CIM211 Class Declaration
CIM_AuthorizedPrivilege

Table of Contents:
Class Hierarchy
Class Attributes
Class Qualifiers
Properties
Methods
Associations in which the class can participate
Sub Profiling Summary

Class Hierarchy

CIM_AuthorizedPrivilege --> CIM_Privilege --> CIM_ManagedElement --> [top]

Class Attributes

Class Declaration Attributes
NameValue
SUPERCLASSCIM_Privilege
NAMECIM_AuthorizedPrivilege

Class Qualifiers

Class CIM_AuthorizedPrivilege Qualifiers
NameTypeValueFrom Class
Versionstring2.8.0 CIM_AuthorizedPrivilege
DescriptionstringPrivilege is the base class for all types of activities which are granted or denied to a Role or an Identity. AuthorizedPrivilege is a subclass defining static renderings of authorization policy rules. The association of Roles and Identities to AuthorizedPrivilege is accomplished using the AuthorizedSubject relationship. The entities that are protected are defined using the AuthorizedTarget relationship. Note that this class and its AuthorizedSubject/Target associations provide a short-hand, static mechanism to represent authorization policies. CIM_AuthorizedPrivilege
DescriptionstringPrivilege is the base class for all types of activities which are granted or denied by a Role or an Identity. Whether an individual Privilege is granted or denied is defined using the PrivilegeGranted boolean. Any Privileges not specifically granted are assumed to be denied. An explicit deny (Privilege Granted = FALSE) takes precedence over any granted Privileges. The association of subjects (Roles and Identities) to Privileges is accomplished using policy or explicitly via the associations on a subclass. The entities that are protected (targets) can be similarly defined. Note that Privileges may be inherited through hierarchical Roles, or may overlap. For example, a Privilege denying any instance Writes in a particular CIM Server Namespace would overlap with a Privilege defining specific access rights at an instance level within that Namespace. In this example, the AuthorizedSubjects are either Identities or Roles, and the AuthorizedTargets are a Namespace in the former case, and a particular instance in the latter. CIM_Privilege
DescriptionstringManagedElement is an abstract class that provides a common superclass (or top of the inheritance tree) for the non-association classes in the CIM Schema. CIM_ManagedElement

Properties

Properties
NameTypeValueQualifiersClassOrigin
InstanceIDstring Key
Description
CIM_Privilege
PrivilegeGrantedbooleantrue Description CIM_Privilege
Activitiesuint16[] Description
ValueMap
Values
ArrayType
ModelCorrespondence
CIM_Privilege
ActivityQualifiersstring[] Description
ArrayType
ModelCorrespondence
CIM_Privilege
QualifierFormatsuint16[] Description
ValueMap
Values
ArrayType
ModelCorrespondence
CIM_Privilege
RepresentsAuthorizationRightsbooleanfalse Experimental
Description
CIM_Privilege
Captionstring Description
MaxLen
CIM_ManagedElement
Descriptionstring Description CIM_ManagedElement
ElementNamestring Description CIM_ManagedElement

Property Qualifiers

Property InstanceID Qualifiers
NameTypeValueFrom Class
Keybooleantrue CIM_Privilege
DescriptionstringWithin the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. In order to ensure uniqueness within the NameSpace, the value of InstanceID SHOULD be constructed using the following ’ preferred ’ algorithm: < OrgID > : < LocalID > Where < OrgID > and < LocalID > are separated by a colon ’ : ’ , and where < OrgID > MUST include a copyrighted, trademarked or otherwise unique name that is owned by the business entity creating/defining the InstanceID, or is a registered ID that is assigned to the business entity by a recognized global authority. (This is similar to the < Schema Name > _ < Class Name > structure of Schema class names.) In addition, to ensure uniqueness < OrgID > MUST NOT contain a colon ( ’ : ’ ). When using this algorithm, the first colon to appear in InstanceID MUST appear between < OrgID > and < LocalID > . < LocalID > is chosen by the business entity and SHOULD not be re-used to identify different underlying (real-world) elements. If the above ’ preferred ’ algorithm is not used, the defining entity MUST assure that the resultant InstanceID is not re-used across any InstanceIDs produced by this or other providers for this instance ’ s NameSpace. For DMTF defined instances, the ’ preferred ’ algorithm MUST be used with the < OrgID > set to ’ CIM ’ . CIM_Privilege

Property PrivilegeGranted Qualifiers
NameTypeValueFrom Class
DescriptionstringBoolean indicating whether the Privilege is granted (TRUE) or denied (FALSE). The default is to grant permission. CIM_Privilege

