291 lines
15 KiB
Plaintext
291 lines
15 KiB
Plaintext
// Copyright (c) 2008 DMTF. All rights reserved.
|
|
[Version ( "2.20.0" ),
|
|
UMLPackagePath ( "CIM::User::PrivilegeManagementService" ),
|
|
Description (
|
|
"The PrivilegeManagementService is responsible for creating, "
|
|
"deleting, and associating AuthorizedPrivilege instances. "
|
|
"References to \'subject\' and \'target\' define the entities "
|
|
"that are associated with an AuthorizedPrivilege instance via "
|
|
"the relationships, AuthorizedSubject and AuthorizedTarget, "
|
|
"respectively. When created, an AuthorizedPrivilege instance is "
|
|
"related to this (PrivilegeManagement)Service via the "
|
|
"association, ConcreteDependency." )]
|
|
class CIM_PrivilegeManagementService : CIM_AuthorizationService {
|
|
|
|
|
|
[Description (
|
|
"When this method is called, a provider updates the "
|
|
"specified Subject\'s rights to the Target according to "
|
|
"the parameters of this call. The rights are modeled via "
|
|
"an AuthorizedPrivilege instance. If an "
|
|
"AuthorizedPrivilege instance is created as a result of "
|
|
"this call, it MUST be linked to the Subject and Target "
|
|
"via the AuthorizedSubject and AuthorizedTarget "
|
|
"associations, respectively. When created, the "
|
|
"AuthorizedPrivilege instance is associated to this "
|
|
"PrivilegeManagementService via ConcreteDependency. If "
|
|
"the execution of this call results in no rights between "
|
|
"the Subject and Target, then they MUST NOT be linked to "
|
|
"a particular AuthorizedPrivilege instance via "
|
|
"AuthorizedSubject and AuthorizedTarget respectively. \n"
|
|
"\n"
|
|
"Note that regardless of whether specified via parameter, "
|
|
"or template, the Activities, ActivityQualifiers and "
|
|
"QualifierFormats, are mutually indexed. Also note that "
|
|
"Subject and Target references MUST be supplied. \n"
|
|
"\n"
|
|
"The successful completion of the method SHALL create any "
|
|
"necessary AuthorizedSubject, AuthorizedTarget, "
|
|
"AuthorizedPrivilege, HostedDependency, and "
|
|
"ConcreteDependency instances." ),
|
|
ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000",
|
|
"16001", "16002", "16003", "16004", "16005..31999",
|
|
"32000..65535" },
|
|
Values { "Success", "Not Supported", "Unspecified Error",
|
|
"Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
|
|
"Unsupported Subject", "Unsupported Privilege",
|
|
"Unsupported Target", "Authorization Error",
|
|
"NULL not supported", "Method Reserved", "Vendor Specific" }]
|
|
uint32 AssignAccess(
|
|
[Required, IN, Description (
|
|
"The Subject parameter is a reference to a "
|
|
"ManagedElement instance. This parameter MUST be "
|
|
"supplied." )]
|
|
CIM_ManagedElement REF Subject,
|
|
[IN, Description (
|
|
"MUST be NULL unless Privilege is NULL on input. "
|
|
"The PrivilegeGranted flag indicates whether the "
|
|
"rights defined by the parameters in this call "
|
|
"should be granted or denied to the named "
|
|
"Subject/Target pair." ),
|
|
ModelCorrespondence {
|
|
"CIM_AuthorizedPrivilege.PrivilegeGranted",
|
|
"CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
|
|
boolean PrivilegeGranted,
|
|
[IN, Description (
|
|
"MUST be NULL unless the Privilege is NULL on "
|
|
"input. This parameter specifies the activities to "
|
|
"be granted or denied." ),
|
|
ValueMap { "1", "2", "3", "4", "5", "6", "7", "..",
|
|
"16000..65535" },
|
|
Values { "Other", "Create", "Delete", "Detect", "Read",
|
|
"Write", "Execute", "DMTF Reserved",
|
|
"Vendor Reserved" },
|
|
ArrayType ( "Indexed" ),
|
|
ModelCorrespondence {
|
|
"CIM_AuthorizedPrivilege.Activities",
|
|
"CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
