1 a.dunfey 1.1 // ===================================================================
2 // Title: User-Security Privilege
3 // $State: Preliminary $
4 // $Date: 2005/01/05 00:54:01 $
5 // $Source: /home/dmtf2/dotorg/var/cvs/repositories/dev/Schema/MOF/User_Privilege.mof,v $
6 // $Revision: 1.8 $
7 // ===================================================================
8 //#pragma inLine ("Includes/copyright.inc")
9 // Copyright 1998-2005 Distributed Management Task Force, Inc. (DMTF).
10 // All rights reserved.
11 // DMTF is a not-for-profit association of industry members dedicated
12 // to promoting enterprise and systems management and interoperability.
13 // DMTF specifications and documents may be reproduced for uses
14 // consistent with this purpose by members and non-members,
15 // provided that correct attribution is given.
16 // As DMTF specifications may be revised from time to time,
17 // the particular version and release date should always be noted.
18 //
19 // Implementation of certain elements of this standard or proposed
20 // standard may be subject to third party patent rights, including
21 // provisional patent rights (herein "patent rights"). DMTF makes
22 a.dunfey 1.1 // no representations to users of the standard as to the existence
23 // of such rights, and is not responsible to recognize, disclose, or
24 // identify any or all such third party patent right, owners or
25 // claimants, nor for any incomplete or inaccurate identification or
26 // disclosure of such rights, owners or claimants. DMTF shall have no
27 // liability to any party, in any manner or circumstance, under any
28 // legal theory whatsoever, for failure to recognize, disclose, or
29 // identify any such third party patent rights, or for such party's
30 // reliance on the standard or incorporation thereof in its product,
31 // protocols or testing procedures. DMTF shall have no liability to
32 // any party implementing such standard, whether such implementation
33 // is foreseeable or not, nor to any patent owner or claimant, and shall
34 // have no liability or responsibility for costs or losses incurred if
35 // a standard is withdrawn or modified after publication, and shall be
36 // indemnified and held harmless by any party implementing the
37 // standard from any and all claims of infringement by a patent owner
38 // for such implementations.
39 //
40 // For information about patents held by third-parties which have
41 // notified the DMTF that, in their opinion, such patent may relate to
42 // or impact implementations of DMTF standards, visit
43 a.dunfey 1.1 // http://www.dmtf.org/about/policies/disclosures.php.
44 //#pragma inLine
45 // ===================================================================
46 // Description: The User Model extends the management concepts that
47 // are related to users and security.
48 // This file defines the concepts and classes related to
49 // Privileges
50 //
51 // The object classes below are listed in an order that
52 // avoids forward references. Required objects, defined
53 // by other working groups, are omitted.
54 // ===================================================================
55 // Change Log for v2.9 Final -
56 // CR1547 - Fix enumeration conflict in Privilege.ActivityQualifiers
57 // .001: Fix range for dmtf reserved and propagate additional
58 // values to PrivilegeManagementService
59 // Change Log for v2.9 Preliminary -
60 // CR1342 - Added Privilege.RepresentsAuthorizationRights
61 // Added SCSI Commands to Privilege.QualifierFormats
62 // CR1442 - Addition of Packets to Privilege.QualifierFormats
63 //
64 a.dunfey 1.1 // Change Log for v2.8 Final -
65 // CR1219 - Created subclass of Privilege, AuthorizedPrivilege,
66 // moved AuthorizedSubject/Target associations to Authorized
67 // Privilege, and promoted Privilege-related classes from
68 // Experimental to Final
69 // CR1221 - Also promoted Privilege-related classes to Final
70 // CR1229 - Added ArrayType ("Indexed") qualifier to
71 // Privilege.Activites
72 // CR1235 - Corrected copyright
73 //
74 // Change Log for v2.8 Preliminary -
75 // CR1011 - Created this file.
