Return to
User_PrivilegeManagementService.mof
CVS log
Up to [Pegasus] / pegasus / Schemas / CIMPrelim291
|
Return to
User_PrivilegeManagementService.mof
CVS log
|
Up to [Pegasus] / pegasus / Schemas / CIMPrelim291
|
|
File: [Pegasus] / pegasus / Schemas / CIMPrelim291 / Attic / User_PrivilegeManagementService.mof
(download)
Revision: 1.2, Tue Jan 17 20:13:15 2006 UTC (18 years, 4 months ago) by kumpf Branch: MAIN CVS Tags: TASK-PEP362_RestfulService-merged_out_from_trunk, TASK-PEP348_SCMO-merged_out_from_trunk, TASK-PEP317_pullop-merged_out_from_trunk, TASK-PEP317_pullop-merged_in_to_trunk, TASK-PEP311_WSMan-root, TASK-PEP311_WSMan-branch, HPUX_TEST, HEAD Changes since 1.1: +4 -4 lines FILE REMOVED BUG#: 4664 TITLE: CIMPrelim291 schema is obsolete DESCRIPTION: Removing the obsolete schema. |
// ===================================================================
// Title: User-Security Privilege Management Service
// $State: dead $
// $Date: 2006/01/17 20:13:15 $
// $Source: /cvs/MSB/pegasus/Schemas/CIMPrelim291/Attic/User_PrivilegeManagementService.mof,v $
// $Revision: 1.2 $
// ===================================================================
//#pragma inLine ("Includes/copyright.inc")
// Copyright 1998-2005 Distributed Management Task Force, Inc. (DMTF).
// All rights reserved.
// DMTF is a not-for-profit association of industry members dedicated
// to promoting enterprise and systems management and interoperability.
// DMTF specifications and documents may be reproduced for uses
// consistent with this purpose by members and non-members,
// provided that correct attribution is given.
// As DMTF specifications may be revised from time to time,
// the particular version and release date should always be noted.
//
// Implementation of certain elements of this standard or proposed
// standard may be subject to third party patent rights, including
// provisional patent rights (herein "patent rights"). DMTF makes
// no representations to users of the standard as to the existence
// of such rights, and is not responsible to recognize, disclose, or
// identify any or all such third party patent right, owners or
// claimants, nor for any incomplete or inaccurate identification or
// disclosure of such rights, owners or claimants. DMTF shall have no
// liability to any party, in any manner or circumstance, under any
// legal theory whatsoever, for failure to recognize, disclose, or
// identify any such third party patent rights, or for such party's
// reliance on the standard or incorporation thereof in its product,
// protocols or testing procedures. DMTF shall have no liability to
// any party implementing such standard, whether such implementation
// is foreseeable or not, nor to any patent owner or claimant, and shall
// have no liability or responsibility for costs or losses incurred if
// a standard is withdrawn or modified after publication, and shall be
// indemnified and held harmless by any party implementing the
// standard from any and all claims of infringement by a patent owner
// for such implementations.
//
// For information about patents held by third-parties which have
// notified the DMTF that, in their opinion, such patent may relate to
// or impact implementations of DMTF standards, visit
// http://www.dmtf.org/about/policies/disclosures.php.
//#pragma inLine
// ===================================================================
// Description: The User Model extends the management concepts that
// are related to users and security.
// This file defines the concepts and classes related to
// hardware World Wide Names used as credentials
// for accessing Storage services and credentials.
//
// The object classes below are listed in an order that
// avoids forward references. Required objects, defined
// by other working groups, are omitted.
// ===================================================================
// Change Log for v2.9 Preliminary -
// CR1547 - Fix enumeration conflict in Privilege.ActivityQualifiers
// .001: Fix range for dmtf reserved and propagate additional
// values to PrivilegeManagementService
// Change Log for v2.9 Preliminary
// CR1342 - Add PrivilegeManagementService.ChangeAccess
// Add PrivilegeManagementService.ShowAccess
//
// Change Log for v2.8 Final
// CR1186 - Modified AssignAccess to be atomic, clarified Description,
// and used AuthorizedPrivilege as an input template
// CR1221 - Promoted PrivilegeManagementService to Final
// CR1229 - Removed ArrayType from properties that are not arrays
// CR1235 - Corrected copyright, changed RemoveAccess's return value
// from "Unknown" to "Unspecified Error", and corrected
// ValueMap/Values entries for the enumerated parameters of
// AssignAccess / Clarified that methods apply to Authorized
// Privilege and not the Privilege superclass
//
// Change Log for v2.8 Preliminary (Company Review)
// CR1102 - Fixed PrivilegeManagementService for application to
// Storage LUN Masking.
