Class CIM_PrivilegeManagementService
CIM_ManagedElement
CIM_ManagedSystemElement
CIM_LogicalElement
CIM_EnabledLogicalElement
CIM_Service
CIM_SecurityService
CIM_AuthorizationService
CIM_PrivilegeManagementService
- Known Subclasses:
- CIM_RoleBasedAuthorizationService
class CIM_PrivilegeManagementService
- extends CIM_AuthorizationService
General Information:
The PrivilegeManagementService is responsible
for creating, deleting, and associating AuthorizedPrivilege instances.
References to 'subject' and 'target' define the entities that are associated
with an AuthorizedPrivilege instance via the relationships, AuthorizedSubject
and AuthorizedTarget, respectively. When created, an AuthorizedPrivilege
instance is related to this (PrivilegeManagement)Service via the association,
ConcreteDependency.
Qualifiers:
-------------
Version=2.20.0
UMLPackagePath=CIM::User::PrivilegeManagementService
Supported Fields
Summary |
boolean
|
Started Started is a
Boolean that indicates whether the Service has been started (TRUE), or
stopped (FALSE).
|
string
|
StartMode Note: The
use of this element is deprecated in lieu of the EnabledDefault property
that is inherited from EnabledLogicalElement . . .
|
string
|
PrimaryOwnerContact
A string that provides information on how the primary owner of
the Service can be reached (for example, phone number, e-mail address, and
so on).
|
string
|
PrimaryOwnerName
The name of the primary owner for the service, if one is
defined . . .
|
string
|
Name The Name property uniquely identifies the
Service and provides an indication of the functionality that is managed .
. .
|
string
|
CreationClassName CreationClassName indicates the name
of the class or the subclass that is used in the creation of an instance .
. .
|
string
|
SystemName The Name of the scoping System.
|
string
|
SystemCreationClassName The CreationClassName of the scoping
System.
|
string
|
ElementName A
user-friendly name for the object . . .
|
string
|
Description The
Description property provides a textual description of the object.
|
string
|
Caption The Caption
property is a short textual description (one- line string) of the
object.
|
datetime
|
InstallDate A
datetime value that indicates when the object was installed . . .
|
uint16[]
|
OperationalStatus
Indicates the current statuses of the element . . .
|
string[]
|
StatusDescriptions
Strings describing the various OperationalStatus array values .
. .
|
string
|
Status A string
indicating the current status of the object . . .
|
uint16
|
HealthState
Indicates the current health of the element . . .
|
uint16
|
EnabledState
EnabledState is an integer enumeration that indicates the
enabled and disabled states of an element . . .
|
string
|
OtherEnabledState
A string that describes the enabled or disabled state of the
element when the EnabledState property is set to 1 ("Other") . . .
|
uint16
|
RequestedState
RequestedState is an integer enumeration that indicates the
last requested or desired state for the element, irrespective of the
mechanism through which it was requested . . .
|
uint16
|
EnabledDefault
An enumerated value indicating an administrator's default or
startup configuration for the Enabled State of an element . . .
|
datetime
|
TimeOfLastStateChange The
date or time when the EnabledState of the element last changed . .
.
|
Methods Summary |
uint32 |
StopService() The
StopService method places the Service in the stopped state . . .
|
uint32 |
StartService() The
StartService method places the Service in the started state . . .
|
uint32 |
RequestStateChange(RequestedState, REF
Job, TimeoutPeriod) Requests that the state of the element be
changed to the value specified in the RequestedState parameter . .
.
|
uint32 |
AssignAccess(REF Subject,
PrivilegeGranted, Activities, ActivityQualifiers, QualifierFormats, REF
Target, REF Privilege) When this method is called, a provider
updates the specified Subject's rights to the Target according to the
parameters of this call . . .
|
uint32 |
RemoveAccess(REF Subject, REF
Privilege, REF Target) This method revokes a specific
AuthorizedPrivilege or all privileges for a particular target, subject, or
subject/target pair . . .
|
uint32 |
ShowAccess(REF Subject, REF
Target, REF OutSubjects, REF OutTargets, Privileges) ShowAccess
reports the Privileges (i.e., rights) granted to a particular Subject
and/or Target pair . . .
|
|
Create(Instance,
ResourceCreated) Creates a new instance of this class
|
|
Put(Instance) Changes
properties of the selected instance
|
|
Get(Instance) Gets the
representation of the instance
|
|
Delete() Deletes an
instance
|
|
Pull(EnumerationContext,
MaxElements) Pulls instances of this class, following an
Enumerate operation
|
|
Enumerate()
Enumerates the instances of this class
|
|
Release(EnumerationContext)
Releases an enumeration context
|
|
Subscribe()
Subscribes to this resource (WS-Eventing)
|
|
Unsubscribe()
Remove subscription to this resource
(WS-Eventing)
|
Started
public boolean Started
- General Information:
Started is a Boolean that indicates whether
the Service has been started (TRUE), or stopped (FALSE).
