CIM211 Class Declaration
CIM_PrivilegePropagationRule

Table of Contents:
Class Hierarchy
Class Attributes
Class Qualifiers
Properties
Methods
Associations in which the class can participate
Sub Profiling Summary

Class Hierarchy

CIM_PrivilegePropagationRule --> CIM_PolicyRule --> CIM_PolicySet --> CIM_Policy --> CIM_ManagedElement --> [top]

Class Attributes

Class Declaration Attributes
NameValue
SUPERCLASSCIM_PolicyRule
NAMECIM_PrivilegePropagationRule

Class Qualifiers

Class CIM_PrivilegePropagationRule Qualifiers
NameTypeValueFrom Class
Experimentalbooleantrue CIM_PrivilegePropagationRule
Versionstring2.8.1000 CIM_PrivilegePropagationRule
DescriptionstringA class representing a company ’ s and/or administrator ’ s rules with respect to propagating Privileges across Subjects (i.e., delegation) or Targets. The Subjects/ Targets are identified within the PolicyConditions and PolicyActions, and/or using the association, PolicySetAppliesToElement. An example of a Privilege PropagationRule is the propagation of privileges granted to access a directory that then applies to all the files within the directory. CIM_PrivilegePropagationRule
DescriptionstringThe central class used for representing the ’ If Condition then Action ’ semantics of a policy rule. A PolicyRule condition, in the most general sense, is represented as either an ORed set of ANDed conditions (Disjunctive Normal Form, or DNF) or an ANDed set of ORed conditions (Conjunctive Normal Form, or CNF). Individual conditions may either be negated (NOT C) or unnegated (C). The actions specified by a PolicyRule are to be performed if and only if the PolicyRule condition (whether it is represented in DNF or CNF) evaluates to TRUE. The conditions and actions associated with a PolicyRule are modeled, respectively, with subclasses of PolicyCondition and PolicyAction. These condition and action objects are tied to instances of PolicyRule by the PolicyConditionInPolicyRule and PolicyActionInPolicyRule aggregations. A PolicyRule may also be associated with one or more policy time periods, indicating the schedule according to which the policy rule is active and inactive. In this case it is the PolicySetValidityPeriod aggregation that provides this linkage. The PolicyRule class uses the property ConditionListType, to indicate whether the conditions for the rule are in DNF (disjunctive normal form), CNF (conjunctive normal form) or, in the case of a rule with no conditions, as an UnconditionalRule. The PolicyConditionInPolicyRule aggregation contains two additional properties to complete the representation of the Rule ’ s conditional expression. The first of these properties is an integer to partition the referenced PolicyConditions into one or more groups, and the second is a Boolean to indicate whether a referenced Condition is negated. An example shows how ConditionListType and these two additional properties provide a unique representation of a set of PolicyConditions in either DNF or CNF. Suppose we have a PolicyRule that aggregates five PolicyConditions C1 through C5, with the following values in the properties of the five PolicyConditionInPolicyRule associations: C1: GroupNumber = 1, ConditionNegated = FALSE C2: GroupNumber = 1, ConditionNegated = TRUE C3: GroupNumber = 1, ConditionNegated = FALSE C4: GroupNumber = 2, ConditionNegated = FALSE C5: GroupNumber = 2, ConditionNegated = FALSE If ConditionListType = DNF, then the overall condition for the PolicyRule is: (C1 AND (NOT C2) AND C3) OR (C4 AND C5) On the other hand, if ConditionListType = CNF, then the overall condition for the PolicyRule is: (C1 OR (NOT C2) OR C3) AND (C4 OR C5) In both cases, there is an unambiguous specification of the overall condition that is tested to determine whether to perform the PolicyActions associated with the PolicyRule. PolicyRule instances may also be used to aggregate other PolicyRules and/or PolicyGroups. When used in this way to implement nested rules, the conditions of the aggregating rule apply to the subordinate rules as well. However, any side effects of condition evaluation or the execution of actions MUST NOT affect the result of the evaluation of other conditions evaluated by the rule engine in the same evaluation pass. That is, an implementation of a rule engine MAY evaluate all conditions in any order before applying the priority and determining which actions are to be executed. CIM_PolicyRule
DescriptionstringPolicySet is an abstract class that represents a set of policies that form a coherent set. The set of contained policies has a common decision strategy and a common set of policy roles (defined via the PolicySetInRole Collection association). Subclasses include PolicyGroup and PolicyRule. CIM_PolicySet
DescriptionstringAn abstract class defining the common properties of the policy managed elements derived from CIM_Policy. The subclasses are used to create rules and groups of rules that work together to form a coherent set of policies within an administrative domain or set of domains. CIM_Policy
DescriptionstringManagedElement is an abstract class that provides a common superclass (or top of the inheritance tree) for the non-association classes in the CIM Schema. CIM_ManagedElement