//
// Change Log for v2.8 Preliminary -
// CR1017 - Created this file
// ===================================================================
#pragma Locale ("en_US")
// ==================================================================
// PrivilegeManagementService
// ==================================================================
[Version ( "2.8.1000" ), Description (
"The PrivilegeManagementService is responsible for creating, "
"deleting, and associating AuthorizedPrivilege instances. "
"References to 'subject' and 'target' define the entities that "
"are associated with an AuthorizedPrivilege instance via the "
"relationships, AuthorizedSubject and AuthorizedTarget, "
"respectively. When created, an AuthorizedPrivilege instance is "
"related to this (PrivilegeManagement)Service via the "
"association, ConcreteDependency.")]
class CIM_PrivilegeManagementService : CIM_AuthorizationService {
[Description (
"ChangeAccess updates the specified Subject's rights to the "
"Target according to the parameters of this call. The method "
"may be called to update the propagation of Privileges, "
"and/or to define new Privileges for a Subject/Target pair. "
"Because the Subject/Target pair is required in any usage "
"scenario, these parameters are defined as Required. \n"
"\n"
"If an instance of Privilege is created, it is associated to "
"this Service via ConcreteDependency. Further, if the "
"Privilege is an AuthorizedPrivilege, it is linked to the "
"specified Subject and Target via the AuthorizedSubject and "
"AuthorizedTarget associations, respectively."),
ValueMap { "0", "1", "2", "3", "4", "5", "..", "16000", "16001",
"16002", "16003", "16004", "16005..31999", "32000..65535" },
Values { "Success", "Not Supported", "Unknown", "Timeout",
"Failed", "Invalid Parameter", "DMTF Reserved",
"Unsupported Subject", "Unsupported Privilege",
"Unsupported Target", "Authorization Error",
"NULL not supported", "Method Reserved", "Vendor Specific" }]
uint32 ChangeAccess (
[Required, IN, Description (
"The Subject parameter is required and references an "
"instance of ManagedElement. The result of this operation "
"is that the Subject SHALL be authorized to access or "
"define the authorization rights for the Target, via one "
"or more instances of the Privilege class - where the "
"Privileges represent the cumulative rights of this "
"Subject. The distinction between the Privileges "
"specified in this method call and the 'cumulative "
"rights' is that the implementation returns all rights "
"that the Subject has in regards to the Target (that the "
"requestor is authorized to review), versus the specific "
"subset that may be specified in this method call. The "
"exception to the above is when there are no remaining "
"rights between the Subject and Target. In that case, the "
"Privilege instance MAY be deleted. \n"
"\n"
"Note that even if the Subject element is a Collection, "
"the operation is only applied to the Collection itself "
"and NOT its members via MemberOfCollection unless an "
"appropriate PolicyPropagationRule is specified. In "
"either case, the output parameters for this method "
"pertain only to the specified Subject/Collection and "
"Target, and do not provide details on the individual "
"members of the Collection. If this information is "
"needed, use the ShowAccess method. \n"
"\n"
"As noted in the method Description, if the resultant "
"Privileges are AuthorizedPrivileges, then "
"AuthorizedSubject associations SHALL be created.")]
CIM_ManagedElement REF Subject,
[Required, IN, Description (
"The Target parameter is required and references an "
"instance of ManagedElement. The result of this operation "
"is that the Subject SHALL be authorized to access or "
"define the authorization rights for the Target, via one "
"or more instances of the Privilege class - where the "
"Privileges represent the cumulative rights of this "
"Subject. The distinction between the Privileges "
"specified in this method call and the 'cumulative "
"rights' is that the implementation returns all rights "
"that the Subject has in regards to this Target (that the "
"requestor is authorized to review), versus the specific "
"subset that may be specified in this method call. The "
"exception to the above is when there are no remaining "
"rights between the Subject and Target. In that case, the "
"Privilege instance MAY be deleted. \n"
"\n"
"Note that even if the Target element is a Collection, "
"the operation is only applied to the Collection itself "
"and NOT its members via MemberOfCollection unless an "
"appropriate PolicyPropagationRule is specified. In "
"either case, the output parameters for this method "
"pertain only to the specified Subject and "
"Target/Collection, and do not provide details on the "
"individual members of the Collection. If this "
"information is needed, use the ShowAccess method. \n"
"\n"
"As noted in the method Description, if the resultant "
"Privileges are AuthorizedPrivileges, then "
"AuthorizedTarget associations SHALL be created.")]