76 // CR1082 - Fixed Value/ValueMap defintions for properties in Privilege
77 // ===================================================================
78
79 #pragma Locale ("en_US")
80
81
82 // ==================================================================
83 // Privilege
84 // ==================================================================
85 a.dunfey 1.1 [Version ( "2.8.1000" ), Description (
86 "Privilege is the base class for all types of activities which "
87 "are granted or denied by a Role or an Identity. Whether an "
88 "individual Privilege is granted or denied is defined using the "
89 "PrivilegeGranted boolean. Any Privileges not specifically "
90 "granted are assumed to be denied. An explicit deny (Privilege "
91 "Granted = FALSE) takes precedence over any granted Privileges. "
92 "\n\n"
93 "The association of subjects (Roles and Identities) to "
94 "Privileges is accomplished using policy or explicitly via the "
95 "associations on a subclass. The entities that are protected "
96 "(targets) can be similarly defined. \n"
97 "\n"
98 "Note that Privileges may be inherited through hierarchical "
99 "Roles, or may overlap. For example, a Privilege denying any "
100 "instance Writes in a particular CIM Server Namespace would "
101 "overlap with a Privilege defining specific access rights at an "
102 "instance level within that Namespace. In this example, the "
103 "AuthorizedSubjects are either Identities or Roles, and the "
104 "AuthorizedTargets are a Namespace in the former case, and a "
105 "particular instance in the latter.")]
106 a.dunfey 1.1 class CIM_Privilege : CIM_ManagedElement {
107
108 [Key, Description (
109 "Within the scope of the instantiating Namespace, InstanceID "
110 "opaquely and uniquely identifies an instance of this class. "
111 "In order to ensure uniqueness within the NameSpace, the "
112 "value of InstanceID SHOULD be constructed using the "
113 "following 'preferred' algorithm: \n"
114 "<OrgID>:<LocalID> \n"
115 "Where <OrgID> and <LocalID> are separated by a colon ':', "
116 "and where <OrgID> MUST include a copyrighted, trademarked "
117 "or otherwise unique name that is owned by the business "
118 "entity creating/defining the InstanceID, or is a registered "
119 "ID that is assigned to the business entity by a recognized "
120 "global authority. (This is similar to the <Schema "
121 "Name>_<Class Name> structure of Schema class names.) In "
122 "addition, to ensure uniqueness <OrgID> MUST NOT contain a "
123 "colon (':'). When using this algorithm, the first colon to "
124 "appear in InstanceID MUST appear between <OrgID> and "
125 "<LocalID>. \n"
126 "<LocalID> is chosen by the business entity and SHOULD not "
127 a.dunfey 1.1 "be re-used to identify different underlying (real-world) "
128 "elements. If the above 'preferred' algorithm is not used, "
129 "the defining entity MUST assure that the resultant "
130 "InstanceID is not re-used across any InstanceIDs produced "
131 "by this or other providers for this instance's NameSpace. "
132 "For DMTF defined instances, the 'preferred' algorithm MUST "
133 "be used with the <OrgID> set to 'CIM'.")]
134 string InstanceID;
135
136 [Description (
137 "Boolean indicating whether the Privilege is granted (TRUE) "
138 "or denied (FALSE). The default is to grant permission.")]
139 boolean PrivilegeGranted = TRUE;
140
141 [Description (
142 "An enumeration indicating the activities that are granted "
143 "or denied. These activities apply to all entities specified "
144 "in the ActivityQualifiers array. The values in the "
145 "enumeration are straightforward except for one, "
146 "4=\"Detect\". This value indicates that the existence or "
147 "presence of an entity may be determined, but not "
148 a.dunfey 1.1 "necessarily specific data (which requires the Read "
149 "privilege to be true). This activity is exemplified by "
150 "'hidden files'- if you list the contents of a directory, "
151 "you will not see hidden files. However, if you know a "
152 "specific file name, or know how to expose hidden files, "
153 "then they can be 'detected'. Another example is the ability "
154 "to define search privileges in directory implementations."),
155 ValueMap { "1", "2", "3", "4", "5", "6", "7", "..", "16000.." },
156 Values { "Other", "Create", "Delete", "Detect", "Read", "Write",
157 "Execute", "DMTF Reserved", "Vendor Reserved" },
158 ArrayType ( "Indexed" ),
159 ModelCorrespondence { "CIM_Privilege.ActivityQualifiers" }]
160 uint16 Activities[];
161
162 [Description (
163 "The ActivityQualifiers property is an array of string "
164 "values used to further qualify and specify the privileges "
165 "granted or denied. For example, it is used to specify a set "
166 "of files for which 'Read'/'Write' access is permitted or "
167 "denied. Or, it defines a class' methods that may be "
168 "'Executed'. Details on the semantics of the individual "
169 a.dunfey 1.1 "entries in ActivityQualifiers are provided by corresponding "
170 "entries in the QualifierFormats array."),
171 ArrayType ( "Indexed" ),
172 ModelCorrespondence { "CIM_Privilege.Activities",
173 "CIM_Privilege.QualifierFormats" }]
174 string ActivityQualifiers[];
175
176 [Description (
177 "Defines the semantics of corresponding entries in the "
178 "ActivityQualifiers array. An example of each of these "
179 "'formats' and their use follows: \n"
180 "- 2=Class Name. Example: If the authorization target is a "
181 "CIM Service or a Namespace, then the ActivityQualifiers "
182 "entries can define a list of classes that the authorized "
183 "subject is able to create or delete. \n"
184 "- 3=<Class.>Property. Example: If the authorization target "
185 "is a CIM Service, Namespace or Collection of instances, "
186 "then the ActivityQualifiers entries can define the class "
187 "properties that may or may not be accessed. In this case, "
188 "the class names are specified with the property names to "
189 "avoid ambiguity - since a CIM Service, Namespace or "
190 a.dunfey 1.1 "Collection could manage multiple classes. On the other "
191 "hand, if the authorization target is an individual "
192 "instance, then there is no possible ambiguity and the class "
193 "name may be omitted. To specify ALL properties, the "
194 "wildcard string \"*\" should be used. \n"
195 "- 4=<Class.>Method. This example is very similar to the "
196 "Property one, above. And, as above, the string \"*\" may be "
197 "specified to select ALL methods. \n"
198 "- 5=Object Reference. Example: If the authorization target "
199 "is a CIM Service or Namespace, then the ActivityQualifiers "
200 "entries can define a list of object references (as strings) "
201 "that the authorized subject can access. \n"
202 "- 6=Namespace. Example: If the authorization target is a "
203 "CIM Service, then the ActivityQualifiers entries can define "
204 "a list of Namespaces that the authorized subject is able to "
205 "access. \n"
206 "- 7=URL. Example: An authorization target may not be "
207 "defined, but a Privilege could be used to deny access to "
208 "specific URLs by individual Identities or for specific "
209 "Roles, such as the 'under 17' Role. \n"
210 "- 8=Directory/File Name. Example: If the authorization "
211 a.dunfey 1.1 "target is a FileSystem, then the ActivityQualifiers entries "
212 "can define a list of directories and files whose access is "
213 "protected. \n"
214 "- 9=Command Line Instruction. Example: If the authorization "
215 "target is a ComputerSystem or Service, then the "
216 "ActivityQualifiers entries can define a list of command "
217 "line instructions that may or may not be 'Executed' by the "
218 "authorized subjects. \n"
219 "- 10=SCSI Command, using a format of 'CDB=xx[,Page=pp]'. "
220 "For example, the ability to select the VPD page of the "
221 "Inquiry command is encoded as 'CDB=12,Page=83' in the "
222 "corresponding ActivityQualifiers entry. A '*' may be used "
223 "to indicate all CDBs or Page numbers. \n"
224 "- 11=Packets. Example: The transmission of packets is "
225 "permitted or denied by the Privilege for the target (a "
226 "ComputerSystem, ProtocolEndpoint, Pipe, or other "
227 "ManagedSystemElement)."),
228 ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", "10", "11",
229 "..", "16000.." },
230 Values { "Class Name", "<Class.>Property", "<Class.>Method",
231 "Object Reference", "Namespace", "URL",
232 a.dunfey 1.1 "Directory/File Name", "Command Line Instruction",
233 "SCSI Command", "Packets", "DMTF Reserved",
234 "Vendor Reserved" }, ArrayType ( "Indexed" ),
235 ModelCorrespondence { "CIM_Privilege.ActivityQualifiers" }]
236 uint16 QualifierFormats[];
237
238 [Experimental, Description (
239 "The RepresentsAuthorizationRights flag indicates whether "
240 "the rights defined by this instance should be interpreted "
241 "as rights of Subjects to access Targets or as rights of "
242 "Subjects to change those rights on/for Targets.")]