StartMode
public string StartMode
- General Information:
Note: The use of this element is deprecated
in lieu of the EnabledDefault property that is inherited from
EnabledLogicalElement. The EnabledLogicalElement addresses the same semantics.
The change to a uint16 data type was discussed when CIM V2.0 was defined.
However, existing V1.0 implementations used the string property. To remain
compatible with those implementations, StartMode was grandfathered into the
schema. Use of the deprecated qualifier allows the maintenance of the existing
property but also permits an improved, clarified definition using
EnabledDefault.
Deprecated description: StartMode is a string value that
indicates whether the Service is automatically started by a System, an
Operating System, and so on, or is started only upon
request.
Qualifiers:
-------------
Deprecated={CIM_Service.EnabledDefault}
ValueMap={Automatic,
Manual}
MaxLen=10
PrimaryOwnerContact
public string PrimaryOwnerContact
- General Information:
A string that provides information on how
the primary owner of the Service can be reached (for example, phone number,
e-mail address, and so
on).
Qualifiers:
-------------
Write
MaxLen=256
MappingStrings={MIF.DMTF|General
Information|001.4}
PrimaryOwnerName
public string PrimaryOwnerName
- General Information:
The name of the primary owner for the
service, if one is defined. The primary owner is the initial support contact
for the
Service.
Qualifiers:
-------------
Write
MaxLen=64
MappingStrings={MIF.DMTF|General
Information|001.3}
Name
public string Name
- General Information:
The Name property uniquely identifies the
Service and provides an indication of the functionality that is managed. This
functionality is described in more detail in the Description property of the
object.
Qualifiers:
-------------
Key
Override=Name
MaxLen=256
CreationClassName
public string CreationClassName
- General Information:
CreationClassName indicates the name of the
class or the subclass that is used in the creation of an instance. When used
with the other key properties of this class, this property allows all
instances of this class and its subclasses to be uniquely
identified.
Qualifiers:
-------------
Key
MaxLen=256
SystemName
public string SystemName
- General Information:
The Name of the scoping
System.
Qualifiers:
-------------
Key
MaxLen=256
Propagated=CIM_System.Name
SystemCreationClassName
public string SystemCreationClassName
- General Information:
The CreationClassName of the scoping
System.
Qualifiers:
-------------
Key
MaxLen=256
Propagated=CIM_System.CreationClassName
ElementName
public string ElementName
- General Information:
A user-friendly name for the object. This
property allows each instance to define a user-friendly name in addition to
its key properties, identity data, and description information.
Note that
the Name property of ManagedSystemElement is also defined as a user-friendly
name. But, it is often subclassed to be a Key. It is not reasonable that the
same property can convey both identity and a user-friendly name, without
inconsistencies. Where Name exists and is not a Key (such as for instances of
LogicalDevice), the same information can be present in both the Name and
ElementName properties. Note that if there is an associated instance of
CIM_EnabledLogicalElementCapabilities, restrictions on this properties may
exist as defined in ElementNameMask and MaxElementNameLen properties defined
in that
class.
Qualifiers:
-------------
MaxLen=256
Description
public string Description
- General Information:
The Description property provides a textual
description of the
object.
Qualifiers:
-------------
MaxLen=256
Caption
public string Caption
- General Information:
The Caption property is a short textual
description (one- line string) of the
object.
Qualifiers:
-------------
MaxLen=64
InstallDate
public datetime InstallDate
- General Information:
A datetime value that indicates when the
object was installed. Lack of a value does not indicate that the object is not
installed.
Qualifiers:
-------------
MappingStrings={MIF.DMTF|ComponentID|001.5}
OperationalStatus
public uint16[] OperationalStatus
- General Information:
Indicates the current statuses of the
element. Various operational statuses are defined. Many of the enumeration's
values are self-explanatory. However, a few are not and are described here in
more detail.
"Stressed" indicates that the element is functioning, but
needs attention. Examples of "Stressed" states are overload, overheated, and
so on.
"Predictive Failure" indicates that an element is functioning
nominally but predicting a failure in the near future.
"In Service"
describes an element being configured, maintained, cleaned, or otherwise
administered.
"No Contact" indicates that the monitoring system has
knowledge of this element, but has never been able to establish communications
with it.
"Lost Communication" indicates that the ManagedSystem Element is
known to exist and has been contacted successfully in the past, but is
currently unreachable.
