third-parties which have
41 // notified the DMTF that, in their opinion, such patent may relate to
42 // or impact implementations of DMTF standards, visit
43 karl 1.1 // http://www.dmtf.org/about/policies/disclosures.php.
44 //#pragma inLine
45 // ===================================================================
46 // Description: The User Model extends the management concepts that
47 // are related to users and security.
48 // This file defines the concepts and classes for roles.
49 //
50 // The object classes below are listed in an order that
51 // avoids forward references. Required objects, defined
52 // by other working groups, are omitted.
53 // ===================================================================
54 // Change Log for v2.9 Preliminary
55 // DMTFCR01302 -
56 // Clarify Roles
57 // Add RoleLimitedToTarget
58 //
59 // Change Log for v2.8: None
60 //
61 // Change Log for v2.7
62 // (ERRATA) CR855 - Change cardinality of the Antecedent from 0..1
63 // to 1 for MoreOrganizationInfo and MoreOrgUnitInfo
64 karl 1.1 // ===================================================================
65
66 #pragma Locale ("en_US")
67
68
69 // ==================================================================
70 // Role
71 // ==================================================================
72 [Version ( "2.8.1000" ), Description (
73 "The Role object class is used to represent a position or set "
74 "of responsibilities within an organization, organizational "
75 "unit or other scope, and MAY be filled by a person or persons "
76 "(or non-human entities represented by ManagedSystemElement "
77 "subclasses) - i.e., the 'role occupants'. The latter MAY be "
78 "explicitly associated to a Role, by associating Identities "
79 "using MemberOfCollection. The 'position or set of "
80 "responsibilities' of a Role are represented as a set of rights "
81 "defined by instances of the Privilege class, and are also "
82 "associated to the Role via MemberOfCollection. If Identities "
83 "are not explicitly associated, instances of AuthorizationRule "
84 "MUST be associated with a Role using "
85 karl 1.1 "AuthorizationRuleAppliesToRole. The rule defines how subject "
86 "entities are authorized for a Role and to which target "
87 "entities the Role applies. \n"
88 "\n"
89 "The Role class is defined so as to incorporate commonly-used "
90 "LDAP attributes to permit implementations to easily derive "
91 "this information from LDAP-accessible directories. This "
92 "class's properties are a subset of a related class, "
93 "OtherRoleInformation, which defines all the group properties "
94 "and uses arrays for directory compatibility.")]
95 class CIM_Role : CIM_Collection {
96
97 [Key, Description (
98 "CreationClassName indicates the name of the class or the "
99 "subclass used in the creation of an instance. When used "
100 "with the other key properties of this class, this property "
101 "allows all instances of this class and its subclasses to be "
102 "uniquely identified."),
103 MaxLen ( 256 )]
104 string CreationClassName;
105
106 karl 1.1 [Key, Description (
107 "The Name property defines the label by which the object is "
108 "known. In the case of an LDAP-derived instance, the Name "
109 "property value may be set to the distinguished name of the "
110 "LDAP-accessed object instance."),
111 MaxLen ( 1024 )]
112 string Name;
113
114 [Description (
115 "This property may be used to describe the kind of business "
116 "activity performed by the members (role occupants) in the "
117 "position or set of responsibilities represented by the "
118 "Role."),
119 MaxLen ( 128 )]
120 string BusinessCategory;
121
122 [Required, Description (
123 "A Common Name is a (possibly ambiguous) name by which the "
124 "role is commonly known in some limited scope (such as an "
125 "organization) and conforms to the naming conventions of the "
126 "country or culture with which it is associated.")]
127 karl 1.1 string CommonName;
128 };
129
130
131 // ==================================================================
132 // OtherRoleInformation
133 // ==================================================================
134 [Version ( "2.6.0" ), Description (
135 "The OtherRoleInformation class is used to provide additional "
136 "information about an associated Role instance. This class is "
137 "defined so as to incorporate commonly-used LDAP attributes to "
138 "permit implementations to easily derive this information from "
139 "LDAP-accessible directories.")]
140 class CIM_OtherRoleInformation : CIM_ManagedElement {
141
142 [Key, Description (
143 "CreationClassName indicates the name of the class or the "
144 "subclass used in the creation of an instance. When used "
145 "with the other key properties of this class, this property "
146 "allows all instances of this class and its subclasses to be "
147 "uniquely identified."),
148 karl 1.1 MaxLen ( 256 )]
149 string CreationClassName;
150
151 [Key, Description (
152 "The Name property defines the label by which the object is "
153 "known. In the case of an LDAP-derived instance, the Name "
154 "property value may be set to the distinguished name of the "
155 "LDAP-accessed object instance."),
156 MaxLen ( 1024 )]
157 string Name;
158
159 [Description (
160 "In the case of an LDAP-derived instance, the ObjectClass "
161 "property value(s) may be set to the objectClass attribute "
162 "values.")]
163 string ObjectClass[];
164
165 [Description (
166 "This property may be used to describe the kind of business "
167 "activity performed by the members (role occupants) in the "
168 "position or set of responsibilities represented by the "
169 karl 1.1 "Role."),
170 MaxLen ( 128 )]
171 string BusinessCategory[];
172
173 [Description (
174 "A CommonName is a (possibly ambiguous) name by which the "
175 "role is commonly known in some limited scope (such as an "
176 "organization) and conforms to the naming conventions of the "
177 "country or culture with which it is associated.")]
