SUMMARY: NESTED | FIELD | | METHOD
DETAIL: FIELD | METHOD

Class CIM_Account

Used in features: Simple Identity
Compatible with the following Intel AMT Releases: 3.2, 4.0, 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5, 10.0, 11.0 
CIM_ManagedElement
   extended by CIM_ManagedSystemElement
      extended by CIM_LogicalElement
         extended by CIM_EnabledLogicalElement
            extended by CIM_Account


class CIM_Account
 extends CIM_EnabledLogicalElement


General Information:
CIM_Account is the information held by a 
SecurityService to track identity and privileges managed by that service. Common 
examples of an Account are the entries in a UNIX /etc/passwd file. Several kinds 
of security services use various information from those entries - the /bin/login 
program uses the account name ('root') and hashed password to authenticate 
users, and the file service, for instance, uses the UserID field ('0') and 
GroupID field ('0') to record ownership and determine access control privileges 
on files in the file system. This class is defined so as to incorporate 
commonly-used LDAP attributes to permit implementations to easily derive this 
information from LDAP-accessible directories. 

The semantics of Account 
overlap with that of the class, CIM_Identity. However, aspects of Account - such 
as its specific tie to a System - are valuable and have been widely implemented. 
For this reason, the Account and Identity classes are associated using a 
subclass of LogicalIdentity (AccountIdentity), instead of deprecating the 
Account class in the CIM Schema. When an Account has been authenticated, the 
corresponding Identity's TrustEstablished Boolean would be set to TRUE. Then, 
the Identity class can be used as defined for authorization 
purposes.

Product Specific Usage:
For every digest 
(non-kerberos) user in the system there is an instance of this class. This 
instance enables management of the user account. 

There are matching 
instances of CIM_Identity, CIM_Role and CIM_Privilege (a 1:1:1:1 structure). 

CIM_Identity and CIM_Account are associated by CIM_AssignedIdentity, 
CIM_Identity and CIM_Role by both CIM_MemberOfCollection and 
CIM_ConcreteDependency, and CIM_Role and CIM_Privilege by 
CIM_MemberOfCollection.

Qualifiers:
-------------
Version=2.27.0
UMLPackagePath=CIM::User::Account









  
  

    Supported Fields 
      Summary

  

     uint16 
      
    RequestedState 
      
RequestedState is an integer enumeration that indicates the 
      last requested or desired state for the element, irrespective of the 
      mechanism through which it was requested . . .

  

     uint16 
      
    EnabledState 
      
EnabledState is an integer enumeration that indicates the 
      enabled and disabled states of an element . . .

  

     string 
      
    ElementName 
A 
      user-friendly name for the object . . .

  

     string 
      
    SystemCreationClassName Key  
The scoping System's CCN.

  

     string 
      
    SystemName Key  
The scoping System's Name.

  

     string 
      
    CreationClassName Key  
CreationClassName indicates the name 
      of the class or the subclass used in the creation of an instance . . 
    .

  

     string 
      
    Name Key  
The Name property defines the label by which the 
      object is known . . .

  

     string 
      
    UserID 
UserID is the 
      value used by the SecurityService to represent identity . . .

  

     string[] 
      
    OrganizationName 
      
The name of the organization related to the account.

  

     string[2] 
      
    UserPassword 
In 
      the case of an LDAP-derived instance, the UserPassword property may 
      contain an encrypted password used to access the person's resources in a 
      directory.

  

     uint16 
      
    UserPasswordEncryptionAlgorithm 
      
The encryption algorithm (if any) used by the client to produce 
      the value in the UserPassword property when creating or modifying an 
      instance of CIM_Account . . .




  
  

    Methods Summary

  

     uint32
    RequestStateChange(RequestedState, REF 
      Job, TimeoutPeriod) 
Requests that the state of the element be 
      changed to the value specified in the RequestedState parameter . . 
.

