summaryrefslogtreecommitdiffstats
path: root/Schemas/CIM236/DMTF/User/CIM_PrivilegeManagementService.mof
diff options
context:
space:
mode:
Diffstat (limited to 'Schemas/CIM236/DMTF/User/CIM_PrivilegeManagementService.mof')
-rw-r--r--Schemas/CIM236/DMTF/User/CIM_PrivilegeManagementService.mof290
1 files changed, 290 insertions, 0 deletions
diff --git a/Schemas/CIM236/DMTF/User/CIM_PrivilegeManagementService.mof b/Schemas/CIM236/DMTF/User/CIM_PrivilegeManagementService.mof
new file mode 100644
index 0000000..56ae667
--- /dev/null
+++ b/Schemas/CIM236/DMTF/User/CIM_PrivilegeManagementService.mof
@@ -0,0 +1,290 @@
+// Copyright (c) 2008 DMTF. All rights reserved.
+ [Version ( "2.20.0" ),
+ UMLPackagePath ( "CIM::User::PrivilegeManagementService" ),
+ Description (
+ "The PrivilegeManagementService is responsible for creating, "
+ "deleting, and associating AuthorizedPrivilege instances. "
+ "References to \'subject\' and \'target\' define the entities "
+ "that are associated with an AuthorizedPrivilege instance via "
+ "the relationships, AuthorizedSubject and AuthorizedTarget, "
+ "respectively. When created, an AuthorizedPrivilege instance is "
+ "related to this (PrivilegeManagement)Service via the "
+ "association, ConcreteDependency." )]
+class CIM_PrivilegeManagementService : CIM_AuthorizationService {
+
+
+ [Description (
+ "When this method is called, a provider updates the "
+ "specified Subject\'s rights to the Target according to "
+ "the parameters of this call. The rights are modeled via "
+ "an AuthorizedPrivilege instance. If an "
+ "AuthorizedPrivilege instance is created as a result of "
+ "this call, it MUST be linked to the Subject and Target "
+ "via the AuthorizedSubject and AuthorizedTarget "
+ "associations, respectively. When created, the "
+ "AuthorizedPrivilege instance is associated to this "
+ "PrivilegeManagementService via ConcreteDependency. If "
+ "the execution of this call results in no rights between "
+ "the Subject and Target, then they MUST NOT be linked to "
+ "a particular AuthorizedPrivilege instance via "
+ "AuthorizedSubject and AuthorizedTarget respectively. \n"
+ "\n"
+ "Note that regardless of whether specified via parameter, "
+ "or template, the Activities, ActivityQualifiers and "
+ "QualifierFormats, are mutually indexed. Also note that "
+ "Subject and Target references MUST be supplied. \n"
+ "\n"
+ "The successful completion of the method SHALL create any "
+ "necessary AuthorizedSubject, AuthorizedTarget, "
+ "AuthorizedPrivilege, HostedDependency, and "
+ "ConcreteDependency instances." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000",
+ "16001", "16002", "16003", "16004", "16005..31999",
+ "32000..65535" },
+ Values { "Success", "Not Supported", "Unspecified Error",
+ "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
+ "Unsupported Subject", "Unsupported Privilege",
+ "Unsupported Target", "Authorization Error",
+ "NULL not supported", "Method Reserved", "Vendor Specific" }]
+ uint32 AssignAccess(
+ [Required, IN, Description (
+ "The Subject parameter is a reference to a "
+ "ManagedElement instance. This parameter MUST be "
+ "supplied." )]
+ CIM_ManagedElement REF Subject,
+ [IN, Description (
+ "MUST be NULL unless Privilege is NULL on input. "
+ "The PrivilegeGranted flag indicates whether the "
+ "rights defined by the parameters in this call "
+ "should be granted or denied to the named "
+ "Subject/Target pair." ),
+ ModelCorrespondence {
+ "CIM_AuthorizedPrivilege.PrivilegeGranted",
+ "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
+ boolean PrivilegeGranted,
+ [IN, Description (
+ "MUST be NULL unless the Privilege is NULL on "
+ "input. This parameter specifies the activities to "
+ "be granted or denied." ),
+ ValueMap { "1", "2", "3", "4", "5", "6", "7", "..",
+ "16000..65535" },
+ Values { "Other", "Create", "Delete", "Detect", "Read",
+ "Write", "Execute", "DMTF Reserved",
+ "Vendor Reserved" },
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_AuthorizedPrivilege.Activities",
+ "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
+ uint16 Activities[],
+ [IN, Description (
+ "MUST be NULL unless Privilege is NULL on input. "
+ "This parameter defines the activity qualifiers for "
+ "the Activities to be granted or denied." ),
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_AuthorizedPrivilege.ActivityQualifers",
+ "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
+ string ActivityQualifiers[],
+ [IN, Description (
+ "MUST be NULL unless Privilege is NULL on input. "