CIM_ManagedElement REF Target,
[IN, Description (
"If supplied, PropagationPolicy defines the policy rules "
"that govern how the specified access rights are "
"propagated to instances associated with the named "
"Subject and/or Target. If a policy rule is not supplied, "
"the rights defined in the Privilege are only granted or "
"denied between the named Subject and Target.")]
CIM_PrivilegePropagationRule REF PropagationPolicies[],
[IN, OUT, Description (
"A set of zero or more instances of CIM_Privilege (or a "
"subclass of Privilege) that are passed 'by value' as "
"embedded objects. An embedded object is used since the "
"Privilege may only define a subset of the total rights "
"that should be assigned or revoked. On input, "
"Privilege.PrivilegeGranted MAY be set to False to "
"indicate that the enclosed rights are denied. On return, "
"the embedded Privilege objects represent the cumulative "
"rights granted between the specified Subject and Target "
"(filtered to return the information that the requestor "
"is authorized to view). If the Privileges array is "
"empty, then there exist NO rights that the requestor is "
"authorized to view between the Subject/Target pair."),
EmbeddedObject]
string Privileges[]);
[Description (
"ShowAccess reports the Privileges (i.e., rights) granted to "
"a particular Subject and/or Target pair. Either a Subject, "
"a Target or both MUST be specified. In the case where only "
"one is specified, the method will return all rights to all "
"Targets for the specified Subject, or all rights for all "
"subjects which apply to the specified Target. \n"
"\n"
"ShowAccess returns the cumulative rights granted between "
"the OutSubjects and OutTargets at the same array index "
"(filtered to return the information that the requestor is "
"authorized to view). If a specific array entry is NULL, "
"then there exist NO rights that the requestor is authorized "
"to view between the Subject/Target pair. \n"
"\n"
"Note that the Privileges returned by this method MAY NOT "
"correspond to what is actually instantiated in the model, "
"and MAY be optimized for ease of reporting. Hence, the data "
"is passed 'by value', as embedded objects. Also, note that "
"multiple Privileges MAY be defined for a given "
"Subject/Target pair. \n"
"\n"
"Other mechanisms MAY also be used to retrieve this "
"information. CIM Operations' EnumerateInstances MAY be used "
"to return all Privileges currently instantiated within a "
"namespace. Also, if the AuthorizedPrivilege subclass is "
"instantiated, the CIM Operation Associators MAY be used to "
"navigate from the Privilege to AuthorizedSubjects and "
"AuthorizedTargets. These CIM Operations will not generally "
"provide the functionality or optimizations available with "
"ShowAccess."),
ValueMap { "0", "1", "2", "3", "4", "5", "..", "16000", "16002",
"16003", "16004", "16005..31999", "32000..65535" },
Values { "Success", "Not Supported", "Unknown", "Timeout",
"Failed", "Invalid Parameter", "DMTF Reserved",
"Unsupported Subject", "Unsupported Target",
"Authorization Error", "NULL not supported",
"Method Reserved", "Vendor Specific" }]
uint32 ShowAccess (
[IN, Description (
"The Subject parameter references an instance of "
"ManagedElement. The result of this operation is that the "
"cumulative rights of the Subject to access or define "
"authorization rights for the Target will be reported. If "
"no Subject is specified, then a Target MUST be supplied "
"and ALL Subjects that have rights to access or define "
"authorizations for the Target will be reported. (It "
"should be noted that the information reported MUST be "
"filtered by the rights of the requestor to view that "
"data.) If the Subject element is a Collection, then the "
"operation will specifically report the Privileges for "
"all elements associated to the Collection via "
"MemberOfCollection. These elements will be reported "
"individually in the returned OutSubjects array."),
ModelCorrespondence {
"CIM_PrivilegeManagementService.ShowAccess.Target" }]
CIM_ManagedElement REF Subject,
[IN, Description (
"The Target parameter references an instance of "
"ManagedElement. The result of this operation is that the "
"cumulative rights of the Subject to access or define "