  

     
    Put(Instance) 
Changes 
      properties of the selected instance

  

     
    Get(Instance) 
Gets the 
      representation of the instance

  

     
    Delete() 
Deletes an 
      instance

  

     
    Pull(EnumerationContext, 
      MaxElements) 
Pulls instances of this class, following an 
      Enumerate operation

  

     
    Enumerate() 
      
Enumerates the instances of this class

  

     
    Release(EnumerationContext) 
      
Releases an enumeration context




  
  

    Field 
Detail


RequestedState 
public uint16 RequestedState



  
General Information:
RequestedState is an integer enumeration 
  that indicates the last requested or desired state for the element, 
  irrespective of the mechanism through which it was requested. The actual state 
  of the element is represented by EnabledState. This property is provided to 
  compare the last requested and current enabled or disabled states. Note that 
  when EnabledState is set to 5 ("Not Applicable"), then this property has no 
  meaning. Refer to the EnabledState property description for explanations of 
  the values in the RequestedState enumeration. 
"Unknown" (0) indicates the 
  last requested state for the element is unknown.
Note that the value "No 
  Change" (5) has been deprecated in lieu of indicating the last requested state 
  is "Unknown" (0). If the last requested or desired state is unknown, 
  RequestedState should have the value "Unknown" (0), but may have the value "No 
  Change" (5).Offline (6) indicates that the element has been requested to 
  transition to the Enabled but Offline EnabledState. 
It should be noted 
  that there are two new values in RequestedState that build on the statuses of 
  EnabledState. These are "Reboot" (10) and "Reset" (11). Reboot refers to doing 
  a "Shut Down" and then moving to an "Enabled" state. Reset indicates that the 
  element is first "Disabled" and then "Enabled". The distinction between 
  requesting "Shut Down" and "Disabled" should also be noted. Shut Down requests 
  an orderly transition to the Disabled state, and might involve removing power, 
  to completely erase any existing state. The Disabled state requests an 
  immediate disabling of the element, such that it will not execute or accept 
  any commands or processing requests. 

This property is set as the 
  result of a method invocation (such as Start or StopService on CIM_Service), 
  or can be overridden and defined as WRITEable in a subclass. The method 
  approach is considered superior to a WRITEable property, because it allows an 
  explicit invocation of the operation and the return of a result code. 
  

If knowledge of the last RequestedState is not supported for the 
  EnabledLogicalElement, the property shall be NULL or have the value 12 "Not 
  Applicable".

Product Specific Usage:
Value of this field is 
  identical to value of 
  "EnabledState"

Qualifiers:
-------------
ValueMap={0, 2, 
  3, 4, 5, 6, 7, 8, 9, 10, 11, 12, .., 32768..65535}
Values={Unknown, 
  Enabled, Disabled, Shut Down, No Change, Offline, Test, Deferred, Quiesce, 
  Reboot, Reset, Not Applicable, DMTF Reserved, Vendor 
  Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.EnabledState}


  

  





EnabledState 
public uint16 EnabledState



  
General Information:
EnabledState is an integer enumeration that 
  indicates the enabled and disabled states of an element. It can also indicate 
  the transitions between these requested states. For example, shutting down 
  (value=4) and starting (value=10) are transient states between enabled and 
  disabled. The following text briefly summarizes the various enabled and 
  disabled states: 
Enabled (2) indicates that the element is or could be 
  executing commands, will process any queued commands, and queues new requests. 
  
Disabled (3) indicates that the element will not execute commands and will 
  drop any new requests. 
Shutting Down (4) indicates that the element is in 
  the process of going to a Disabled state. 
Not Applicable (5) indicates the 
  element does not support being enabled or disabled. 
Enabled but Offline 
  (6) indicates that the element might be completing commands, and will drop any 
  new requests. 
Test (7) indicates that the element is in a test state. 
  
Deferred (8) indicates that the element might be completing commands, but 
  will queue any new requests. 
Quiesce (9) indicates that the element is 
  enabled but in a restricted mode.
Starting (10) indicates that the element 
  is in the process of going to an Enabled state. New requests are 
  queued.