Property Activities Qualifiers
NameTypeValueFrom Class
DescriptionstringAn enumeration indicating the activities that are granted or denied. These activities apply to all entities specified in the ActivityQualifiers array. The values in the enumeration are straightforward except for one, 4= " Detect " . This value indicates that the existence or presence of an entity may be determined, but not necessarily specific data (which requires the Read privilege to be true). This activity is exemplified by ’ hidden files ’ - if you list the contents of a directory, you will not see hidden files. However, if you know a specific file name, or know how to expose hidden files, then they can be ’ detected ’ . Another example is the ability to define search privileges in directory implementations. CIM_Privilege
ValueMapstring
[See below.]
CIM_Privilege
ValuesstringOther
Create
Delete
Detect
Read
Write
Execute
DMTF Reserved
Vendor Reserved
CIM_Privilege
ArrayTypestringIndexed CIM_Privilege
ModelCorrespondencestringCIM_Privilege.ActivityQualifiers CIM_Privilege

NameValue
1Other
2Create
3Delete
4Detect
5Read
6Write
7Execute
..DMTF Reserved
16000..Vendor Reserved
Property ActivityQualifiers Qualifiers
NameTypeValueFrom Class
DescriptionstringThe ActivityQualifiers property is an array of string values used to further qualify and specify the privileges granted or denied. For example, it is used to specify a set of files for which ’ Read ’ / ’ Write ’ access is permitted or denied. Or, it defines a class ’ methods that may be ’ Executed ’ . Details on the semantics of the individual entries in ActivityQualifiers are provided by corresponding entries in the QualifierFormats array. CIM_Privilege
ArrayTypestringIndexed CIM_Privilege
ModelCorrespondencestringCIM_Privilege.Activities
CIM_Privilege.QualifierFormats
CIM_Privilege

Property QualifierFormats Qualifiers
NameTypeValueFrom Class
DescriptionstringDefines the semantics of corresponding entries in the ActivityQualifiers array. An example of each of these ’ formats ’ and their use follows: - 2=Class Name. Example: If the authorization target is a CIM Service or a Namespace, then the ActivityQualifiers entries can define a list of classes that the authorized subject is able to create or delete. - 3= < Class. > Property. Example: If the authorization target is a CIM Service, Namespace or Collection of instances, then the ActivityQualifiers entries can define the class properties that may or may not be accessed. In this case, the class names are specified with the property names to avoid ambiguity - since a CIM Service, Namespace or Collection could manage multiple classes. On the other hand, if the authorization target is an individual instance, then there is no possible ambiguity and the class name may be omitted. To specify ALL properties, the wildcard string " * " should be used. - 4= < Class. > Method. This example is very similar to the Property one, above. And, as above, the string " * " may be specified to select ALL methods. - 5=Object Reference. Example: If the authorization target is a CIM Service or Namespace, then the ActivityQualifiers entries can define a list of object references (as strings) that the authorized subject can access. - 6=Namespace. Example: If the authorization target is a CIM Service, then the ActivityQualifiers entries can define a list of Namespaces that the authorized subject is able to access. - 7=URL. Example: An authorization target may not be defined, but a Privilege could be used to deny access to specific URLs by individual Identities or for specific Roles, such as the ’ under 17 ’ Role. - 8=Directory/File Name. Example: If the authorization target is a FileSystem, then the ActivityQualifiers entries can define a list of directories and files whose access is protected. - 9=Command Line Instruction. Example: If the authorization target is a ComputerSystem or Service, then the ActivityQualifiers entries can define a list of command line instructions that may or may not be ’ Executed ’ by the authorized subjects. - 10=SCSI Command, using a format of ’ CDB=xx[,Page=pp] ’ . For example, the ability to select the VPD page of the Inquiry command is encoded as ’ CDB=12,Page=83 ’ in the corresponding ActivityQualifiers entry. A ’ * ’ may be used to indicate all CDBs or Page numbers. - 11=Packets. Example: The transmission of packets is permitted or denied by the Privilege for the target (a ComputerSystem, ProtocolEndpoint, Pipe, or other ManagedSystemElement). CIM_Privilege
ValueMapstring
[See below.]
CIM_Privilege
ValuesstringClass Name
< Class. > Property
< Class. > Method
Object Reference
Namespace
URL
Directory/File Name
Command Line Instruction
SCSI Command
Packets
DMTF Reserved
Vendor Reserved
CIM_Privilege
ArrayTypestringIndexed CIM_Privilege
ModelCorrespondencestringCIM_Privilege.ActivityQualifiers CIM_Privilege

NameValue
2Class Name
3<
4<
5Object Reference
6Namespace
7URL
8Directory/File Name
9Command Line Instruction
10SCSI Command
11Packets
..DMTF Reserved
16000..Vendor Reserved
Property RepresentsAuthorizationRights Qualifiers
NameTypeValueFrom Class
DescriptionstringThe RepresentsAuthorizationRights flag indicates whether the rights defined by this instance should be interpreted as rights of Subjects to access Targets or as rights of Subjects to change those rights on/for Targets. CIM_Privilege

Property Caption Qualifiers
NameTypeValueFrom Class
DescriptionstringThe Caption property is a short textual description (one- line string) of the object. CIM_ManagedElement
MaxLenuint3264 CIM_ManagedElement

Property Description Qualifiers
NameTypeValueFrom Class
DescriptionstringThe Description property provides a textual description of the object. CIM_ManagedElement