243 boolean RepresentsAuthorizationRights = False;
244 };
245
246
247 // ==================================================================
248 // AuthorizedPrivilege
249 // ==================================================================
250 [Version ( "2.8.0" ), Description (
251 "Privilege is the base class for all types of activities which "
252 "are granted or denied to a Role or an Identity. "
253 a.dunfey 1.1 "AuthorizedPrivilege is a subclass defining static renderings "
254 "of authorization policy rules. The association of Roles and "
255 "Identities to AuthorizedPrivilege is accomplished using the "
256 "AuthorizedSubject relationship. The entities that are "
257 "protected are defined using the AuthorizedTarget relationship. "
258 "\n\n"
259 "Note that this class and its AuthorizedSubject/Target "
260 "associations provide a short-hand, static mechanism to "
261 "represent authorization policies.")]
262 class CIM_AuthorizedPrivilege : CIM_Privilege {
263 };
264
265
266 // ==================================================================
267 // AuthorizedSubject
268 // ==================================================================
269 [Association, Version ( "2.8.0" ), Description (
270 "CIM_AuthorizedSubject is an association used to tie specific "
271 "AuthorizedPrivileges to specific subjects (i.e., Identities, "
272 "Roles or Collections of these). At this time, only Identities "
273 "and Roles (or Collections of Identities and Roles) should be "
274 a.dunfey 1.1 "associated to AuthorizedPrivileges using this relationship. "
275 "Note that any Privileges not explicitly granted to a subject, "
276 "SHOULD be denied.")]
277 class CIM_AuthorizedSubject {
278
279 [Key, Description (
280 "The AuthorizedPrivilege either granted or denied to an "
281 "Identity, Role or Collection. Whether the privilege is "
282 "granted or denied is defined by the inherited property, "
283 "CIM_Privilege.PrivilegeGranted.")]
284 CIM_AuthorizedPrivilege REF Privilege;
285
286 [Key, Description (
287 "The Subject for which AuthorizedPrivileges are granted or "
288 "denied. Whether the privilege is granted or denied is "
289 "defined by the property, CIM_Privilege.PrivilegeGranted.")]
290 CIM_ManagedElement REF PrivilegedElement;
291 };
292
293
294 // ==================================================================
295 a.dunfey 1.1 // AuthorizedTarget
296 // ==================================================================
297 [Association, Version ( "2.8.0" ), Description (
298 "CIM_AuthorizedTarget is an association used to tie an "
299 "Identity's or Role's AuthorizedPrivileges to specific target "
300 "resources.")]
301 class CIM_AuthorizedTarget {
302
303 [Key, Description (
304 "The AuthorizedPrivilege affecting the target resource.")]
305 CIM_AuthorizedPrivilege REF Privilege;
306
307 [Key, Description (
308 "The target set of resources to which the "
309 "AuthorizedPrivilege applies.")]
310 CIM_ManagedElement REF TargetElement;
311 };
312
313
314 // ===================================================================
315 // end of file
316 a.dunfey 1.1 // ===================================================================
|