|
|
uint16 Activities[],
|
|
[IN, Description (
|
|
"MUST be NULL unless Privilege is NULL on input. "
|
|
"This parameter defines the activity qualifiers for "
|
|
"the Activities to be granted or denied." ),
|
|
ArrayType ( "Indexed" ),
|
|
ModelCorrespondence {
|
|
"CIM_AuthorizedPrivilege.ActivityQualifers",
|
|
"CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
|
|
string ActivityQualifiers[],
|
|
[IN, Description (
|
|
"MUST be NULL unless Privilege is NULL on input. "
|
|
"This parameter defines the qualifier formats for "
|
|
"the corresponding ActivityQualifiers." ),
|
|
ValueMap { "2", "3", "4", "5", "6", "7", "8", "9",
|
|
"10..15999", "16000..65535" },
|
|
Values { "Class Name", "<Class.>Property",
|
|
"<Class.>Method", "Object Reference", "Namespace",
|
|
"URL", "Directory/File Name",
|
|
"Command Line Instruction", "DMTF Reserved",
|
|
"Vendor Reserved" },
|
|
ArrayType ( "Indexed" ),
|
|
ModelCorrespondence {
|
|
"CIM_AuthorizedPrivilege.QualifierFormats",
|
|
"CIM_PrivilegeManagementService.AssignAccess.Privilege" }]
|
|
uint16 QualifierFormats[],
|
|
[Required, IN, Description (
|
|
"The Target parameter is a reference to an instance "
|
|
"of ManagedElement. This parameter MUST be "
|
|
"supplied." )]
|
|
CIM_ManagedElement REF Target,
|
|
[IN, OUT, Description (
|
|
"On input, this reference MUST be either NULL or "
|
|
"refer to an instance of AuthorizedPrivilege that "
|
|
"is used as a template. The rights granted by "
|
|
"corresponding entries in the Activities, "
|
|
"ActivityQualifiers and QualifierFormats array "
|
|
"properties are applied incrementally and do not "
|
|
"affect unnamed rights. If the property, "
|
|
"PrivilegeGranted, is false, then the named rights "
|
|
"are removed. If PrivilegeGranted is True, then the "
|
|
"named rights are added. (Note that the "
|
|
"RemoveAccess method SHOULD be used to completely "
|
|
"remove all privileges between a subject and a "
|
|
"target. On output, this property references an "
|
|
"AuthorizedPrivilege instance that represents the "
|
|
"resulting rights between the named Subject and the "
|
|
"named Target. AuthorizedPrivilege instances used "
|
|
"as a templates in this property SHOULD have a "
|
|
"HostedDependency association to the "
|
|
"PriviligeManagementService and SHOULD NOT have any "
|
|
"AuthorizedTarget or AuthorizedSubject associations "
|
|
"to it." )]
|
|
CIM_AuthorizedPrivilege REF Privilege);
|
|
|
|
[Description (
|
|
"This method revokes a specific AuthorizedPrivilege or "
|
|
"all privileges for a particular target, subject, or "
|
|
"subject/target pair. If an AuthorizedPrivilege instance "
|
|
"is left with no AuthorizedTarget associations, it SHOULD "
|
|
"be deleted. The successful completion of the method "
|
|
"SHALL remove the directly or indirectly requested "
|
|
"AuthorizedSubject, AuthorizedTarget and "
|
|
"AuthorizedPrivilege instances." ),
|
|
ValueMap { "0", "1", "2", "3", "4", "5", "6..15999", "16000",
|
|
"16001", "16002", "16003", "16004..32767", "32768..65535" },
|
|
Values { "Success", "Not Supported", "Unspecified Error",
|
|
"Timeout", "Failed", "Invalid Parameter", "DMTF Reserved",
|
|
"Unsupported Privilege", "Unsupported Target",
|
|
"Authorization Error", "Null parameter not supported",
|
|
"Method Reserved", "Vendor Specific" }]
|
|
uint32 RemoveAccess(
|
|
[IN, Description (
|
|
"The Subject parameter is a reference to a "
|
|
"ManagedElement instance (associated via "
|
|
"AuthorizedSubject) for which privileges are to be "
|
|
"revoked." )]
|
|
CIM_ManagedElement REF Subject,
|
|
[IN, Description (
|
|
"A reference to the AuthorizedPrivilege to be revoked."