+ "This parameter defines the qualifier formats for "
+ "the corresponding ActivityQualifiers." ),
+ ValueMap { "2", "3", "4", "5", "6", "7", "8", "9",
+ "10..15999", "16000..65535" },
+ Values { "Class Name", "<Class.>Property",
+ "<Class.>Method", "Object Reference", "Namespace",
+ "URL", "Directory/File Name",
+ "Command Line Instruction", "DMTF Reserved",
+ "Vendor Reserved" },
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_AuthorizedPrivilege.QualifierFormats",
+ "CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
+ uint16 QualifierFormats[],
+ [Required, IN, Description (
+ "The Target parameter is a reference to an instance "
+ "of ManagedElement. This parameter MUST be "
+ "supplied." )]
+ CIM_ManagedElement REF Target,
+ [IN, OUT, Description (
+ "On input, this reference MUST be either NULL or "
+ "refer to an instance of AuthorizedPrivilege that "
+ "is used as a template. The rights granted by "
+ "corresponding entries in the Activities, "
+ "ActivityQualifiers and QualifierFormats array "
+ "properties are applied incrementally and do not "
+ "affect unnamed rights. If the property, "
+ "PrivilegeGranted, is false, then the named rights "
+ "are removed. If PrivilegeGranted is True, then the "
+ "named rights are added. (Note that the "
+ "RemoveAccess method SHOULD be used to completely "
+ "remove all privileges between a subject and a "
+ "target. On output, this property references an "
+ "AuthorizedPrivilege instance that represents the "
+ "resulting rights between the named Subject and the "
+ "named Target. AuthorizedPrivilege instances used "
+ "as a templates in this property SHOULD have a "
+ "HostedDependency association to the "
+ "PriviligeManagementService and SHOULD NOT have any "
+ "AuthorizedTarget or AuthorizedSubject associations "
+ "to it." )]
+ CIM_AuthorizedPrivilege REF Privilege);
+
+ [Description (
+ "This method revokes a specific AuthorizedPrivilege or "
+ "all privileges for a particular target, subject, or "
+ "subject/target pair. If an AuthorizedPrivilege instance "
+ "is left with no AuthorizedTarget associations, it SHOULD "
+ "be deleted. The successful completion of the method "
+ "SHALL remove the directly or indirectly requested "
+ "AuthorizedSubject, AuthorizedTarget and "
+ "AuthorizedPrivilege instances." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000",
+ "16001", "16002", "16003", "16004..32767", "32768..65535" },
+ Values { "Success", "Not Supported", "Unspecified Error",
+ "Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
+ "Unsupported Privilege", "Unsupported Target",
+ "Authorization Error", "Null parameter not supported",
+ "Method Reserved", "Vendor Specific" }]
+ uint32 RemoveAccess(
+ [IN, Description (
+ "The Subject parameter is a reference to a "
+ "ManagedElement instance (associated via "
+ "AuthorizedSubject) for which privileges are to be "
+ "revoked." )]
+ CIM_ManagedElement REF Subject,
+ [IN, Description (
+ "A reference to the AuthorizedPrivilege to be revoked."
+ )]
+ CIM_AuthorizedPrivilege REF Privilege,
+ [IN, Description (
+ "The Target parameter is a reference to a "
+ "ManagedElement (associated via AuthorizedTarget) "
+ "which will no longer be protected via the "
+ "AuthorizedPrivilege." )]
+ CIM_ManagedElement REF Target);
+
+ [Description (
+ "ShowAccess reports the Privileges (i.e., rights) granted "
+ "to a particular Subject and/or Target pair. Either a "
+ "Subject, a Target or both MUST be specified. In the case "
+ "where only one is specified, the method will return all "
+ "rights to all Targets for the specified Subject, or all "
+ "rights for all subjects which apply to the specified "
+ "Target. \n"
+ "\n"
+ "ShowAccess returns the cumulative rights granted between "
+ "the OutSubjects and OutTargets at the same array index "
+ "(filtered to return the information that the requestor "
+ "is authorized to view). If a specific array entry is "
+ "NULL, then there exist NO rights that the requestor is "
+ "authorized to view between the Subject/Target pair. \n"
+ "\n"
+ "Note that the Privileges returned by this method MAY NOT "
+ "correspond to what is actually instantiated in the "
+ "model, and MAY be optimized for ease of reporting. "
+ "Hence, the data is passed \'by value\', as embedded "
+ "objects. Also, note that multiple Privileges MAY be "
+ "defined for a given Subject/Target pair. \n"
+ "\n"
+ "Other mechanisms MAY also be used to retrieve this "
+ "information. CIM Operations\' EnumerateInstances MAY be "
+ "used to return all Privileges currently instantiated "