Property ElementName Qualifiers
NameTypeValueFrom Class
DescriptionstringA user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information. Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties. CIM_ManagedElement

Methods

Method Qualifiers

Parameters

Parameter Qualifiers

Associations this class can participate in

Association
Class
Reference
Class
Role
CIM_AuthorizedSubjectCIM_AuthorizedPrivilegePrivilege
CIM_AuthorizedTargetCIM_AuthorizedPrivilegePrivilege
CIM_AuthorizationRuleAppliesToPrivilegeCIM_PrivilegeManagedElement
CIM_ComponentCIM_ManagedElementGroupComponent
CIM_ComponentCIM_ManagedElementPartComponent
CIM_ConcreteComponentCIM_ManagedElementGroupComponent
CIM_ConcreteComponentCIM_ManagedElementPartComponent
CIM_CredentialContextCIM_ManagedElementElementProvidingContext
CIM_DefaultElementCapabilitiesCIM_ManagedElementManagedElement
CIM_DependencyCIM_ManagedElementAntecedent
CIM_DependencyCIM_ManagedElementDependent
CIM_HostedDependencyCIM_ManagedElementAntecedent
CIM_HostedDependencyCIM_ManagedElementDependent
CIM_ScopedSettingCIM_ManagedElementAntecedent
CIM_MetricDefForMECIM_ManagedElementAntecedent
CIM_MetricForMECIM_ManagedElementAntecedent
CIM_RelatedElementCausingErrorCIM_ManagedElementDependent
CIM_RelatedElementCausingErrorCIM_ManagedElementAntecedent
CIM_SparedCIM_ManagedElementAntecedent
CIM_SparedCIM_ManagedElementDependent
CIM_ConcreteDependencyCIM_ManagedElementAntecedent
CIM_ConcreteDependencyCIM_ManagedElementDependent
CIM_ElementAsUserCIM_ManagedElementAntecedent
CIM_RecordAppliesToElementCIM_ManagedElementDependent
CIM_AuthenticationTargetCIM_ManagedElementDependent
CIM_AuthorizationSubjectCIM_ManagedElementDependent
CIM_AuthorizationTargetCIM_ManagedElementDependent
CIM_ElementSoftwareIdentityCIM_ManagedElementDependent
CIM_IsSpareCIM_ManagedElementAntecedent
CIM_ProvidesServiceToElementCIM_ManagedElementDependent
CIM_ElementCapabilitiesCIM_ManagedElementManagedElement
CIM_IdentityContextCIM_ManagedElementElementProvidingContext
CIM_LogicalIdentityCIM_ManagedElementSystemElement
CIM_LogicalIdentityCIM_ManagedElementSameElement
CIM_ConcreteIdentityCIM_ManagedElementSystemElement
CIM_ConcreteIdentityCIM_ManagedElementSameElement
CIM_SWRManageableAspectCIM_ManagedElementSystemElement
CIM_MemberOfCollectionCIM_ManagedElementMember
CIM_MemberPrincipalCIM_ManagedElementMember
CIM_ElementInPolicyRoleCollectionCIM_ManagedElementMember
CIM_OwningCollectionElementCIM_ManagedElementOwningElement
CIM_ParametersForMethodCIM_ManagedElementTheMethod
CIM_ParameterValueSourcesCIM_ManagedElementValueSource
CIM_PolicySetAppliesToElementCIM_ManagedElementManagedElement
CIM_AuthorizationRuleAppliesToTargetCIM_ManagedElementManagedElement
CIM_RoleLimitedToTargetCIM_ManagedElementTargetElement
CIM_StatisticsCIM_ManagedElementElement
CIM_SynchronizedCIM_ManagedElementSystemElement
CIM_SynchronizedCIM_ManagedElementSyncedElement
CIM_StorageSynchronizedCIM_ManagedElementSystemElement
CIM_StorageSynchronizedCIM_ManagedElementSyncedElement
CIM_AssignedIdentityCIM_ManagedElementManagedElement
CIM_AuthorizedSubjectCIM_ManagedElementPrivilegedElement
CIM_AuthorizedTargetCIM_ManagedElementTargetElement
CIM_ElementConformsToProfileCIM_ManagedElementManagedElement
CIM_ElementLocationCIM_ManagedElementElement
CIM_ElementProfileCIM_ManagedElementManagedElement
CIM_ElementSecuritySensitivityCIM_ManagedElementManagedElement
CIM_ElementSettingDataCIM_ManagedElementManagedElement
CIM_ElementStatisticalDataCIM_ManagedElementManagedElement
CIM_OwningJobElementCIM_ManagedElementOwningElement
CIM_AffectedJobElementCIM_ManagedElementAffectedElement
CIM_ServiceAffectsElementCIM_ManagedElementAffectedElement
CIM_ServiceAvailableToElementCIM_ManagedElementUserOfService
CIM_SAPAvailableForElementCIM_ManagedElementManagedElement
CIM_ManagementSAPCIM_ManagedElementManagedElement