1 a.dunfey 1.1 // ===================================================================
2 // Title: User-Security Groups
3 // $State: Preliminary $
4 // $Date: 2005/01/05 00:54:01 $
5 // $Source: /home/dmtf2/dotorg/var/cvs/repositories/dev/Schema/MOF/User_Group.mof,v $
6 // $Revision: 1.4 $
7 // ===================================================================
8 //#pragma inLine ("Includes/copyright.inc")
9 // Copyright 1998-2005 Distributed Management Task Force, Inc. (DMTF).
10 // All rights reserved.
11 // DMTF is a not-for-profit association of industry members dedicated
12 // to promoting enterprise and systems management and interoperability.
13 // DMTF specifications and documents may be reproduced for uses
14 // consistent with this purpose by members and non-members,
15 // provided that correct attribution is given.
16 // As DMTF specifications may be revised from time to time,
17 // the particular version and release date should always be noted.
18 //
19 // Implementation of certain elements of this standard or proposed
20 // standard may be subject to third party patent rights, including
21 // provisional patent rights (herein "patent rights"). DMTF makes
22 a.dunfey 1.1 // no representations to users of the standard as to the existence
23 // of such rights, and is not responsible to recognize, disclose, or
24 // identify any or all such third party patent right, owners or
25 // claimants, nor for any incomplete or inaccurate identification or
26 // disclosure of such rights, owners or claimants. DMTF shall have no
27 // liability to any party, in any manner or circumstance, under any
28 // legal theory whatsoever, for failure to recognize, disclose, or
29 // identify any such third party patent rights, or for such party's
30 // reliance on the standard or incorporation thereof in its product,
31 // protocols or testing procedures. DMTF shall have no liability to
32 // any party implementing such standard, whether such implementation
33 // is foreseeable or not, nor to any patent owner or claimant, and shall
34 // have no liability or responsibility for costs or losses incurred if
35 // a standard is withdrawn or modified after publication, and shall be
36 // indemnified and held harmless by any party implementing the
37 // standard from any and all claims of infringement by a patent owner
38 // for such implementations.
39 //
40 // For information about patents held by third-parties which have
41 // notified the DMTF that, in their opinion, such patent may relate to
42 // or impact implementations of DMTF standards, visit
43 a.dunfey 1.1 // http://www.dmtf.org/about/policies/disclosures.php.
44 //#pragma inLine
45 // ===================================================================
46 // Description: The User Model extends the management concepts that
47 // are related to users and security.
48 // This file defines the concepts and classes related to
49 // Groups.
50 //
51 // The object classes below are listed in an order that
52 // avoids forward references. Required objects, defined
53 // by other working groups, are omitted.
54 // ===================================================================
55 // Change Log for v2.9:
56 // CR1501 - Create AccountGroup and define relationship to
57 // ChangeAccess, ShowAccess, Roles, and AuthorizationPolicy
58 // CR1515 - Clarify intended use for LDAP, not general
59 //
60 // Change Log for v2.8: None
61 //
62 // Change Log for v2.7
63 // (ERRATA) CR855 - Changed cardinality of the Antecedent from 0..1
64 a.dunfey 1.1 // to 1 for MoreGroupInfo
65 // ===================================================================
66
67 #pragma Locale ("en_US")
68
69 // ==================================================================
70 // AccountGroup
71 // ==================================================================
72 [Experimental, Version ( "2.8.1000" ), Description (
73 "The AccountGroup class is used to collect Accounts into "
74 "groups. When this class is instantiated, it also carries an "
75 "Identity aspect, which is associated via ConcreteIdentity. "
76 "This Identity MAY be used in all places where any other "
77 "Identity MAY be used. In particular, it MAY be used with the "
78 "ShowAccess and ChangeAccess methods of the "
79 "PrivilegeMangementService and it MAY be aggregated into a Role "
80 "via MemberOfCollection and it MAY be associated to "
81 "AuthorizationRule by AuthorizationRuleAppliesToIdentity and to "
82 "AuthenticationRule by PolicySetAppliesToElement. In all of "
83 "these cases, Privileges extended to the Identity of the "
84 "AccountGroup are extended to the Identities associated with "
85 a.dunfey 1.1 "the collected Account instances.")]