|
|
)]
|
|
CIM_AuthorizedPrivilege REF Privilege,
|
|
[IN, Description (
|
|
"The Target parameter is a reference to a "
|
|
"ManagedElement (associated via AuthorizedTarget) "
|
|
"which will no longer be protected via the "
|
|
"AuthorizedPrivilege." )]
|
|
CIM_ManagedElement REF Target);
|
|
|
|
[Description (
|
|
"ShowAccess reports the Privileges (i.e., rights) granted "
|
|
"to a particular Subject and/or Target pair. Either a "
|
|
"Subject, a Target or both MUST be specified. In the case "
|
|
"where only one is specified, the method will return all "
|
|
"rights to all Targets for the specified Subject, or all "
|
|
"rights for all subjects which apply to the specified "
|
|
"Target. \n"
|
|
"\n"
|
|
"ShowAccess returns the cumulative rights granted between "
|
|
"the OutSubjects and OutTargets at the same array index "
|
|
"(filtered to return the information that the requestor "
|
|
"is authorized to view). If a specific array entry is "
|
|
"NULL, then there exist NO rights that the requestor is "
|
|
"authorized to view between the Subject/Target pair. \n"
|
|
"\n"
|
|
"Note that the Privileges returned by this method MAY NOT "
|
|
"correspond to what is actually instantiated in the "
|
|
"model, and MAY be optimized for ease of reporting. "
|
|
"Hence, the data is passed \'by value\', as embedded "
|
|
"objects. Also, note that multiple Privileges MAY be "
|
|
"defined for a given Subject/Target pair. \n"
|
|
"\n"
|
|
"Other mechanisms MAY also be used to retrieve this "
|
|
"information. CIM Operations\' EnumerateInstances MAY be "
|
|
"used to return all Privileges currently instantiated "
|
|
"within a namespace. Also, if the AuthorizedPrivilege "
|
|
"subclass is instantiated, the CIM Operation Associators "
|
|
"MAY be used to navigate from the Privilege to "
|
|
"AuthorizedSubjects and AuthorizedTargets. These CIM "
|
|
"Operations will not generally provide the functionality "
|
|
"or optimizations available with ShowAccess." ),
|
|
ValueMap { "0", "1", "2", "3", "4", "5", "..", "16000",
|
|
"16002", "16003", "16004", "16005..31999", "32000..65535" },
|
|
Values { "Success", "Not Supported", "Unknown", "Timeout",
|
|
"Failed", "Invalid Parameter", "DMTF Reserved",
|
|
"Unsupported Subject", "Unsupported Target",
|
|
"Authorization Error", "NULL not supported",
|
|
"Method Reserved", "Vendor Specific" }]
|
|
uint32 ShowAccess(
|
|
[IN, Description (
|
|
"The Subject parameter references an instance of "
|
|
"ManagedElement. The result of this operation is "
|
|
"that the cumulative rights of the Subject to "
|
|
"access or define authorization rights for the "
|
|
"Target will be reported. If no Subject is "
|
|
"specified, then a Target MUST be supplied and ALL "
|
|
"Subjects that have rights to access or define "
|
|
"authorizations for the Target will be reported. "
|
|
"(It should be noted that the information reported "
|
|
"MUST be filtered by the rights of the requestor to "
|
|
"view that data.) If the Subject element is a "
|
|
"Collection, then the operation will specifically "
|
|
"report the Privileges for all elements associated "
|
|
"to the Collection via MemberOfCollection. These "
|
|
