Intel AMT Features > Storage Administration and Operations > Use Cases > Storage: Add a Permissions Group to a Block, and Add Applications or Filters to it
CollapseAll image

Storage: Add a Permissions Group to a Block, and Add Applications or Filters to it

Permissions groups specify permission for access to a block (read-only or read-write) and a list of application handles to which the permission applies. First the group is created, and then application handles are added to it. One of the handles can instead be one of the special filters described in Storage Concepts and Objects.

1.  Register the application, as described in the Storage: Register Application, Perform Task, Unregister Application flow. You should have the session handle and application handle available.

2.  Retrieve the block handle for the block of interest, as described in the Storage: Get the Block Handles for an Application flow.

3.  Create a permissions group by invoking AMT_ThirdPartyDataStorageService.AddPermissionsGroup with the following input parameters:

Parameter

Description/Value

SessionHandle

The session handle.

BlockHandle

The handle of the block.

GroupPermissions

The permissions to apply to this group. A value of 1 means read-only. A value of 2 means read-write.

GroupName

The permissions group name as a string. 16 characters maximum.

 

The permissions group handle is returned as an output parameter.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

$thirdPartyDataStorageServiceRef =$wsmanConnectionObject.NewReference("SELECT * FROM AMT_ThirdPartyDataStorageService WHERE Name='Intel(r) AMT Third Party Data Storage Service'")

$inputObject =$thirdPartyDataStorageServiceRef.CreateMethodInput("AddPermissionsGroup")

# $sessionHandle is the session handle returned by 'RegisterApplication' method.

$inputObject.SetProperty("SessionHandle",$sessionHandle.ToString())

# $blockHandle is the block handle returned by 'Create a block for the registered application' use case.

$inputObject.SetProperty("BlockHandle",$blockHandle.ToString())

$inputObject.SetProperty("GroupPermissions","2")

$inputObject.SetProperty("GroupName","MyGroup")

$outputObject =$thirdPartyDataStorageServiceRef.InvokeMethod($inputObject)

$returnValue =$outputObject.GetProperty("ReturnValue")

if($returnValue -like "0")

{

    $groupHandle =$outputObject.GetProperty("GroupHandle")

}

 

 

4.  Add application handles and/or filters to the permissions group by invoking AMT_ThirdPartyDataStorage.AddPermissionsGroupMembers with the following input parameters:

Parameter

Description/Value

SessionHandle

The session handle.

BlockHandle

The handle of the block.

GroupHandle

The permissions group handle.

MemberHandles

An array of application handles. One entry in the array can be one of the special filter values ISVS_APPLICATION_NAME_FILTER (0xFFFFFFF0) or ISVS_VENDOR_NAME_FILTER (0xFFFFFFF1):

     0xFFFFFFF0 – All applications with the same VendorName, ApplicationName and EnterpriseName as the BlockOwner application.

     0xFFFFFFF1 – All applications with the same VendorName and EnterpriseName as the BlockOwner application.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

$thirdPartyDataStorageServiceRef =$wsmanConnectionObject.NewReference("SELECT * FROM AMT_ThirdPartyDataStorageService WHERE Name='Intel(r) AMT Third Party Data Storage Service'")

$inputObject =$thirdPartyDataStorageServiceRef.CreateMethodInput("AddPermissionsGroupMembers")

# $sessionHandle is the session handle returned by 'RegisterApplication' method.

$inputObject.SetProperty("SessionHandle",$sessionHandle.ToString())

# $blockHandle is the block handle returned by 'Create a block for the registered application' use case.

$inputObject.SetProperty("BlockHandle",$blockHandle.ToString())

# $groupHandle is the group handle returned by 'AddPermissionsGroup' method.

$inputObject.SetProperty("GroupHandle",$groupHandle.ToString())

# $applicationHandle is the application handle returned by 'GetCurrentApplicationHandle' method.

$inputObject.SetProperty("MemberHandles",$applicationHandle.ToString())

$outputObject =$thirdPartyDataStorageServiceRef.InvokeMethod($inputObject)

$returnValue =$outputObject.GetProperty("ReturnValue")

 

 

5.  Unregister the application when done. See Storage: Register Application, Perform Task, Unregister Application.

Additional Information

Intel AMT allows you to provide the handle of any registered application in the array of application handles.  However, only applications with the same vendor name will be able to access the block. An application with a different vendor name, even though it is listed in the permissions group, will not be able to access the block, since it cannot retrieve the handles for applications with different vendor names.

Instance Diagram

Not applicable

Classes Used in This Flow

SDK Sample

If there is a sample demonstrating this flow, it is included in the SDK installation file. See SDK Installation Layout for details.

 

See Also:

   Storage Concepts and Objects

   Application Development Guidelines

   Examples of Using the Storage Feature

Copyright © 2006-2022, Intel Corporation. All rights reserved.