178 string CommonName[];
179
180 [Description (
181 "The Descriptions property values may contain human-readable "
182 "descriptions of the object. In the case of an LDAP-derived "
183 "instance, the description attribute may have multiple "
184 "values that, therefore, cannot be placed in the inherited "
185 "Description property."),
186 MaxLen ( 1024 )]
187 string Descriptions[];
188
189 [Description (
190 karl 1.1 "This property is used for the role occupants' telegram "
191 "service."),
192 MaxLen ( 128 )]
193 string DestinationIndicator[];
194
195 [Description (
196 "The role occupants' facsimile telephone number.")]
197 string FacsimileTelephoneNumber[];
198
199 [Description (
200 "The role occupants' International ISDN number."),
201 MaxLen ( 16 )]
202 string InternationaliSDNNumber[];
203
204 [Description (
205 "The name of an organizational unit related to the role.")]
206 string OU[];
207
208 [Description (
209 "The PhysicalDeliveryOfficeName property specifies the name "
210 "of the city, village, etc. where a physical delivery office "
211 karl 1.1 "is situated."),
212 MaxLen ( 128 )]
213 string PhysicalDeliveryOfficeName[];
214
215 [Description (
216 "The PostalAddress property values specify the address "
217 "information required for the physical delivery of postal "
218 "messages by the postal authority to the role occupants.")]
219 string PostalAddress[];
220
221 [Description (
222 "The PostalCode property specifies the postal code for the "
223 "role occupants. If this value is present it will be part of "
224 "the object's postal address."),
225 MaxLen ( 40 )]
226 string PostalCode[];
227
228 [Description (
229 "The PostOfficeBox property specifies the PO box by which "
230 "the role occupants will receive physical postal delivery. "
231 "If present, the property value is part of the object's "
232 karl 1.1 "postal address."),
233 MaxLen ( 40 )]
234 string PostOfficeBox[];
235
236 [Description (
237 "The PreferredDeliveryMethod property specifies the role "
238 "occupants' preferred method to be used for contacting them "
239 "in their role.")]
240 string PreferredDeliveryMethod;
241
242 [Description (
243 "This property specifies a postal address suitable for "
244 "receipt of telegrams or expedited documents, where it is "
245 "necessary to have the recipient accept delivery.")]
246 string RegisteredAddress[];
247
248 [Description (
249 "In the case of an LDAP-derived instance, the SeeAlso "
250 "property specifies distinguished name of other Directory "
251 "objects which may be other aspects (in some sense) of the "
252 "same real world object.")]
253 karl 1.1 string SeeAlso[];
254
255 [Description (
256 "The State or Province name property specifies a state or "
257 "province.")]
258 string StateOrProvince[];
259
260 [Description (
261 "The Street address property specifies a site for the local "
262 "distribution and physical delivery in a postal address, "
263 "i.e. the street name, place, avenue, and the number."),
264 MaxLen ( 128 )]
265 string Street[];
266
267 [Description (
268 "The TelephoneNumber property specifies a telephone number "
269 "of the role occupants, e.g. + 44 582 10101)."),
270 MaxLen ( 32 )]
271 string TelephoneNumber[];
272
273 [Description (
274 karl 1.1 "The TeletexTerminalIdentifier property specifies the "
275 "Teletex terminal identifier (and, optionally, parameters) "
276 "for a teletex terminal associated with the role occupants.")]
277 string TeletexTerminalIdentifier[];
278
279 [Description (
280 "The TelexNumber property specifies the telex number, "
281 "country code, and answerback code of a telex terminal for "
282 "the role occupants.")]
283 string TelexNumber[];
284
285 [Description (
286 "An X.121 address for the role occupants."),
287 MaxLen ( 15 )]
288 string X121Address[];
289 };
290
291
292 // ==================================================================
293 // MoreRoleInfo
294 // ==================================================================
295 karl 1.1 [Association, Version ( "2.7.0" ), Description (
296 "CIM_MoreRoleInfo is an association used to extend the "
297 "information in a CIM_Role class instance.")]
298 class CIM_MoreRoleInfo : CIM_Dependency {
299
300 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
301 "The Role which has more information.")]
302 CIM_Role REF Antecedent;
303
304 [Override ( "Dependent" ), Max ( 1 ), Description (
305 "Additional data concerning the Role.")]
306 CIM_OtherRoleInformation REF Dependent;
307 };
308
309
310 // ==================================================================
311 // SystemAdministratorRole
312 // ==================================================================
313 [Association, Version ( "2.6.0" ), Description (
314 "CIM_SystemAdministratorRole is an association used to identify "
315 "a system administrator Role for a CIM_System.")]
316 karl 1.1 class CIM_SystemAdministratorRole : CIM_Dependency {
317
318 [Override ( "Antecedent" ), Description (
319 "The administered system.")]
320 CIM_System REF Antecedent;
321
322 [Override ( "Dependent" ), Description (
323 "The system administration role.")]
324 CIM_Role REF Dependent;
325 };
326
327 // ==================================================================
328 // RoleLimitedToTarget
329 // ==================================================================
330 [Association, Experimental, Version ( "2.8.1000" ), Description (
331 "The Role object class is used to represent a position or set "
332 "of responsibilities within an organization, organizational "
333 "unit or other scope. When explicitly restricting the target "
334 "elements that may be accessed from this Role, this association "
335 "MUST be used.")]
336 class CIM_RoleLimitedToTarget {
337 karl 1.1
338 [Key, Description (
339 "The Role whose target set is explicitly defined.")]
340 CIM_Role REF DefiningRole;
341
342 [Key, Description (
343 "Reference to the target set that can be accessed from the "
344 "Role.")]
345 CIM_ManagedElement REF TargetElement;
346 };
347
348
349 // ===================================================================
350 // end of file
351 // ===================================================================
|