Product Specific Usage:
Only "Enabled" (2) or 
  "Disabled" (3) values are actually 
  returned

Qualifiers:
-------------
ValueMap={0, 1, 2, 3, 
  4, 5, 6, 7, 8, 9, 10, 11..32767, 32768..65535}
Values={Unknown, Other, 
  Enabled, Disabled, Shutting Down, Not Applicable, Enabled but Offline, In 
  Test, Deferred, Quiesce, Starting, DMTF Reserved, Vendor 
  Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.OtherEnabledState}


  

  





ElementName 
public string ElementName



  
General Information:
A user-friendly name for the object. This 
  property allows each instance to define a user-friendly name in addition to 
  its key properties, identity data, and description information. 
Note that 
  the Name property of ManagedSystemElement is also defined as a user-friendly 
  name. But, it is often subclassed to be a Key. It is not reasonable that the 
  same property can convey both identity and a user-friendly name, without 
  inconsistencies. Where Name exists and is not a Key (such as for instances of 
  LogicalDevice), the same information can be present in both the Name and 
  ElementName properties. Note that if there is an associated instance of 
  CIM_EnabledLogicalElementCapabilities, restrictions on this properties may 
  exist as defined in ElementNameMask and MaxElementNameLen properties defined 
  in that class.

Qualifiers:
-------------
MaxLen=32


  

  





SystemCreationClassName Key 
public string SystemCreationClassName



  
General Information:
The scoping System's CCN.

Product 
  Specific Usage:
In Intel AMT Release 6.0 and later releases value is 
  "CIM_ComputerSystem"

Qualifiers:
-------------
Key
MaxLen=20
Propagated=CIM_System.CreationClassName


  

  





SystemName Key 
public string SystemName



  
General Information:
The scoping System's 
  Name.

Product Specific Usage:
In Intel AMT Release 6.0 and 
  later releases value is 
  "ManagedSystem"

Qualifiers:
-------------
Key
MaxLen=16
Propagated=CIM_System.Name


  

  





CreationClassName Key 
public string CreationClassName



  
General Information:
CreationClassName indicates the name of the 
  class or the subclass used in the creation of an instance. When used with the 
  other key properties of this class, this property allows all instances of this 
  class and its subclasses to be uniquely identified.

Product Specific 
  Usage:
In Intel AMT Release 6.0 and later releases value is 
  "CIM_Account"

Qualifiers:
-------------
Key
MaxLen=12


  

  





Name Key 
public string Name



  
General Information:
The Name property defines the label by 
  which the object is known. The value of this property may be set to be the 
  same as that of the UserID property or, in the case of an LDAP-derived 
  instance, the Name property value may be set to the distinguishedName of the 
  LDAP-accessed object instance.

Product Specific Usage:
In 
  Intel AMT Release 6.0 and later releases value is the username of the account 
  (identical to "UserID" 
  field)

Qualifiers:
-------------
Key
Override=Name
MaxLen=16


  

  





UserID 
public string UserID



  
General Information:
UserID is the value used by the 
  SecurityService to represent identity. For an authentication service, the 
  UserID may be the name of the user, or for an authorization service the value 
  which serves as a handle to a mapping of the identity.

Product 
  Specific Usage:
In Intel AMT Release 6.0 and later releases value is 
  the username of the account (identical to "Name" field). 
In instance 
  creation, the value is detemined by the "UserID" input (and the "Name" is 
  ignored), and in the Put method, the value is detemined by the "Name" input 
  (and the "UserID" is ignored) 
  

Qualifiers:
-------------
MaxLen=16


  

  





OrganizationName 
public string[] OrganizationName



  
General Information:
The name of the organization related to the 
  account.

Product Specific Usage:
Additional Notes: 
1) 
  'Array Max Length' qualifier in Intel AMT Release 3.2 and earlier releases is 
  '2'. 
  


Qualifiers:
-------------
Required
MaxLen=32


  

  





UserPassword 
public string[2] UserPassword



  
General Information:
In the case of an LDAP-derived instance, 
  the UserPassword property may contain an encrypted password used to access the 
  person's resources in a directory.

Product Specific 
  Usage:
Write-Only attribute. An empty string will be retrieved in a Get 
  request. 
Hexadecimal representation of MD5 Hash of these parameters 
  concatenated together (Username + ":" + DigestRealm + ":" + Password) 
The 
  DigestRealm is a field in 
  AMT_GeneralSettings.

Qualifiers:
-------------
OctetString
MaxLen=256


  

  





UserPasswordEncryptionAlgorithm 
public uint16 UserPasswordEncryptionAlgorithm



  
General Information:
The encryption algorithm (if any) used by 
  the client to produce the value in the UserPassword property when creating or 
  modifying an instance of CIM_Account. The original password is encrypted using 
  the algorithm specified in this property, and UserPassword contains the 
  resulting encrypted value. In response to an operation request that would 
  return the value of the UserPassword property to a client, an implementation 
  shall instead return an array of length zero.
The value of 
  UserPasswordEncryptionAlgorithm in an instance of CIM_Account shall be 0 
  ("None") unless the SupportedUserPasswordEncryptionAlgorithms[] property in 
  the CIM_AccountManagementCapabilities instance associated with the 
  CIM_AccountManagementService instance associated with the CIM_Account instance 
  contains a non-null entry other than 0 ("None").
This property does not 
  prevent the use of encryption at the transport, network, or data-link layer to 
  protect communications between a management client and the server, nor is it 
  meant to encourage communications without such encryption.
The supported 
  values for this property are:
- 0 ("None"): Indicates that the contents of 
  UserPassword are not encrypted.
- 1 ("Other"): Indicates that the contents 
  of UserPassword are encrypted using an algorithm not specifically identified 
  in the value map for this property, and that this algorithm is described in 
  OtherUserPasswordEncryptionAlgorithm.
- 2 ("HTTP Digest MD5(A1)"): The MD5 
  hash algorithm, applied to the string A1 defined in RFC2617 as the 
  concatenation username-value ":" realm-value ":" passwd, where username-value 
  is provided by the client as the value of the UserID property. passwd is the 
  underlying user password. realm-value is the HTTP digest realm value, and is 
  provided by the server. The semantics of the HTTP digest realm are specified 
  in RFC 2617. The server may surface the realm-value in the 
  UserPasswordEncryptionSalt property of 
  CIM_AccountManagementCapabilities.

Product Specific 
  Usage:
Write-Only attribute. 
Only acceptable value is "HTTP Digest 
  MD5(A1)" (2).

Qualifiers:
-------------
ValueMap={0, 1, 2, 
  ..}
Values={None, Other, HTTP Digest MD5(A1), DMTF 
  Reserved}
ModelCorrespondence={CIM_Account.UserPassword, 
  CIM_Account.OtherUserPasswordEncryptionAlgorithm, 
  CIM_AccountManagementCapabilities.SupportedUserPasswordEncryptionAlgorithms, 
  CIM_AccountManagementCapabilities.UserPasswordEncryptionSalt}


  

  






  
  

    Method 
Detail


RequestStateChange
public uint32 RequestStateChange([IN]uint16 RequestedState, [OUT]REF CIM_ConcreteJob Job, [IN]datetime TimeoutPeriod)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM

General 
  Information:
Requests that the state of the element be changed to the 
  value specified in the RequestedState parameter. When the requested state 
  change takes place, the EnabledState and RequestedState of the element will be 
  the same. Invoking the RequestStateChange method multiple times could result 
  in earlier requests being overwritten or lost. 
A return code of 0 shall 
  indicate the state change was successfully initiated. 
A return code of 3 
  shall indicate that the state transition cannot complete within the interval 
  specified by the TimeoutPeriod parameter. 
A return code of 4096 (0x1000) 
  shall indicate the state change was successfully initiated, a ConcreteJob has 
  been created, and its reference returned in the output parameter Job. Any 
  other return code indicates an error condition.

Product Specific 
  Usage:
Additional Notes: 
1) The method returns INTERNAL_ERROR fault 
  in case of Audit Fail, due to DASH compliancy requirement (DSP1034) 
2) 
  Only "Enabled" (2) or "Disabled" (3) values are applicable in parameter 
  "RequestedState". 
3) "TimeoutPeriod" value must be either NULL or contain 
  an all-zero period. 
4) system administrator account can't be 
  disabled.

Qualifiers:
-------------
ValueMap={0, 1, 2, 3, 
  4, 5, 6, .., 4096, 4097, 4098, 4099, 4100..32767, 
  32768..65535}
Values={Completed with No Error, Not Supported, Unknown or 
  Unspecified Error, Cannot complete within Timeout Period, Failed, Invalid 
  Parameter, In Use, DMTF Reserved, Method Parameters Checked - Job Started, 
  Invalid State Transition, Use of Timeout Parameter Not Supported, Busy, Method 
  Reserved, Vendor 
  Specific}
ModelCorrespondence={CIM_EnabledLogicalElement.RequestedState}


Parameters:
--------------

  

    
RequestedState 
    
General Information:
The state requested for the element. This 
    information will be placed into the RequestedState property of the instance 
    if the return code of the RequestStateChange method is 0 ('Completed with No 
    Error'), or 4096 (0x1000) ('Job Started'). Refer to the description of the 
    EnabledState and RequestedState properties for the detailed explanations of 
    the RequestedState 
    values.

Qualifiers:
-------------
IN
ValueMap={2, 3, 
    4, 6, 7, 8, 9, 10, 11, .., 32768..65535}
Values={Enabled, Disabled, Shut 
    Down, Offline, Test, Defer, Quiesce, Reboot, Reset, DMTF Reserved, Vendor 
    Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.RequestedState}


    
Job 
    
General Information:
May contain a reference to the 
    ConcreteJob created to track the state transition initiated by the method 
    invocation.

Qualifiers:
-------------
IN=false
OUT


    
TimeoutPeriod 
    
General Information:
A timeout period that specifies the 
    maximum amount of time that the client expects the transition to the new 
    state to take. The interval format must be used to specify the 
    TimeoutPeriod. A value of 0 or a null parameter indicates that the client 
    has no time requirements for the transition. 
If this property does not 
    contain 0 or null and the implementation does not support this parameter, a 
    return code of 'Use Of Timeout Parameter Not Supported' shall be 
    returned.

Qualifiers:
-------------
IN







Put
public  Put([IN]CIM_Account Instance)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM, 
  ADMIN_SECURITY_USER_ACCESS_CONTROL_REALM

General 
  Information:
Changes properties of the selected 
  instance

Product Specific Usage:
The following properties 
  must be included in any representation of CIM_Account: 
  

SystemCreationClassName 
SystemName 
CreationClassName 
Name 
  
OrganizationName 

Additional Notes: 
1) Only system with 
  ADMIN_SECURITY_ADMINISTRATION_REALM or the user of an account can set the 
  acount instance. Otherwise - the access is denied. 
2) 2) For 
  "OrganizationName" field, if value is NULL, it will not change the 
  "OrganizationName" value of the account. 






Get
public  Get([OUT]CIM_Account Instance)



  
Permission Information:
This method is accessible from any 
  realm

General Information:
Gets the representation of the 
  instance

Product Specific Usage:
Only system with 
  ADMIN_SECURITY_ADMINISTRATION_REALM or the user of an account can see the 
  acount instance. Otherwise - the access is denied.





Delete
public  Delete()



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_ADMINISTRATION_REALM, 
  ADMIN_SECURITY_AUDIT_LOG_REALM

General Information:
Deletes 
  an instance

Product Specific Usage:
Additional Notes: 
1) 
  'Delete' in Intel AMT Release 4.0 is permitted only to 
  'ADMIN_SECURITY_ADMINISTRATION_REALM'. 
2) In Intel AMT Release 5.1 and 
  later releases any user with 'ADMIN_SECURITY_AUDIT_LOG_REALM' can delete 
  itself only.





Pull
public  Pull([IN]String EnumerationContext, [IN]String MaxElements)



  
Permission Information:
All users permitted to use method, only 
  instances to whom the user has permissions will be returned

General 
  Information:
Pulls instances of this class, following an Enumerate 
  operation





Enumerate
public  Enumerate()



  
Permission Information:
All users permitted to use 
  method

General Information:
Enumerates the instances of this 
  class





Release
public  Release([IN]String EnumerationContext)



  
Permission Information:
All users permitted to use 
  method

General Information:
Releases an enumeration 
  context






  
  

    SUMMARY: NESTED | FIELD | METHOD
  

  

    DETAIL: FIELD | METHOD



  
  

    
      
Copyright © 2006-2022, Intel 
      Corporation. All rights 
reserved.