86 class CIM_AccountGroup : CIM_Collection {
87
88 [Key, Description (
89 "Within the scope of the instantiating Namespace, InstanceID "
90 "opaquely and uniquely identifies an instance of this class. "
91 "In order to ensure uniqueness within the NameSpace, the "
92 "value of InstanceID SHOULD be constructed using the "
93 "following 'preferred' algorithm: \n"
94 "<OrgID>:<LocalID> \n"
95 "Where <OrgID> and <LocalID> are separated by a colon ':', "
96 "and where <OrgID> MUST include a copyrighted, trademarked "
97 "or otherwise unique name that is owned by the business "
98 "entity creating/defining the InstanceID, or is a registered "
99 "ID that is assigned to the business entity by a recognized "
100 "global authority (This is similar to the <Schema "
101 "Name>_<Class Name> structure of Schema class names.) In "
102 "addition, to ensure uniqueness <OrgID> MUST NOT contain a "
103 "colon (':'). When using this algorithm, the first colon to "
104 "appear in InstanceID MUST appear between <OrgID> and "
105 "<LocalID>. \n"
106 a.dunfey 1.1 "<LocalID> is chosen by the business entity and SHOULD not "
107 "be re-used to identify different underlying (real-world) "
108 "elements. If the above 'preferred' algorithm is not used, "
109 "the defining entity MUST assure that the resultant "
110 "InstanceID is not re-used across any InstanceIDs produced "
111 "by this or other providers for this instance's NameSpace. \n"
112 "For DMTF defined instances, the 'preferred' algorithm MUST "
113 "be used with the <OrgID> set to 'CIM'.")]
114 string InstanceID;
115 };
116
117 // ==================================================================
118 // Group
119 // ==================================================================
120 [Version ( "2.6.0" ), Description (
121 "The Group class is used to collect ManagedElements that are "
122 "intended to be conformant with an LDAP GroupOfNames, as "
123 "defined by IETF RFC 2256. For other purposes, "
124 "ConcreteCollection, or other subclasses of Collection, may be "
125 "more appropriate. \n"
126 "This class is defined so as to incorporate commonly-used LDAP "
127 a.dunfey 1.1 "attributes to permit implementations to easily derive this "
128 "information from LDAP-accessible directories. This class's "
129 "properties are a subset of a related class, "
130 "OtherGroupInformation, which defines all the group properties "
131 "and in array form for directory compatibility."),
132 MappingStrings { "RFC2407.IETF|Section 7.10 GroupOfNames" }]
133 class CIM_Group : CIM_Collection {
134
135 [Key, Description (
136 "CreationClassName indicates the name of the class or the "
137 "subclass used in the creation of an instance. When used "
138 "with the other key properties of this class, this property "
139 "allows all instances of this class and its subclasses to be "
140 "uniquely identified."),
141 MaxLen ( 256 )]
142 string CreationClassName;
143
144 [Key, Description (
145 "The Name property defines the label by which the object is "
146 "known. In the case of an LDAP-derived instance, the Name "
147 "property value may be set to the distinguished name of the "
148 a.dunfey 1.1 "LDAP-accessed object instance."),
149 MaxLen ( 1024 )]
150 string Name;
151
152 [Description (
153 "The BusinessCategory property may be used to describe the "
154 "kind of business activity performed by the members of the "
155 "group."),
156 MaxLen ( 128 )]
157 string BusinessCategory;
158
159 [Required, Description (
160 "A Common Name is a (possibly ambiguous) name by which the "
161 "group is commonly known in some limited scope (such as an "
162 "organization) and conforms to the naming conventions of the "
163 "country or culture with which it is associated.")]
164 string CommonName;
165 };
166
167
168 // ==================================================================
169 a.dunfey 1.1 // OtherGroupInformation
170 // ==================================================================
171 [Version ( "2.6.0" ), Description (
172 "The OtherGroupInformation class provides additional "
173 "information about an associated Group instance. This class is "
174 "defined so as to incorporate commonly-used LDAP attributes to "
175 "permit implementations to easily derive this information from "
176 "LDAP-accessible directories.")]