"elements will be reported individually in the "
|
|
"returned OutSubjects array." ),
|
|
ModelCorrespondence {
|
|
"CIM_PrivilegeManagementService.ShowAccess.Target" }]
|
|
CIM_ManagedElement REF Subject,
|
|
[IN, Description (
|
|
"The Target parameter references an instance of "
|
|
"ManagedElement. The result of this operation is "
|
|
"that the cumulative rights of the Subject to "
|
|
"access or define authorization rights for the "
|
|
"Target will be reported. If no Target is "
|
|
"specified, then a Subject MUST be supplied and ALL "
|
|
"Targets for which that the Subject has rights to "
|
|
"access or define authorization will be reported. "
|
|
"(It should be noted that the information reported "
|
|
"MUST be filtered by the rights of the requestor to "
|
|
"view that data.) If the Target element is a "
|
|
"Collection, then the operation will be applied to "
|
|
"all elements associated to the Collection via "
|
|
"MemberOfCollection. These elements will be "
|
|
"reported individually in the returned OutTargets "
|
|
"array." ),
|
|
ModelCorrespondence {
|
|
"CIM_PrivilegeManagementService.ShowAccess.Subject" }]
|
|
CIM_ManagedElement REF Target,
|
|
[IN ( false ), OUT, Description (
|
|
"The array of Subject REFs corresponding to the "
|
|
"individual Privileges and OutTargets arrays. The "
|
|
"resulting OutSubjects, Privileges and OutTargets "
|
|
"arrays define the cumulative rights granted "
|
|
"between the Subject/Target at the corresponding "
|
|
"index (filtered to return the information that the "
|
|
"requestor is authorized to view)." ),
|
|
ArrayType ( "Indexed" ),
|
|
ModelCorrespondence {
|
|
"CIM_PrivilegeManagementService.ShowAccess.Subject",
|
|
"CIM_PrivilegeManagementService.ShowAccess.Privileges",
|
|
"CIM_PrivilegeManagementService.ShowAccess.OutTargets" }]
|
|
CIM_ManagedElement REF OutSubjects[],
|
|
[IN ( false ), OUT, Description (
|
|
"The array of Target REFs corresponding to the "
|
|
"individual Privileges and OutSubjects arrays. The "
|
|
"resulting OutSubjects, Privileges and OutTargets "
|
|
"arrays define the cumulative rights granted "
|
|
"between the Subject/Target at the corresponding "
|
|
"index (filtered to return the information that the "
|
|
"requestor is authorized to view)." ),
|
|
ArrayType ( "Indexed" ),
|
|
ModelCorrespondence {
|
|
"CIM_PrivilegeManagementService.ShowAccess.Target",
|
|
"CIM_PrivilegeManagementService.ShowAccess.Privileges",
|
|
"CIM_PrivilegeManagementService.ShowAccess.OutSubjects" }]
|
|
CIM_ManagedElement REF OutTargets[],
|
|
[IN ( false ), OUT, Description (
|
|
"The returned Privilege objects represent the "
|
|
"cumulative rights granted between the OutSubjects "
|
|
"and OutTargets at the same array index (filtered "
|
|
"to return the information that the requestor is "
|
|
"authorized to view). If a specific array entry is "
|
|
"NULL, then there exist NO rights that the "
|
|
"requestor is authorized to view between the "
|
|
"Subject/Target pair." ),
|
|
EmbeddedObject, ArrayType ( "Indexed" ),
|
|
ModelCorrespondence {
|
|
"CIM_PrivilegeManagementService.ShowAccess.OutTargets",
|
|
"CIM_PrivilegeManagementService.ShowAccess.OutSubjects" }]
|
|
string Privileges[]);
|
|
|
|
};
|