"Stopped" and "Aborted" are similar, although the
former implies a clean and orderly stop, while the latter implies an abrupt
stop where the state and configuration of the element might need to be
updated.
"Dormant" indicates that the element is inactive or quiesced.
"Supporting Entity in Error" indicates that this element might be "OK" but
that another element, on which it is dependent, is in error. An example is a
network service or endpoint that cannot function due to lower-layer networking
problems.
"Completed" indicates that the element has completed its
operation. This value should be combined with either OK, Error, or Degraded so
that a client can tell if the complete operation Completed with OK (passed),
Completed with Error (failed), or Completed with Degraded (the operation
finished, but it did not complete OK or did not report an error).
"Power
Mode" indicates that the element has additional power model information
contained in the Associated PowerManagementService association.
"Relocating" indicates the element is being
relocated.
OperationalStatus replaces the Status property on
ManagedSystemElement to provide a consistent approach to enumerations, to
address implementation needs for an array property, and to provide a migration
path from today's environment to the future. This change was not made earlier
because it required the deprecated qualifier. Due to the widespread use of the
existing Status property in management applications, it is strongly
recommended that providers or instrumentation provide both the Status and
OperationalStatus properties. Further, the first value of OperationalStatus
should contain the primary status for the element. When instrumented, Status
(because it is single-valued) should also provide the primary status of the
element.
Qualifiers:
-------------
ValueMap={0, 1, 2, 3,
4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, ..,
0x8000..}
Values={Unknown, Other, OK, Degraded, Stressed, Predictive
Failure, Error, Non-Recoverable Error, Starting, Stopping, Stopped, In
Service, No Contact, Lost Communication, Aborted, Dormant, Supporting Entity
in Error, Completed, Power Mode, Relocating, DMTF Reserved, Vendor
Reserved}
ArrayType=Indexed
ModelCorrespondence={CIM_ManagedSystemElement.StatusDescriptions}
StatusDescriptions
public string[] StatusDescriptions
- General Information:
Strings describing the various
OperationalStatus array values. For example, if "Stopping" is the value
assigned to OperationalStatus, then this property may contain an explanation
as to why an object is being stopped. Note that entries in this array are
correlated with those at the same array index in
OperationalStatus.
Qualifiers:
-------------
ArrayType=Indexed
ModelCorrespondence={CIM_ManagedSystemElement.OperationalStatus}
MaxLen=256
Status
public string Status
- General Information:
A string indicating the current status of
the object. Various operational and non-operational statuses are defined. This
property is deprecated in lieu of OperationalStatus, which includes the same
semantics in its enumeration. This change is made for 3 reasons:
1) Status
is more correctly defined as an array. This definition overcomes the
limitation of describing status using a single value, when it is really a
multi-valued property (for example, an element might be OK AND Stopped.
2)
A MaxLen of 10 is too restrictive and leads to unclear enumerated values.
3) The change to a uint16 data type was discussed when CIM V2.0 was
defined. However, existing V1.0 implementations used the string property and
did not want to modify their code. Therefore, Status was grandfathered into
the Schema. Use of the deprecated qualifier allows the maintenance of the
existing property, but also permits an improved definition using
OperationalStatus.
Qualifiers:
-------------
Deprecated={CIM_ManagedSystemElement.OperationalStatus}
ValueMap={OK,
Error, Degraded, Unknown, Pred Fail, Starting, Stopping, Service, Stressed,
NonRecover, No Contact, Lost Comm, Stopped}
MaxLen=10
HealthState
public uint16 HealthState
- General Information:
Indicates the current health of the
element. This attribute expresses the health of this element but not
necessarily that of its subcomponents. The possible values are 0 to 30, where
5 means the element is entirely healthy and 30 means the element is completely
non-functional. The following continuum is defined:
"Non-recoverable
Error" (30) - The element has completely failed, and recovery is not possible.
All functionality provided by this element has been lost.
"Critical
Failure" (25) - The element is non-functional and recovery might not be
possible.
"Major Failure" (20) - The element is failing. It is possible
that some or all of the functionality of this component is degraded or not
working.
"Minor Failure" (15) - All functionality is available but some
might be degraded.
"Degraded/Warning" (10) - The element is in working
order and all functionality is provided. However, the element is not working
to the best of its abilities. For example, the element might not be operating
at optimal performance or it might be reporting recoverable errors.
"OK"
(5) - The element is fully functional and is operating within normal
operational parameters and without error.
"Unknown" (0) - The
implementation cannot report on HealthState at this time.
DMTF has
reserved the unused portion of the continuum for additional HealthStates in
the future.