Properties

Properties
NameTypeValueQualifiersClassOrigin
SystemCreationClassNamestring Key
Propagated
Description
MaxLen
CIM_PolicyRule
SystemNamestring Key
Propagated
Description
MaxLen
CIM_PolicyRule
CreationClassNamestring Key
Description
MaxLen
CIM_PolicyRule
PolicyRuleNamestring Key
Description
MaxLen
CIM_PolicyRule
ConditionListTypeuint161 Description
ValueMap
Values
CIM_PolicyRule
RuleUsagestring Description CIM_PolicyRule
Priorityuint160 Deprecated
Description
CIM_PolicyRule
Mandatoryboolean Deprecated
Description
CIM_PolicyRule
SequencedActionsuint163 Description
ValueMap
Values
CIM_PolicyRule
ExecutionStrategyuint16 Description
ValueMap
Values
CIM_PolicyRule
PolicyDecisionStrategyuint16 Description
ValueMap
Values
CIM_PolicySet
PolicyRolesstring[] Deprecated
Description
CIM_PolicySet
Enableduint161 Description
ValueMap
Values
CIM_PolicySet
CommonNamestring Description CIM_Policy
PolicyKeywordsstring[] Description CIM_Policy
Captionstring Description
MaxLen
CIM_ManagedElement
Descriptionstring Description CIM_ManagedElement
ElementNamestring Description CIM_ManagedElement

Property Qualifiers

Property SystemCreationClassName Qualifiers
NameTypeValueFrom Class
Keybooleantrue CIM_PolicyRule
PropagatedstringCIM_System.CreationClassName CIM_PolicyRule
DescriptionstringThe scoping System ’ s CreationClassName. CIM_PolicyRule
MaxLenuint32256 CIM_PolicyRule

Property SystemName Qualifiers
NameTypeValueFrom Class
Keybooleantrue CIM_PolicyRule
PropagatedstringCIM_System.Name CIM_PolicyRule
DescriptionstringThe scoping System ’ s Name. CIM_PolicyRule
MaxLenuint32256 CIM_PolicyRule

Property CreationClassName Qualifiers
NameTypeValueFrom Class
Keybooleantrue CIM_PolicyRule
DescriptionstringCreationClassName indicates the name of the class or the subclass used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified. CIM_PolicyRule
MaxLenuint32256 CIM_PolicyRule

Property PolicyRuleName Qualifiers
NameTypeValueFrom Class
Keybooleantrue CIM_PolicyRule
DescriptionstringA user-friendly name of this PolicyRule. CIM_PolicyRule
MaxLenuint32256 CIM_PolicyRule

Property ConditionListType Qualifiers
NameTypeValueFrom Class
DescriptionstringIndicates whether the list of PolicyConditions associated with this PolicyRule is in disjunctive normal form (DNF), conjunctive normal form (CNF), or has no conditions (i.e., is an UnconditionalRule) and is automatically evaluated to " True. " The default value is 1 ( " DNF " ). CIM_PolicyRule
ValueMapstring
[See below.]
CIM_PolicyRule
ValuesstringUnconditional Rule
DNF
CNF
CIM_PolicyRule