"authorization rights for the Target will be reported. If "
"no Target is specified, then a Subject MUST be supplied "
"and ALL Targets for which that the Subject has rights to "
"access or define authorization will be reported. (It "
"should be noted that the information reported MUST be "
"filtered by the rights of the requestor to view that "
"data.) If the Target element is a Collection, then the "
"operation will be applied to all elements associated to "
"the Collection via MemberOfCollection. These elements "
"will be reported individually in the returned OutTargets "
"array."),
ModelCorrespondence {
"CIM_PrivilegeManagementService.ShowAccess.Subject" }]
CIM_ManagedElement REF Target,
[IN ( false ), OUT, Description (
"The array of Subject REFs corresponding to the "
"individual Privileges and OutTargets arrays. The "
"resulting OutSubjects, Privileges and OutTargets arrays "
"define the cumulative rights granted between the "
"Subject/Target at the corresponding index (filtered to "
"return the information that the requestor is authorized "
"to view)."),
ArrayType ( "Indexed" ),
ModelCorrespondence {
"CIM_PrivilegeManagementService.ShowAccess.Subject",
"CIM_PrivilegeManagementService.ShowAccess.Privileges",
"CIM_PrivilegeManagementService.ShowAccess.OutTargets" }]
CIM_ManagedElement REF OutSubjects[],
[IN ( false ), OUT, Description (
"The array of Target REFs corresponding to the individual "
"Privileges and OutSubjects arrays. The resulting "
"OutSubjects, Privileges and OutTargets arrays define the "
"cumulative rights granted between the Subject/Target at "
"the corresponding index (filtered to return the "
"information that the requestor is authorized to view)."),
ArrayType ( "Indexed" ),
ModelCorrespondence {
"CIM_PrivilegeManagementService.ShowAccess.Target",
"CIM_PrivilegeManagementService.ShowAccess.Privileges",
"CIM_PrivilegeManagementService.ShowAccess.OutSubjects" }]
CIM_ManagedElement REF OutTargets[],
[IN ( false ), OUT, Description (
"The returned Privilege objects represent the cumulative "
"rights granted between the OutSubjects and OutTargets at "
"the same array index (filtered to return the information "
"that the requestor is authorized to view). If a specific "
"array entry is NULL, then there exist NO rights that the "
"requestor is authorized to view between the "
"Subject/Target pair."),
EmbeddedObject, ArrayType ( "Indexed" ),
ModelCorrespondence {
"CIM_PrivilegeManagementService.ShowAccess.OutTargets",
"CIM_PrivilegeManagementService.ShowAccess.OutSubjects" }]
string Privileges[]);
[Description (
"When this method is called, a provider updates the "
"specified Subject's rights to the Target according to the "
"parameters of this call. The rights are modeled via an "
"AuthorizedPrivilege instance. If an AuthorizedPrivilege "
"instance is created as a result of this call, it MUST be "
"linked to the Subject and Target via the AuthorizedSubject "
"and AuthorizedTarget associations, respectively. When "
"created, the AuthorizedPrivilege instance is associated to "
"this PrivilegeManagementService via ConcreteDependency. If "
"the execution of this call results in no rights between the "
"Subject and Target, then they MUST NOT be linked to a "
"particular AuthorizedPrivilege instance via "
"AuthorizedSubject and AuthorizedTarget respectively. \n"
"\n"
"Note that regardless of whether specified via parameter, or "
"template, the Activities, ActivityQualifiers and "
"QualifierFormats, are mutually indexed. Also note that "
"Subject and Target references MUST be supplied. \n"
"\n"
"The successful completion of the method SHALL create any "
"necessary AuthorizedSubject, AuthorizedTarget, "
"AuthorizedPrivilege, HostedDependency, and "
"ConcreteDependency instances."),
ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000",
"16001", "16002", "16003", "16004", "16005..31999",
"32000..65535" },
Values { "Success", "Not Supported", "Unspecified Error",
"Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
"Unsupported Subject", "Unsupported Privilege",
"Unsupported Target", "Authorization Error",
"NULL not supported", "Method Reserved", "Vendor Specific" }]
uint32 AssignAccess (
[Required, IN, Description (
"The Subject parameter is a reference to a ManagedElement "
"instance. This parameter MUST be supplied.")]