Qualifiers:
-------------
ValueMap={0, 5, 10,
15, 20, 25, 30, .., 32768..65535}
Values={Unknown, OK, Degraded/Warning,
Minor failure, Major failure, Critical failure, Non-recoverable error, DMTF
Reserved, Vendor Specific}
EnabledState
public uint16 EnabledState
- General Information:
EnabledState is an integer enumeration that
indicates the enabled and disabled states of an element. It can also indicate
the transitions between these requested states. For example, shutting down
(value=4) and starting (value=10) are transient states between enabled and
disabled. The following text briefly summarizes the various enabled and
disabled states:
Enabled (2) indicates that the element is or could be
executing commands, will process any queued commands, and queues new requests.
Disabled (3) indicates that the element will not execute commands and will
drop any new requests.
Shutting Down (4) indicates that the element is in
the process of going to a Disabled state.
Not Applicable (5) indicates the
element does not support being enabled or disabled.
Enabled but Offline
(6) indicates that the element might be completing commands, and will drop any
new requests.
Test (7) indicates that the element is in a test state.
Deferred (8) indicates that the element might be completing commands, but
will queue any new requests.
Quiesce (9) indicates that the element is
enabled but in a restricted mode.
Starting (10) indicates that the element
is in the process of going to an Enabled state. New requests are
queued.
Qualifiers:
-------------
ValueMap={0, 1, 2, 3, 4,
5, 6, 7, 8, 9, 10, 11..32767, 32768..65535}
Values={Unknown, Other,
Enabled, Disabled, Shutting Down, Not Applicable, Enabled but Offline, In
Test, Deferred, Quiesce, Starting, DMTF Reserved, Vendor
Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.OtherEnabledState}
OtherEnabledState
public string OtherEnabledState
- General Information:
A string that describes the enabled or
disabled state of the element when the EnabledState property is set to 1
("Other"). This property must be set to null when EnabledState is any value
other than
1.
Qualifiers:
-------------
ModelCorrespondence={CIM_EnabledLogicalElement.EnabledState}
MaxLen=256
RequestedState
public uint16 RequestedState
- General Information:
RequestedState is an integer enumeration
that indicates the last requested or desired state for the element,
irrespective of the mechanism through which it was requested. The actual state
of the element is represented by EnabledState. This property is provided to
compare the last requested and current enabled or disabled states. Note that
when EnabledState is set to 5 ("Not Applicable"), then this property has no
meaning. Refer to the EnabledState property description for explanations of
the values in the RequestedState enumeration.
"Unknown" (0) indicates the
last requested state for the element is unknown.
Note that the value "No
Change" (5) has been deprecated in lieu of indicating the last requested state
is "Unknown" (0). If the last requested or desired state is unknown,
RequestedState should have the value "Unknown" (0), but may have the value "No
Change" (5).Offline (6) indicates that the element has been requested to
transition to the Enabled but Offline EnabledState.
It should be noted
that there are two new values in RequestedState that build on the statuses of
EnabledState. These are "Reboot" (10) and "Reset" (11). Reboot refers to doing
a "Shut Down" and then moving to an "Enabled" state. Reset indicates that the
element is first "Disabled" and then "Enabled". The distinction between
requesting "Shut Down" and "Disabled" should also be noted. Shut Down requests
an orderly transition to the Disabled state, and might involve removing power,
to completely erase any existing state. The Disabled state requests an
immediate disabling of the element, such that it will not execute or accept
any commands or processing requests.
This property is set as the
result of a method invocation (such as Start or StopService on CIM_Service),
or can be overridden and defined as WRITEable in a subclass. The method
approach is considered superior to a WRITEable property, because it allows an
explicit invocation of the operation and the return of a result code.
If knowledge of the last RequestedState is not supported for the
EnabledLogicalElement, the property shall be NULL or have the value 12 "Not
Applicable".
Qualifiers:
-------------
ValueMap={0, 2, 3,
4, 5, 6, 7, 8, 9, 10, 11, 12, .., 32768..65535}
Values={Unknown, Enabled,
Disabled, Shut Down, No Change, Offline, Test, Deferred, Quiesce, Reboot,
Reset, Not Applicable, DMTF Reserved, Vendor
Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.EnabledState}
EnabledDefault
public uint16 EnabledDefault
- General Information:
An enumerated value indicating an
administrator's default or startup configuration for the Enabled State of an
element. By default, the element is "Enabled"
(value=2).