+ "within a namespace. Also, if the AuthorizedPrivilege "
+ "subclass is instantiated, the CIM Operation Associators "
+ "MAY be used to navigate from the Privilege to "
+ "AuthorizedSubjects and AuthorizedTargets. These CIM "
+ "Operations will not generally provide the functionality "
+ "or optimizations available with ShowAccess." ),
+ ValueMap { "0", "1", "2", "3", "4", "5", "..", "16000",
+ "16002", "16003", "16004", "16005..31999", "32000..65535" },
+ Values { "Success", "Not Supported", "Unknown", "Timeout",
+ "Failed", "Invalid Parameter", "DMTF Reserved",
+ "Unsupported Subject", "Unsupported Target",
+ "Authorization Error", "NULL not supported",
+ "Method Reserved", "Vendor Specific" }]
+ uint32 ShowAccess(
+ [IN, Description (
+ "The Subject parameter references an instance of "
+ "ManagedElement. The result of this operation is "
+ "that the cumulative rights of the Subject to "
+ "access or define authorization rights for the "
+ "Target will be reported. If no Subject is "
+ "specified, then a Target MUST be supplied and ALL "
+ "Subjects that have rights to access or define "
+ "authorizations for the Target will be reported. "
+ "(It should be noted that the information reported "
+ "MUST be filtered by the rights of the requestor to "
+ "view that data.) If the Subject element is a "
+ "Collection, then the operation will specifically "
+ "report the Privileges for all elements associated "
+ "to the Collection via MemberOfCollection. These "
+ "elements will be reported individually in the "
+ "returned OutSubjects array." ),
+ ModelCorrespondence {
+ "CIM_PrivilegeManagementService.ShowAccess.Target" }]
+ CIM_ManagedElement REF Subject,
+ [IN, Description (
+ "The Target parameter references an instance of "
+ "ManagedElement. The result of this operation is "
+ "that the cumulative rights of the Subject to "
+ "access or define authorization rights for the "
+ "Target will be reported. If no Target is "
+ "specified, then a Subject MUST be supplied and ALL "
+ "Targets for which that the Subject has rights to "
+ "access or define authorization will be reported. "
+ "(It should be noted that the information reported "
+ "MUST be filtered by the rights of the requestor to "
+ "view that data.) If the Target element is a "
+ "Collection, then the operation will be applied to "
+ "all elements associated to the Collection via "
+ "MemberOfCollection. These elements will be "
+ "reported individually in the returned OutTargets "
+ "array." ),
+ ModelCorrespondence {
+ "CIM_PrivilegeManagementService.ShowAccess.Subject" }]
+ CIM_ManagedElement REF Target,
+ [IN ( false ), OUT, Description (
+ "The array of Subject REFs corresponding to the "
+ "individual Privileges and OutTargets arrays. The "
+ "resulting OutSubjects, Privileges and OutTargets "
+ "arrays define the cumulative rights granted "
+ "between the Subject/Target at the corresponding "
+ "index (filtered to return the information that the "
+ "requestor is authorized to view)." ),
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_PrivilegeManagementService.ShowAccess.Subject",
+ "CIM_PrivilegeManagementService.ShowAccess.Privileges",
+ "CIM_PrivilegeManagementService.ShowAccess.OutTargets" }]
+ CIM_ManagedElement REF OutSubjects[],
+ [IN ( false ), OUT, Description (
+ "The array of Target REFs corresponding to the "
+ "individual Privileges and OutSubjects arrays. The "
+ "resulting OutSubjects, Privileges and OutTargets "
+ "arrays define the cumulative rights granted "
+ "between the Subject/Target at the corresponding "
+ "index (filtered to return the information that the "
+ "requestor is authorized to view)." ),
+ ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_PrivilegeManagementService.ShowAccess.Target",
+ "CIM_PrivilegeManagementService.ShowAccess.Privileges",
+ "CIM_PrivilegeManagementService.ShowAccess.OutSubjects" }]
+ CIM_ManagedElement REF OutTargets[],
+ [IN ( false ), OUT, Description (
+ "The returned Privilege objects represent the "
+ "cumulative rights granted between the OutSubjects "
+ "and OutTargets at the same array index (filtered "
+ "to return the information that the requestor is "
+ "authorized to view). If a specific array entry is "
+ "NULL, then there exist NO rights that the "
+ "requestor is authorized to view between the "
+ "Subject/Target pair." ),
+ EmbeddedObject, ArrayType ( "Indexed" ),
+ ModelCorrespondence {
+ "CIM_PrivilegeManagementService.ShowAccess.OutTargets",
+ "CIM_PrivilegeManagementService.ShowAccess.OutSubjects" }]
+ string Privileges[]);
+
+};