Class CIM_RoleBasedManagementCapabilities
Used in features: Role
Based
Compatible with the following Intel AMT Releases: 3.2, 4.0,
5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5, 10.0, 11.0
CIM_ManagedElement
CIM_Capabilities
CIM_PrivilegeManagementCapabilities
CIM_RoleBasedManagementCapabilities
class CIM_RoleBasedManagementCapabilities
- extends CIM_PrivilegeManagementCapabilities
General Information:
A subclass that extends the capabilities of
the
CIM_RoleBasedAuthorizationService.
Qualifiers:
-------------
Version=2.18.0
UMLPackagePath=CIM::User::Privilege
Supported Fields
Summary |
uint16[25]
|
QualifierFormatsSupported
Defines the semantics of corresponding entries in the
ActivityQualifierSupported array . . .
|
string[25]
|
ActivityQualifiersSupported
The ActivityQualifiersSupported property is an array of string
values used to further qualify and specify the supported activities of
privileges . . .
|
uint16[25]
|
ActivitiesSupported
A super set of activities that could be granted or denied to a
role or an identity by the associated privileges . . .
|
boolean
|
SharedPrivilegeSupported
Set to TRUE if this PrivilegeManagementService supports
association of multiple subjects or targets to a particular Privilege . .
.
|
string
|
InstanceID Within the scope of the instantiating Namespace,
InstanceID opaquely and uniquely identifies an instance of this class . .
.
|
string
|
ElementName The
user friendly name for this instance of Capabilities . . .
|
uint16[2]
|
SupportedMethods
The enumeration values "ChangeAccess", "ShowAccess",
"AssignAccess", "RevokeAccess", "CreateRole", "ModifyRole", "AssignRoles",
"ShowRoles", and "DeleteRole" corresponds to support for the like-named
method of the RoleBasedAuthorizationService . .
.
|
Methods Summary |
|
Get(Instance) Gets the
representation of the instance
|
|
Pull(EnumerationContext,
MaxElements) Pulls instances of this class, following an
Enumerate operation
|
|
Enumerate()
Enumerates the instances of this class
|
|
Release(EnumerationContext)
Releases an enumeration context
|
QualifierFormatsSupported
public uint16[25] QualifierFormatsSupported
- General Information:
Defines the semantics of corresponding
entries in the ActivityQualifierSupported array. The QualifierSupported
property of the instances of CIM_Privilege that are associated to the role or
the identity MUST contain only the values enumerated in the QualifierSupported
array property. Refer to the CIM_Privilege.QualifierSupported property for the
detailed description of values.
Product Specific
Usage:
Additional Notes:
1) 'Array Max Length' qualifier in Intel
AMT Release 3.2 is '19'.
2) 'Max Length' qualifier in Intel AMT Release
6.0 and later releases is '25'. Matching array to ActivityQualifiersSupported,
each entry contains the value 'Vendor Reserved" (16000)
Qualifiers:
-------------
ValueMap={2, 3, 4, 5, 6, 7,
8, 9, 10, 11, .., 16000..}
Values={Class Name, <Class.>Property,
<Class.>Method, Object Reference, Namespace, URL, Directory/File Name,
Command Line Instruction, SCSI Command, Packets, DMTF Reserved, Vendor
Reserved}
ArrayType=Indexed
ModelCorrespondence={CIM_Privilege.ActivityQualifiers}
ActivityQualifiersSupported
public string[25] ActivityQualifiersSupported
- General Information:
The ActivityQualifiersSupported property is
an array of string values used to further qualify and specify the supported
activities of privileges. The ActivityQualifiers property of the instances of
CIM_Privilege that are associated to the role or the identity MUST contain
only the values enumerated in the ActivityQualifiersSupported array property.
Details on the semantics of the individual entries in
ActivityQualifiersSupported are provided by corresponding entries in the
QualifierFormatsSupported array. Refer to the CIM_Privilege.ActivityQualifiers
property for the detailed description of values.
Product Specific
Usage:
Additional Notes:
1) 'Array Max Length' qualifier in Intel
AMT Release 3.2 is '19'.
2) 'Max Length' qualifier in Intel AMT Release
3.2 is '10'.
3) 'Max Length' qualifier in Intel AMT Release 6.0 and later
releases is '25'. Contains an entry for every possible realm in the system
(see CIM_Privilege ActivityQualifiers
documentation)
Qualifiers:
-------------
ArrayType=Indexed
ModelCorrespondence={CIM_PrivilegeManagementCapabilities.ActivitiesSupported,
CIM_Privilege.QualifierFormats}
MaxLen=15
ActivitiesSupported
public uint16[25] ActivitiesSupported
- General Information:
A super set of activities that could be
granted or denied to a role or an identity by the associated privileges. The
Activities property of the instances of CIM_Privilege that are associated to
the role or the identity MUST contain only the values enumerated in the
ActivitiesSupported array property. The supported activities apply to all
entities specified in the ActivityQualifiersSupported array. Refer to the
CIM_Privilege.Activities property for the detailed description of
values.