Qualifiers:
-------------
Write
ValueMap={2,
3, 5, 6, 7, 9, .., 32768..65535}
Values={Enabled, Disabled, Not Applicable,
Enabled but Offline, No Default, Quiesce, DMTF Reserved, Vendor
Reserved}
TimeOfLastStateChange
public datetime TimeOfLastStateChange
- General Information:
The date or time when the EnabledState of
the element last changed. If the state of the element has not changed and this
property is populated, then it must be set to a 0 interval value. If a state
change was requested, but rejected or not yet processed, the property must not
be updated.
StopService
public uint32 StopService()
- Permission Information:
No permissions defined
General
Information:
The StopService method places the Service in the stopped
state. Note that the function of this method overlaps with the RequestedState
property. RequestedState was added to the model to maintain a record (such as
a persisted value) of the last state request. Invoking the StopService method
should set the RequestedState property appropriately. The method returns an
integer value of 0 if the Service was successfully stopped, 1 if the request
is not supported, and any other number to indicate an error. In a subclass,
the set of possible return codes could be specified using a ValueMap qualifier
on the method. The strings to which the ValueMap contents are translated can
also be specified in the subclass as a Values array qualifier.
Note:
The semantics of this method overlap with the RequestStateChange method that
is inherited from EnabledLogicalElement. This method is maintained because it
has been widely implemented, and its simple "stop" semantics are convenient to
use.
StartService
public uint32 StartService()
- Permission Information:
No permissions defined
General
Information:
The StartService method places the Service in the started
state. Note that the function of this method overlaps with the RequestedState
property. RequestedState was added to the model to maintain a record (such as
a persisted value) of the last state request. Invoking the StartService method
should set the RequestedState property appropriately. The method returns an
integer value of 0 if the Service was successfully started, 1 if the request
is not supported, and any other number to indicate an error. In a subclass,
the set of possible return codes could be specified using a ValueMap qualifier
on the method. The strings to which the ValueMap contents are translated can
also be specified in the subclass as a Values array qualifier.
Note:
The semantics of this method overlap with the RequestStateChange method that
is inherited from EnabledLogicalElement. This method is maintained because it
has been widely implemented, and its simple "start" semantics are convenient
to use.
RequestStateChange
public uint32 RequestStateChange([IN]uint16 RequestedState, [OUT]REF CIM_ConcreteJob Job, [IN]datetime TimeoutPeriod)
- Permission Information:
No permissions defined
General
Information:
Requests that the state of the element be changed to the
value specified in the RequestedState parameter. When the requested state
change takes place, the EnabledState and RequestedState of the element will be
the same. Invoking the RequestStateChange method multiple times could result
in earlier requests being overwritten or lost.
A return code of 0 shall
indicate the state change was successfully initiated.
A return code of 3
shall indicate that the state transition cannot complete within the interval
specified by the TimeoutPeriod parameter.
A return code of 4096 (0x1000)
shall indicate the state change was successfully initiated, a ConcreteJob has
been created, and its reference returned in the output parameter Job. Any
other return code indicates an error
condition.
Qualifiers:
-------------
ValueMap={0, 1, 2, 3,
4, 5, 6, .., 4096, 4097, 4098, 4099, 4100..32767,
32768..65535}
Values={Completed with No Error, Not Supported, Unknown or
Unspecified Error, Cannot complete within Timeout Period, Failed, Invalid
Parameter, In Use, DMTF Reserved, Method Parameters Checked - Job Started,
Invalid State Transition, Use of Timeout Parameter Not Supported, Busy, Method
Reserved, Vendor
Specific}
ModelCorrespondence={CIM_EnabledLogicalElement.RequestedState}
Parameters:
--------------
- RequestedState
- General Information:
The state requested for the element. This
information will be placed into the RequestedState property of the instance
if the return code of the RequestStateChange method is 0 ('Completed with No
Error'), or 4096 (0x1000) ('Job Started'). Refer to the description of the
EnabledState and RequestedState properties for the detailed explanations of
the RequestedState
values.
Qualifiers:
-------------
IN
ValueMap={2, 3,
4, 6, 7, 8, 9, 10, 11, .., 32768..65535}
Values={Enabled, Disabled, Shut
Down, Offline, Test, Defer, Quiesce, Reboot, Reset, DMTF Reserved, Vendor
Reserved}
ModelCorrespondence={CIM_EnabledLogicalElement.RequestedState}
- Job
- General Information:
May contain a reference to the
ConcreteJob created to track the state transition initiated by the method
invocation.
Qualifiers:
-------------
IN=false
OUT
- TimeoutPeriod
- General Information:
A timeout period that specifies the
maximum amount of time that the client expects the transition to the new
state to take. The interval format must be used to specify the
TimeoutPeriod. A value of 0 or a null parameter indicates that the client
has no time requirements for the transition.