NameValue
0Unconditional Rule
1DNF
2CNF
Property RuleUsage Qualifiers
NameTypeValueFrom Class
DescriptionstringA free-form string that can be used to provide guidelines on how this PolicyRule should be used. CIM_PolicyRule

Property Priority Qualifiers
NameTypeValueFrom Class
DescriptionstringPolicyRule.Priority is deprecated and replaced by providing the priority for a rule (and a group) in the context of the aggregating PolicySet instead of the priority being used for all aggregating PolicySet instances. Thus, the assignment of priority values is much simpler. A non-negative integer for prioritizing this Policy Rule relative to other Rules. A larger value indicates a higher priority. The default value is 0. CIM_PolicyRule

Property Mandatory Qualifiers
NameTypeValueFrom Class
DescriptionstringA flag indicating that the evaluation of the Policy Conditions and execution of PolicyActions (if the Conditions evaluate to TRUE) is required. The evaluation of a PolicyRule MUST be attempted if the Mandatory property value is TRUE. If the Mandatory property is FALSE, then the evaluation of the Rule is ’ best effort ’ and MAY be ignored. CIM_PolicyRule

Property SequencedActions Qualifiers
NameTypeValueFrom Class
DescriptionstringThis property gives a policy administrator a way of specifying how the ordering of the PolicyActions associated with this PolicyRule is to be interpreted. Three values are supported: o mandatory(1): Do the actions in the indicated order, or don ’ t do them at all. o recommended(2): Do the actions in the indicated order if you can, but if you can ’ t do them in this order, do them in another order if you can. o dontCare(3): Do them -- I don ’ t care about the order. The default value is 3 ( " DontCare " ). CIM_PolicyRule
ValueMapstring
[See below.]
CIM_PolicyRule
ValuesstringMandatory
Recommended
Dont Care
CIM_PolicyRule

NameValue
1Mandatory
2Recommended
3Dont Care
Property ExecutionStrategy Qualifiers
NameTypeValueFrom Class
DescriptionstringExecutionStrategy defines the strategy to be used in executing the sequenced actions aggregated by this PolicyRule. There are three execution strategies: Do Until Success - execute actions according to predefined order, until successful execution of a single action. Do All - execute ALL actions which are part of the modeled set, according to their predefined order. Continue doing this, even if one or more of the actions fails. Do Until Failure - execute actions according to predefined order, until the first failure in execution of an action instance. CIM_PolicyRule
ValueMapstring
[See below.]
CIM_PolicyRule
ValuesstringDo Until Success
Do All
Do Until Failure
CIM_PolicyRule

NameValue
1Do Until Success
2Do All
3Do Until Failure
Property PolicyDecisionStrategy Qualifiers
NameTypeValueFrom Class
DescriptionstringPolicyDecisionStrategy defines the evaluation method used for policies contained in the PolicySet. There are two values currently defined: - ’ First Matching ’ (1) executes the actions of the first rule whose conditions evaluate to TRUE. The concept of ’ first ’ is determined by examining the priority of the rule within the policy set (i.e., by examining the property, PolicySetComponent.Priority). Note that this ordering property MUST be maintained when processing the PolicyDecisionStrategy. - ’ All ’ (2) executes the actions of ALL rules whose conditions evaluate to TRUE, in the set. As noted above, the order of processing of the rules is defined by the property, PolicySetComponent.Priority (and within a rule, the ordering of the actions is defined by the property, PolicyActionStructure.ActionOrder). Note that when this strategy is defined, processing MUST be completed of ALL rules whose conditions evaluate to TRUE, regardless of errors in the execution of the rule actions. CIM_PolicySet
ValueMapstring
[See below.]
CIM_PolicySet
ValuesstringFirst Matching
All
CIM_PolicySet