Product Specific Usage:
Additional Notes:
1)
'Array Max Length' qualifier in Intel AMT Release 3.2 is '19'.
2) 'Max
Length' qualifier in Intel AMT Release 6.0 and later releases is '25'.
Matching array to ActivityQualifiersSupported, each entry contains the value
'Execute" (7)
Qualifiers:
-------------
ValueMap={1, 2, 3,
4, 5, 6, 7, .., 16000..}
Values={Other, Create, Delete, Detect, Read,
Write, Execute, DMTF Reserved, Vendor
Reserved}
ArrayType=Indexed
ModelCorrespondence={CIM_PrivilegeManagementCapabilities.ActivityQualifiersSupported}
SharedPrivilegeSupported
public boolean SharedPrivilegeSupported
- General Information:
Set to TRUE if this
PrivilegeManagementService supports association of multiple subjects or
targets to a particular Privilege. If False, the AssignAccess method supports
at most one entry each in the Subjects and Targets
parameters.
Product Specific Usage:
In Intel AMT Release 6.0
and later releases value is false.
InstanceID
public string InstanceID
- General Information:
Within the scope of the instantiating
Namespace, InstanceID opaquely and uniquely identifies an instance of this
class. In order to ensure uniqueness within the NameSpace, the value of
InstanceID SHOULD be constructed using the following 'preferred' algorithm:
<OrgID>:<LocalID>
Where <OrgID> and <LocalID>
are separated by a colon ':', and where <OrgID> MUST include a
copyrighted, trademarked or otherwise unique name that is owned by the
business entity creating/defining the InstanceID, or is a registered ID that
is assigned to the business entity by a recognized global authority (This is
similar to the <Schema Name>_<Class Name> structure of Schema
class names.) In addition, to ensure uniqueness <OrgID> MUST NOT contain
a colon (':'). When using this algorithm, the first colon to appear in
InstanceID MUST appear between <OrgID> and <LocalID>.
<LocalID> is chosen by the business entity and SHOULD not be re-used
to identify different underlying (real-world) elements. If the above
'preferred' algorithm is not used, the defining entity MUST assure that the
resultant InstanceID is not re-used across any InstanceIDs produced by this or
other providers for this instance's NameSpace.
For DMTF defined instances,
the 'preferred' algorithm MUST be used with the <OrgID> set to
'CIM'.
Product Specific Usage:
In Intel AMT Release 6.0 and
later releases value is "Intel(r)
AMT:CIM_RoleBasedManagementCapabilities"
Qualifiers:
-------------
Key
Override=InstanceID
MaxLen=52
ElementName
public string ElementName
- General Information:
The user friendly name for this instance of
Capabilities. In addition, the user friendly name can be used as a index
property for a search of query. (Note: Name does not have to be unique within
a namespace.)
Product Specific Usage:
In Intel AMT Release
6.0 and later releases value is "Role-based Management
Capabilities"
Qualifiers:
-------------
Required
Override=ElementName
MaxLen=40
SupportedMethods
public uint16[2] SupportedMethods
- General Information:
The enumeration values "ChangeAccess",
"ShowAccess", "AssignAccess", "RevokeAccess", "CreateRole", "ModifyRole",
"AssignRoles", "ShowRoles", and "DeleteRole" corresponds to support for the
like-named method of the RoleBasedAuthorizationService.
The value
"ModifyPrivilege" corresponds to support for directly modifying an instance of
CIM_Privilege using an intrinsic operation.
Product Specific
Usage:
In Intel AMT Release 6.0 and later releases value is
"ModifyPrivilege"
Qualifiers:
-------------
Override=SupportedMethods
ValueMap={0,
1, 2, 3, 4, 5, 6, 7, 8, 9, .., 32768..65535}
Values={ChangeAccess,
ShowAccess, AssignAccess, RevokeAccess, CreateRole, ModifyRole, AssignRoles,
ShowRoles, ModifyPrivilege, DeleteRole, DMTF Reserved, Vendor
Reserved}
Get
public Get([OUT]CIM_RoleBasedManagementCapabilities Instance)
- Permission Information:
This method is accessible from any
realm
General Information:
Gets the representation of the
instance
Product Specific Usage:
Additional Notes:
1)
'Get' in Intel AMT Release 3.2 until Release 5.1 is permitted only to
'ADMIN_SECURITY_ADMINISTRATION_REALM'.
2) 'Get' in Intel AMT Release 6.0
and later releases is permitted to all realms
Pull
public Pull([IN]String EnumerationContext, [IN]String MaxElements)
- Permission Information:
All users permitted to use method, only
instances to whom the user has permissions will be returned
General
Information:
Pulls instances of this class, following an Enumerate
operation
Enumerate
public Enumerate()
- Permission Information:
All users permitted to use
method
General Information:
Enumerates the instances of this
class
Release
public Release([IN]String EnumerationContext)
- Permission Information:
All users permitted to use
method
General Information:
Releases an enumeration
context