If this property does not
contain 0 or null and the implementation does not support this parameter, a
return code of 'Use Of Timeout Parameter Not Supported' shall be
returned.
Qualifiers:
-------------
IN
AssignAccess
public uint32 AssignAccess([IN]REF CIM_ManagedElement Subject, [IN]boolean PrivilegeGranted, [IN]uint16 Activities[], [IN]string ActivityQualifiers[], [IN]uint16 QualifierFormats[], [IN]REF CIM_ManagedElement Target, [IN][OUT]REF CIM_AuthorizedPrivilege Privilege)
- Permission Information:
No permissions defined
General
Information:
When this method is called, a provider updates the
specified Subject's rights to the Target according to the parameters of this
call. The rights are modeled via an AuthorizedPrivilege instance. If an
AuthorizedPrivilege instance is created as a result of this call, it MUST be
linked to the Subject and Target via the AuthorizedSubject and
AuthorizedTarget associations, respectively. When created, the
AuthorizedPrivilege instance is associated to this PrivilegeManagementService
via ConcreteDependency. If the execution of this call results in no rights
between the Subject and Target, then they MUST NOT be linked to a particular
AuthorizedPrivilege instance via AuthorizedSubject and AuthorizedTarget
respectively.
Note that regardless of whether specified via parameter,
or template, the Activities, ActivityQualifiers and QualifierFormats, are
mutually indexed. Also note that Subject and Target references MUST be
supplied.
The successful completion of the method SHALL create any
necessary AuthorizedSubject, AuthorizedTarget, AuthorizedPrivilege,
HostedDependency, and ConcreteDependency
instances.
Qualifiers:
-------------
ValueMap={0, 1, 2, 3,
4, 5, 6..15999, 16000, 16001, 16002, 16003, 16004, 16005..31999,
32000..65535}
Values={Success, Not Supported, Unspecified Error, Timeout,
Failed, Invalid Parameter, DMTF Reserved, Unsupported Subject, Unsupported
Privilege, Unsupported Target, Authorization Error, NULL not supported, Method
Reserved, Vendor Specific}
Parameters:
--------------
- Subject
- General Information:
The Subject parameter is a reference to a
ManagedElement instance. This parameter MUST be
supplied.
Qualifiers:
-------------
Required
IN
- PrivilegeGranted
- General Information:
MUST be NULL unless Privilege is NULL on
input. The PrivilegeGranted flag indicates whether the rights defined by the
parameters in this call should be granted or denied to the named
Subject/Target
pair.
Qualifiers:
-------------
IN
ModelCorrespondence={CIM_AuthorizedPrivilege.PrivilegeGranted,
CIM_PrivilegeManagementService.AssignAccess.Privilege}
- Activities
- General Information:
MUST be NULL unless the Privilege is NULL
on input. This parameter specifies the activities to be granted or
denied.
Qualifiers:
-------------
IN
ValueMap={1, 2,
3, 4, 5, 6, 7, .., 16000..65535}
Values={Other, Create, Delete, Detect,
Read, Write, Execute, DMTF Reserved, Vendor
Reserved}
ArrayType=Indexed
ModelCorrespondence={CIM_AuthorizedPrivilege.Activities,
CIM_PrivilegeManagementService.AssignAccess.Privilege}
- ActivityQualifiers
- General Information:
MUST be NULL unless Privilege is NULL on
input. This parameter defines the activity qualifiers for the Activities to
be granted or
denied.
Qualifiers:
-------------
IN
ArrayType=Indexed
ModelCorrespondence={CIM_AuthorizedPrivilege.ActivityQualifers,
CIM_PrivilegeManagementService.AssignAccess.Privilege}
- QualifierFormats
- General Information:
MUST be NULL unless Privilege is NULL on
input. This parameter defines the qualifier formats for the corresponding
ActivityQualifiers.
Qualifiers:
-------------
IN
ValueMap={2,
3, 4, 5, 6, 7, 8, 9, 10..15999, 16000..65535}
Values={Class Name,
<Class.>Property, <Class.>Method, Object Reference, Namespace,
URL, Directory/File Name, Command Line Instruction, DMTF Reserved, Vendor
Reserved}
ArrayType=Indexed
ModelCorrespondence={CIM_AuthorizedPrivilege.QualifierFormats,
CIM_PrivilegeManagementService.AssignAccess.Privilege}
- Target
- General Information:
The Target parameter is a reference to an
instance of ManagedElement. This parameter MUST be
supplied.