177 class CIM_OtherGroupInformation : CIM_ManagedElement {
178
179 [Key, Description (
180 "CreationClassName indicates the name of the class or the "
181 "subclass used in the creation of an instance. When used "
182 "with the other key properties of this class, this property "
183 "allows all instances of this class and its subclasses to be "
184 "uniquely identified."),
185 MaxLen ( 256 )]
186 string CreationClassName;
187
188 [Key, Description (
189 "The Name property defines the label by which the object is "
190 a.dunfey 1.1 "known. In the case of an LDAP-derived instance, the Name "
191 "property value may be set to the distinguished name of the "
192 "LDAP-accessed object instance."),
193 MaxLen ( 1024 )]
194 string Name;
195
196 [Description (
197 "In the case of an LDAP-derived instance, the ObjectClass "
198 "property value(s) may be set to the objectClass attribute "
199 "values.")]
200 string ObjectClass[];
201
202 [Description (
203 "The BusinessCategory property may be used to describe the "
204 "kind of business activity performed by the members of the "
205 "group."),
206 MaxLen ( 128 )]
207 string BusinessCategory[];
208
209 [Description (
210 "A Common Name is a (possibly ambiguous) name by which the "
211 a.dunfey 1.1 "group is commonly known in some limited scope (such as an "
212 "organization) and conforms to the naming conventions of the "
213 "country or culture with which it is associated.")]
214 string CommonName[];
215
216 [Description (
217 "The Descriptions property values may contain human-readable "
218 "descriptions of the object. In the case of an LDAP-derived "
219 "instance, the description attribute may have multiple "
220 "values that, therefore, cannot be placed in the inherited "
221 "Description property."),
222 MaxLen ( 1024 )]
223 string Descriptions[];
224
225 [Description (
226 "The name of an organization related to the group.")]
227 string OrganizationName[];
228
229 [Description (
230 "The name of an organizational unit related to the group.")]
231 string OU[];
232 a.dunfey 1.1
233 [Description (
234 "The Owner property specifies the name of some object that "
235 "has some responsibility for the group. In the case of an "
236 "LDAP-derived instance, a property value for Owner may be a "
237 "distinguished name of owning persons, groups, roles, etc.")]
238 string Owner[];
239
240 [Description (
241 "In the case of an LDAP-derived instance, the SeeAlso "
242 "property specifies distinguished name of other Directory "
243 "objects which may be other aspects (in some sense) of the "
244 "same real world object.")]
245 string SeeAlso[];
246 };
247
248
249 // ==================================================================
250 // MoreGroupInfo
251 // ==================================================================
252 [Association, Version ( "2.7.0" ), Description (
253 a.dunfey 1.1 "CIM_MoreGroupInfo is an association used to extend the "
254 "information in a CIM_Group class instance.")]
255 class CIM_MoreGroupInfo : CIM_Dependency {
256
257 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
258 "The Group which has more information.")]
259 CIM_Group REF Antecedent;
260
261 [Override ( "Dependent" ), Max ( 1 ), Description (
262 "Additional data concerning the Group.")]
263 CIM_OtherGroupInformation REF Dependent;
264 };
265
266
267 // ==================================================================
268 // SystemAdministratorGroup
269 // ==================================================================
270 [Association, Version ( "2.6.0" ), Description (
271 "CIM_SystemAdministratorGroup is an association used to "
272 "identify a Group that has system administrator "
273 "responsibilities for a CIM_System.")]
274 a.dunfey 1.1 class CIM_SystemAdministratorGroup : CIM_Dependency {
275
276 [Override ( "Antecedent" ), Description (
277 "The administered system.")]
278 CIM_System REF Antecedent;
279
280 [Override ( "Dependent" ), Description (
281 "The Group of administrators.")]
282 CIM_Group REF Dependent;
283 };
284
285
286 // ===================================================================
287 // end of file
288 // ===================================================================
|