Class CIM_PrivilegeManagementService


CIM_ManagedElement
\_CIM_ManagedSystemElement
  \_CIM_LogicalElement
    \_CIM_EnabledLogicalElement
      \_CIM_Service
        \_CIM_SecurityService
          \_CIM_AuthorizationService


Description

The PrivilegeManagementService is responsible for creating, deleting, and associating AuthorizedPrivilege instances. References to'subject'and'target'define the entities that are associated with an AuthorizedPrivilege instance via the relationships, AuthorizedSubject and AuthorizedTarget, respectively. When created, an AuthorizedPrivilege instance is related to this (PrivilegeManagement)Service via the association, ConcreteDependency.

Subclasses

IBMTSSVC_PrivilegeManagementService

Referenced By


Properties

IdTypeRangeDescription
Key
CreationClassName string
Max Length256
CreationClassName indicates the name of the class or the subclass that is used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified.
Name string
Max Length256
The Name property uniquely identifies the Service and provides an indication of the functionality that is managed. This functionality is described in more detail in the Description property of the object.
SystemCreationClassName string
Max Length256
The CreationClassName of the scoping System.
SystemName string
Max Length256
The Name of the scoping System.
Read Only
Read Write
 
Inherited from class CIM_ManagedElement
Caption, Description, ElementName
 
Inherited from class CIM_ManagedSystemElement
HealthState, InstallDate, Name, OperationalStatus, Status, StatusDescriptions
 
Inherited from class CIM_EnabledLogicalElement
EnabledState, OtherEnabledState, RequestedState, TimeOfLastStateChange, EnabledDefault
 
Inherited from class CIM_Service
Started, StartMode, PrimaryOwnerContact, PrimaryOwnerName
 

Method Summary

NameDescription
AssignAccessWhen this method is called, a provider updates the specified Subject's rights to the Target according to the parameters of this call.
RemoveAccessThis method revokes a specific AuthorizedPrivilege or all privileges for a particular target, subject, or subject/target pair.
 
Inherited from class CIM_EnabledLogicalElement
RequestStateChange
 
Inherited from class CIM_Service
StartService, StopService
 

Method Detail


AssignAccess

Description

When this method is called, a provider updates the specified Subject's rights to the Target according to the parameters of this call. The rights are modeled via an AuthorizedPrivilege instance. If an AuthorizedPrivilege instance is created as a result of this call, it MUST be linked to the Subject and Target via the AuthorizedSubject and AuthorizedTarget associations, respectively. When created, the AuthorizedPrivilege instance is associated to this PrivilegeManagementService via ConcreteDependency. If the execution of this call results in no rights between the Subject and Target, then they MUST NOT be linked to a particular AuthorizedPrivilege instance via AuthorizedSubject and AuthorizedTarget respectively.Note that regardless of whether specified via parameter, or template, the Activities, ActivityQualifiers and QualifierFormats, are mutually indexed. Also note that Subject and Target references MUST be supplied.The successful completion of the method SHALL create any necessary AuthorizedSubject, AuthorizedTarget, AuthorizedPrivilege, HostedDependency, and ConcreteDependency instances.

Parameters

IdTypeRangeDescription
In
Subject CIM_ManagedElement
The Subject parameter is a reference to a ManagedElement instance. This parameter MUST be supplied.
PrivilegeGranted boolean
MUST be NULL unless Privilege is NULL on input. The PrivilegeGranted flag indicates whether the rights defined by the parameters in this call should be granted or denied to the named Subject/Target pair.
Activities uint16
MUST be NULL unless the Privilege is NULL on input. This parameter specifies the activities to be granted or denied.
ActivityQualifiers string
MUST be NULL unless Privilege is NULL on input. This parameter defines the activity qualifiers for the Activities to be granted or denied.
QualifierFormats uint16
MUST be NULL unless Privilege is NULL on input. This parameter defines the qualifier formats for the corresponding ActivityQualifiers.
Target CIM_ManagedElement
The Target parameter is a reference to an instance of ManagedElement. This parameter MUST be supplied.
Privilege CIM_AuthorizedPrivilege
On input, this reference MUST be either NULL or refer to an instance of AuthorizedPrivilege that is used as a template. The rights granted by corresponding entries in the Activities, ActivityQualifiers and QualifierFormats array properties are appliedincrementally and do not affect unnamed rights. If the property, PrivilegeGranted, is false, then the named rights are removed. If PrivilegeGranted is True, then the named rights are added. (Note that the RemoveAccess method SHOULD be used to completely remove all privileges between a subject and a target. On output, this property references an AuthorizedPrivilege instance that represents the resulting rights between the named Subject and the named Target. AuthorizedPrivilege instances used as a templates in this property SHOULD have a HostedDependency association to the PriviligeManagementService and SHOULD NOT have any AuthorizedTarget or AuthorizedSubject associations to it.
out
Privilege CIM_AuthorizedPrivilege
On input, this reference MUST be either NULL or refer to an instance of AuthorizedPrivilege that is used as a template. The rights granted by corresponding entries in the Activities, ActivityQualifiers and QualifierFormats array properties are appliedincrementally and do not affect unnamed rights. If the property, PrivilegeGranted, is false, then the named rights are removed. If PrivilegeGranted is True, then the named rights are added. (Note that the RemoveAccess method SHOULD be used to completely remove all privileges between a subject and a target. On output, this property references an AuthorizedPrivilege instance that represents the resulting rights between the named Subject and the named Target. AuthorizedPrivilege instances used as a templates in this property SHOULD have a HostedDependency association to the PriviligeManagementService and SHOULD NOT have any AuthorizedTarget or AuthorizedSubject associations to it.
Return Codes
none

RemoveAccess

Description

This method revokes a specific AuthorizedPrivilege or all privileges for a particular target, subject, or subject/target pair. If an AuthorizedPrivilege instance is left with no AuthorizedTarget associations, it SHOULD be deleted. The successful completion of the method SHALL remove the directly or indirectly requested AuthorizedSubject, AuthorizedTarget and AuthorizedPrivilege instances.

Parameters

IdTypeRangeDescription
In
Subject CIM_ManagedElement
The Subject parameter is a reference to a ManagedElement instance (associated via AuthorizedSubject) for which privileges are to be revoked.
Privilege CIM_AuthorizedPrivilege
A reference to the AuthorizedPrivilege to be revoked.
Target CIM_ManagedElement
The Target parameter is a reference to a ManagedElement (associated via AuthorizedTarget) which will no longer be protected via the AuthorizedPrivilege.
out
none
Return Codes
none