Qualifiers:
-------------
Required
IN
- Privilege
- General Information:
On input, this reference MUST be either
NULL or refer to an instance of AuthorizedPrivilege that is used as a
template. The rights granted by corresponding entries in the Activities,
ActivityQualifiers and QualifierFormats array properties are applied
incrementally and do not affect unnamed rights. If the property,
PrivilegeGranted, is false, then the named rights are removed. If
PrivilegeGranted is True, then the named rights are added. (Note that the
RemoveAccess method SHOULD be used to completely remove all privileges
between a subject and a target. On output, this property references an
AuthorizedPrivilege instance that represents the resulting rights between
the named Subject and the named Target. AuthorizedPrivilege instances used
as a templates in this property SHOULD have a HostedDependency association
to the PriviligeManagementService and SHOULD NOT have any AuthorizedTarget
or AuthorizedSubject associations to
it.
Qualifiers:
-------------
IN
OUT
RemoveAccess
public uint32 RemoveAccess([IN]REF CIM_ManagedElement Subject, [IN]REF CIM_AuthorizedPrivilege Privilege, [IN]REF CIM_ManagedElement Target)
- Permission Information:
No permissions defined
General
Information:
This method revokes a specific AuthorizedPrivilege or all
privileges for a particular target, subject, or subject/target pair. If an
AuthorizedPrivilege instance is left with no AuthorizedTarget associations, it
SHOULD be deleted. The successful completion of the method SHALL remove the
directly or indirectly requested AuthorizedSubject, AuthorizedTarget and
AuthorizedPrivilege
instances.
Qualifiers:
-------------
ValueMap={0, 1, 2, 3,
4, 5, 6..15999, 16000, 16001, 16002, 16003, 16004..32767,
32768..65535}
Values={Success, Not Supported, Unspecified Error, Timeout,
Failed, Invalid Parameter, DMTF Reserved, Unsupported Privilege, Unsupported
Target, Authorization Error, Null parameter not supported, Method Reserved,
Vendor Specific}
Parameters:
--------------
- Subject
- General Information:
The Subject parameter is a reference to a
ManagedElement instance (associated via AuthorizedSubject) for which
privileges are to be
revoked.
Qualifiers:
-------------
IN
- Privilege
- General Information:
A reference to the AuthorizedPrivilege to
be revoked.
Qualifiers:
-------------
IN
- Target
- General Information:
The Target parameter is a reference to a
ManagedElement (associated via AuthorizedTarget) which will no longer be
protected via the
AuthorizedPrivilege.
Qualifiers:
-------------
IN
ShowAccess
public uint32 ShowAccess([IN]REF CIM_ManagedElement Subject, [IN]REF CIM_ManagedElement Target, [OUT]REF CIM_ManagedElement OutSubjects[], [OUT]REF CIM_ManagedElement OutTargets[], [OUT]string Privileges[])
- Permission Information:
No permissions defined
General
Information:
ShowAccess reports the Privileges (i.e., rights) granted
to a particular Subject and/or Target pair. Either a Subject, a Target or both
MUST be specified. In the case where only one is specified, the method will
return all rights to all Targets for the specified Subject, or all rights for
all subjects which apply to the specified Target.
ShowAccess returns
the cumulative rights granted between the OutSubjects and OutTargets at the
same array index (filtered to return the information that the requestor is
authorized to view). If a specific array entry is NULL, then there exist NO
rights that the requestor is authorized to view between the Subject/Target
pair.
Note that the Privileges returned by this method MAY NOT
correspond to what is actually instantiated in the model, and MAY be optimized
for ease of reporting. Hence, the data is passed 'by value', as embedded
objects. Also, note that multiple Privileges MAY be defined for a given
Subject/Target pair.
Other mechanisms MAY also be used to retrieve
this information. CIM Operations' EnumerateInstances MAY be used to return all
Privileges currently instantiated within a namespace. Also, if the
AuthorizedPrivilege subclass is instantiated, the CIM Operation Associators
MAY be used to navigate from the Privilege to AuthorizedSubjects and
AuthorizedTargets. These CIM Operations will not generally provide the
functionality or optimizations available with
ShowAccess.
Qualifiers:
-------------
ValueMap={0, 1, 2,
3, 4, 5, .., 16000, 16002, 16003, 16004, 16005..31999,
32000..65535}
Values={Success, Not Supported, Unknown, Timeout, Failed,
Invalid Parameter, DMTF Reserved, Unsupported Subject, Unsupported Target,
Authorization Error, NULL not supported, Method Reserved, Vendor
Specific}
Parameters:
--------------
- Subject
- General Information:
The Subject parameter references an
instance of ManagedElement. The result of this operation is that the
cumulative rights of the Subject to access or define authorization rights
for the Target will be reported. If no Subject is specified, then a Target
MUST be supplied and ALL Subjects that have rights to access or define
authorizations for the Target will be reported. (It should be noted that the
information reported MUST be filtered by the rights of the requestor to view
that data.) If the Subject element is a Collection, then the operation will
specifically report the Privileges for all elements associated to the
Collection via MemberOfCollection. These elements will be reported
individually in the returned OutSubjects
array.
Qualifiers:
-------------
IN
ModelCorrespondence={CIM_PrivilegeManagementService.ShowAccess.Target}
- Target
- General Information:
The Target parameter references an
instance of ManagedElement. The result of this operation is that the
cumulative rights of the Subject to access or define authorization rights
for the Target will be reported. If no Target is specified, then a Subject
MUST be supplied and ALL Targets for which that the Subject has rights to
access or define authorization will be reported. (It should be noted that
the information reported MUST be filtered by the rights of the requestor to
view that data.) If the Target element is a Collection, then the operation
will be applied to all elements associated to the Collection via
MemberOfCollection. These elements will be reported individually in the
returned OutTargets
array.
Qualifiers:
-------------
IN
ModelCorrespondence={CIM_PrivilegeManagementService.ShowAccess.Subject}
- OutSubjects
- General Information:
The array of Subject REFs corresponding
to the individual Privileges and OutTargets arrays. The resulting
OutSubjects, Privileges and OutTargets arrays define the cumulative rights
granted between the Subject/Target at the corresponding index (filtered to
return the information that the requestor is authorized to
view).
Qualifiers:
-------------
IN=false
OUT
ArrayType=Indexed
ModelCorrespondence={CIM_PrivilegeManagementService.ShowAccess.Subject,
CIM_PrivilegeManagementService.ShowAccess.Privileges,
CIM_PrivilegeManagementService.ShowAccess.OutTargets}
- OutTargets
- General Information:
The array of Target REFs corresponding to
the individual Privileges and OutSubjects arrays. The resulting OutSubjects,
Privileges and OutTargets arrays define the cumulative rights granted
between the Subject/Target at the corresponding index (filtered to return
the information that the requestor is authorized to
view).
Qualifiers:
-------------
IN=false
OUT
ArrayType=Indexed
ModelCorrespondence={CIM_PrivilegeManagementService.ShowAccess.Target,
CIM_PrivilegeManagementService.ShowAccess.Privileges,
CIM_PrivilegeManagementService.ShowAccess.OutSubjects}
- Privileges
- General Information:
The returned Privilege objects represent
the cumulative rights granted between the OutSubjects and OutTargets at the
same array index (filtered to return the information that the requestor is
authorized to view). If a specific array entry is NULL, then there exist NO
rights that the requestor is authorized to view between the Subject/Target
pair.
Qualifiers:
-------------
IN=false
OUT
EmbeddedObject
ArrayType=Indexed
ModelCorrespondence={CIM_PrivilegeManagementService.ShowAccess.OutTargets,
CIM_PrivilegeManagementService.ShowAccess.OutSubjects}
Create
public Create([IN]CIM_PrivilegeManagementService Instance, [OUT] REF CIM_PrivilegeManagementService ResourceCreated)
- Permission Information:
No permissions defined
General
Information:
Creates a new instance of this class
Product
Specific Usage:
The following properties must be included in any
representation of CIM_PrivilegeManagementService:
Name
CreationClassName
SystemName
SystemCreationClassName
Put
public Put([IN]CIM_PrivilegeManagementService Instance)
- Permission Information:
No permissions defined
General
Information:
Changes properties of the selected
instance
Product Specific Usage:
The following properties
must be included in any representation of CIM_PrivilegeManagementService:
Name
CreationClassName
SystemName
SystemCreationClassName
Get
public Get([OUT]CIM_PrivilegeManagementService Instance)
- Permission Information:
No permissions defined
General
Information:
Gets the representation of the instance
Delete
public Delete()
- Permission Information:
No permissions defined
General
Information:
Deletes an instance
Pull
public Pull([IN]String EnumerationContext, [IN]String MaxElements)
- Permission Information:
All users permitted to use method, only
instances to whom the user has permissions will be returned
General
Information:
Pulls instances of this class, following an Enumerate
operation
Enumerate
public Enumerate()
- Permission Information:
All users permitted to use
method
General Information:
Enumerates the instances of this
class
Release
public Release([IN]String EnumerationContext)
- Permission Information:
All users permitted to use
method
General Information:
Releases an enumeration
context
Subscribe
public Subscribe()
- Permission Information:
No permissions defined
General
Information:
Subscribes to this resource (WS-Eventing)
Unsubscribe
public Unsubscribe()
- Permission Information:
No permissions defined
General
Information:
Remove subscription to this resource
(WS-Eventing)