CIM_ManagedElement REF Subject,
[IN, Description (
"MUST be NULL unless Privilege is NULL on input. The "
"PrivilegeGranted flag indicates whether the rights "
"defined by the parameters in this call should be granted "
"or denied to the named Subject/Target pair."),
ModelCorrespondence {
"CIM_AuthorizedPrivilege.PrivilegeGranted",
"CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
boolean PrivilegeGranted,
[IN, Description (
"MUST be NULL unless the Privilege is NULL on input. This "
"parameter specifies the activities to be granted or "
"denied."),
ValueMap { "1", "2", "3", "4", "5", "6", "7", "..",
"16000..65535" },
Values { "Other", "Create", "Delete", "Detect", "Read",
"Write", "Execute", "DMTF Reserved", "Vendor Reserved" },
ArrayType ( "Indexed" ),
ModelCorrespondence { "CIM_AuthorizedPrivilege.Activities",
"CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
uint16 Activities[],
[IN, Description (
"MUST be NULL unless Privilege is NULL on input. This "
"parameter defines the activity qualifiers for the "
"Activities to be granted or denied."),
ArrayType ( "Indexed" ),
ModelCorrespondence {
"CIM_AuthorizedPrivilege.ActivityQualifers",
"CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
string ActivityQualifiers[],
[IN, Description (
"MUST be NULL unless Privilege is NULL on input. This "
"parameter defines the qualifier formats for the "
"corresponding ActivityQualifiers."),
ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", "10",
"11", "..", "16000..65535" },
Values { "Class Name", "<Class.>Property", "<Class.>Method",
"Object Reference", "Namespace", "URL",
"Directory/File Name", "Command Line Instruction",
"SCSI Command", "Packets", "DMTF Reserved",
"Vendor Reserved" }, ArrayType ( "Indexed" ),
ModelCorrespondence {
"CIM_AuthorizedPrivilege.QualifierFormats",
"CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
uint16 QualifierFormats[],
[Required, IN, Description (
"The Target parameter is a reference to an instance of "
"ManagedElement. This parameter MUST be supplied.")]
CIM_ManagedElement REF Target,
[IN, OUT, Description (
"On input, this reference MUST be either NULL or refer to "
"an instance of AuthorizedPrivilege that is used as a "
"template. The rights granted by corresponding entries in "
"the Activities, ActivityQualifiers and QualifierFormats "
"array properties are applied incrementally and do not "
"affect unnamed rights. If the property, "
"PrivilegeGranted, is false, then the named rights are "
"removed. If PrivilegeGranted is True, then the named "
"rights are added. (Note that the RemoveAccess method "
"SHOULD be used to completely remove all privileges "
"between a subject and a target. On output, this property "
"references an AuthorizedPrivilege instance that "
"represents the resulting rights between the named "
"Subject and the named Target. AuthorizedPrivilege "
"instances used as a templates in this property SHOULD "
"have a HostedDependency association to the "
"PriviligeManagementService and SHOULD NOT have any "
"AuthorizedTarget or AuthorizedSubject associations to "
"it.")]
CIM_AuthorizedPrivilege REF Privilege );
[Description (
"This method revokes a specific AuthorizedPrivilege or all "
"privileges for a particular target, subject, or "
"subject/target pair. If an AuthorizedPrivilege instance is "
"left with no AuthorizedTarget associations, it SHOULD be "
"deleted. The successful completion of the method SHALL "
"remove the directly or indirectly requested "
"AuthorizedSubject, AuthorizedTarget and AuthorizedPrivilege "
"instances."),
ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000",
"16001", "16002", "16003", "16004..32767", "32768..65535" },
Values { "Success", "Not Supported", "Unspecified Error",
"Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
"Unsupported Privilege", "Unsupported Target",
"Authorization Error", "Null parameter not supported",
"Method Reserved", "Vendor Specific" }]
uint32 RemoveAccess (
[IN, Description (
"The Subject parameter is a reference to a ManagedElement "
"instance (associated via AuthorizedSubject) for which "
"privileges are to be revoked.")]
CIM_ManagedElement REF Subject,
[IN, Description (
"A reference to the AuthorizedPrivilege to be revoked.")]
CIM_AuthorizedPrivilege REF Privilege,
[IN, Description (
"The Target parameter is a reference to a ManagedElement "
"(associated via AuthorizedTarget) which will no longer "
"be protected via the AuthorizedPrivilege.")]
CIM_ManagedElement REF Target );
};
// ===================================================================
// end of file
// ===================================================================
| No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |