Class CIM_Role
Used in features: Role Based
Compatible
with the following Intel AMT Releases: 3.2, 4.0, 5.0, 5.1, 6.0, 6.1, 6.2,
7.0, 8.0, 8.1, 9.0, 9.5, 10.0, 11.0
CIM_ManagedElement
CIM_Collection
CIM_Role
class CIM_Role
- extends CIM_Collection
General Information:
The Role object class is used to represent a
position or set of responsibilities within an organization, organizational unit
or other scope, and MAY be filled by a person or persons (or non-human entities
represented by ManagedSystemElement subclasses) - i.e., the 'role occupants'.
The latter MAY be explicitly associated to a Role, by associating Identities
using MemberOfCollection. The 'position or set of responsibilities' of a Role
are represented as a set of rights defined by instances of the Privilege class,
and are also associated to the Role via MemberOfCollection. If Identities are
not explicitly associated, instances of AuthorizationRule MUST be associated
with a Role using AuthorizationRuleAppliesToRole. The rule defines how subject
entities are authorized for a Role and to which target entities the Role
applies.
The Role class is defined so as to incorporate commonly-used
LDAP attributes to permit implementations to easily derive this information from
LDAP-accessible directories. This class's properties are a subset of a related
class, OtherRoleInformation, which defines all the group properties and uses
arrays for directory compatibility.
Product Specific Usage:
For
every user in the system there is an instance of this class. It represents the
user's role in the system.
It's associated with a matching instance of
CIM_Privilege by CIM_MemberOfCollection association.
For digest users, it's
associated with matching CIM_Identity instance by both CIM_MemberOfCollection
and CIM_ConcreteDependency.
For kerberos users, it's associated with a
matching CIM_RemoteIdentity instance by both CIM_MemberOfCollection and
CIM_ConcreteDependency.
Qualifiers:
-------------
Version=2.18.0
UMLPackagePath=CIM::User::Role
Supported Fields
Summary |
string
|
ElementName A
user-friendly name for the object . . .
|
string
|
CreationClassName CreationClassName indicates the name
of the class or the subclass used in the creation of an instance . .
.
|
string
|
Name The Name property defines the label by which the
object is known . . .
|
string
|
CommonName A Common
Name is a (possibly ambiguous) name by which the role is commonly known in
some limited scope (such as an organization) and conforms to the naming
conventions of the country or culture with which it is associated.
|
uint16[2]
|
RoleCharacteristics
RoleCharacteristics provides descriptive information about the
intended usage of the Role. When the value 2 "Static" is specified, no
modification to the role shall be allowed . .
.
|
Methods Summary |
|
Get(Instance) Gets the
representation of the instance
|
|
Pull(EnumerationContext,
MaxElements) Pulls instances of this class, following an
Enumerate operation
|
|
Enumerate()
Enumerates the instances of this class
|
|
Release(EnumerationContext)
Releases an enumeration context
|
ElementName
public string ElementName
- General Information:
A user-friendly name for the object. This
property allows each instance to define a user-friendly name in addition to
its key properties, identity data, and description information.
Note that
the Name property of ManagedSystemElement is also defined as a user-friendly
name. But, it is often subclassed to be a Key. It is not reasonable that the
same property can convey both identity and a user-friendly name, without
inconsistencies. Where Name exists and is not a Key (such as for instances of
LogicalDevice), the same information can be present in both the Name and
ElementName properties. Note that if there is an associated instance of
CIM_EnabledLogicalElementCapabilities, restrictions on this properties may
exist as defined in ElementNameMask and MaxElementNameLen properties defined
in that class.
Product Specific Usage:
'ElementName' field
format is 'Intel(r) AMT:<userID>', depending on the user.
An
exception is the 'admin' built-in user, where the 'ElementName' of the
corresponding CIM_Role instance will be 'Administrator' (with capital
'A').
Qualifiers:
-------------
MaxLen=64
CreationClassName
public string CreationClassName
- General Information:
CreationClassName indicates the name of the
class or the subclass used in the creation of an instance. When used with the
other key properties of this class, this property allows all instances of this
class and its subclasses to be uniquely identified.
Product Specific
Usage:
In Intel AMT Release 6.0 and later releases value is
"CIM_Role"
Qualifiers:
-------------
Key
MaxLen=12
Name
public string Name
- General Information:
The Name property defines the label by
which the object is known. In the case of an LDAP-derived instance, the Name
property value may be set to the distinguished name of the LDAP-accessed
object instance.
Product Specific Usage:
'Name' field format
is 'Intel(r) AMT:<userID>', depending on the user.
An exception is
the 'admin' built-in user, where the 'Name' of the corresponding CIM_Role
instance will be 'Administrator' (with capital
'A').
Qualifiers:
-------------
Key
MaxLen=64
CommonName
public string CommonName
- General Information:
A Common Name is a (possibly ambiguous)
name by which the role is commonly known in some limited scope (such as an
organization) and conforms to the naming conventions of the country or culture
with which it is associated.
Product Specific
Usage:
Additional Notes:
1) In Intel AMT Release 5.1 and later
releases, 'CommonName' format changed from '<user name> Role' to:
- For digest (non-kerberos) users: 'Intel(r) AMT:<user name>'.
An exception is the 'admin' built-in user, where the 'CommonName' of the
corresponding CIM_Role instance will be 'Intel(r) AMT:Administrator' (with
capital 'A').
- For kerberos users, format is 'Intel(r) AMT:RemoteID
<user name> Role'
2) in Intel AMT Release 6.1 and later
releases, the 'CommonName' format for kerberos users changed from '<user
name> Role' to 'Intel(r) AMT:RemoteID <user name>'.
Qualifiers:
-------------
Required
MaxLen=256
RoleCharacteristics
public uint16[2] RoleCharacteristics
- General Information:
RoleCharacteristics provides descriptive
information about the intended usage of the Role.
When the value 2 "Static"
is specified, no modification to the role shall be allowed. Any requests by
client to change the privileges or the scope of the role by modifying the
associated instances of CIM_Privilege or referencing associations shall
fail.
When the value 2 "Static" is not specified, the instance of CIM_Role
may be modified by a client. The modification may include changing the scope
of the role or rights granted. When the value 3 "Opaque" is specified, the
rights granted by the CIM_Role instance shall not be explicitly modeled
through aggregation of instances of CIM_Privilege.
When the value 3
"Opaque" is not specified, the rights granted by the instance of CIM_Role
shall be explicitly modeled through aggregation of instances of
CIM_Privilege.
Qualifiers:
-------------
ValueMap={2, 3,
.., 32000..65535}
Values={Static, Opaque, DMTF Reserved, Vendor
Specific}
Get
public Get([OUT]CIM_Role Instance)
- Permission Information:
This method is accessible from any
realm
General Information:
Gets the representation of the
instance
Product Specific Usage:
Additional Notes:
1)
'Get' in Intel AMT Release 3.2 until release 5.1 is permitted only to
'ADMIN_SECURITY_ADMINISTRATION_REALM' and
'ADMIN_SECURITY_USER_ACCESS_CONTROL_REALM'
2) 'Get' in Intel AMT Release
6.0 and later releases is permitted to all realms.
Pull
public Pull([IN]String EnumerationContext, [IN]String MaxElements)
- Permission Information:
All users permitted to use method, only
instances to whom the user has permissions will be returned
General
Information:
Pulls instances of this class, following an Enumerate
operation
Enumerate
public Enumerate()
- Permission Information:
All users permitted to use
method
General Information:
Enumerates the instances of this
class
Release
public Release([IN]String EnumerationContext)
- Permission Information:
All users permitted to use
method
General Information:
Releases an enumeration
context