NameValue
1First Matching
2All
Property PolicyRoles Qualifiers
NameTypeValueFrom Class
DescriptionstringThe PolicyRoles property represents the roles associated with a PolicySet. All contained PolicySet instances inherit the values of the PolicyRoles of the aggregating PolicySet but the values are not copied. A contained PolicySet instance may, however, add additional PolicyRoles to those it inherits from its aggregating PolicySet(s). Each value in PolicyRoles multi-valued property represents a role for which the PolicySet applies, i.e., the PolicySet should be used by any enforcement point that assumes any of the listed PolicyRoles values. Although not officially designated as ’ role combinations ’ , multiple roles may be specified using the form: < RoleName > [ & & < RoleName > ]* where the individual role names appear in alphabetical order (according to the collating sequence for UCS-2). Implementations may treat PolicyRoles values that are specified as ’ role combinations ’ as simple strings. This property is deprecated in lieu of the use of an association, CIM_PolicySetInRoleCollection. The latter is a more explicit and less error-prone approach to modeling that a PolicySet has one or more PolicyRoles. CIM_PolicySet

Property Enabled Qualifiers
NameTypeValueFrom Class
DescriptionstringIndicates whether this PolicySet is administratively enabled, administratively disabled, or enabled for debug. The " EnabledForDebug " property value is deprecated and, when it or any value not understood by the receiver is specified, the receiving enforcement point treats the PolicySet as " Disabled " . To determine if a PolicySet is " Enabled " , the containment hierarchy specified by the PolicySetComponent aggregation is examined and the Enabled property values of the hierarchy are ANDed together. Thus, for example, everything aggregated by a PolicyGroup may be disabled by setting the Enabled property in the PolicyGroup instance to " Disabled " without changing the Enabled property values of any of the aggregated instances. The default value is 1 ( " Enabled " ). CIM_PolicySet
ValueMapstring
[See below.]
CIM_PolicySet
ValuesstringEnabled
Disabled
Enabled For Debug
CIM_PolicySet

NameValue
1Enabled
2Disabled
3Enabled For Debug
Property CommonName Qualifiers
NameTypeValueFrom Class
DescriptionstringA user-friendly name of this policy-related object. CIM_Policy

Property PolicyKeywords Qualifiers
NameTypeValueFrom Class
DescriptionstringAn array of keywords for characterizing / categorizing policy objects. Keywords are of one of two types: - Keywords defined in this and other MOFs, or in DMTF white papers. These keywords provide a vendor- independent, installation-independent way of characterizing policy objects. - Installation-dependent keywords for characterizing policy objects. Examples include ’ Engineering ’ , ’ Billing ’ , and ’ Review in December 2000 ’ . This MOF defines the following keywords: ’ UNKNOWN ’ , ’ CONFIGURATION ’ , ’ USAGE ’ , ’ SECURITY ’ , ’ SERVICE ’ , ’ MOTIVATIONAL ’ , ’ INSTALLATION ’ , and ’ EVENT ’ . These concepts are self-explanatory and are further discussed in the SLA/Policy White Paper. One additional keyword is defined: ’ POLICY ’ . The role of this keyword is to identify policy-related instances that may not be otherwise identifiable, in some implementations. The keyword ’ POLICY ’ is NOT mutually exclusive of the other keywords specified above. CIM_Policy

Property Caption Qualifiers
NameTypeValueFrom Class
DescriptionstringThe Caption property is a short textual description (one- line string) of the object. CIM_ManagedElement
MaxLenuint3264 CIM_ManagedElement

Property Description Qualifiers
NameTypeValueFrom Class
DescriptionstringThe Description property provides a textual description of the object. CIM_ManagedElement

Property ElementName Qualifiers
NameTypeValueFrom Class
DescriptionstringA user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information. Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties. CIM_ManagedElement

Methods

Method Qualifiers

Parameters

Parameter Qualifiers

Associations this class can participate in

Association
Class
Reference
Class
Role
CIM_PolicyConditionInPolicyRuleCIM_PolicyRuleGroupComponent
CIM_PolicyActionInPolicyRuleCIM_PolicyRuleGroupComponent
CIM_PolicyRuleInPolicyGroupCIM_PolicyRulePartComponent
CIM_PolicyRuleValidityPeriodCIM_PolicyRuleGroupComponent
CIM_PolicyRuleInSystemCIM_PolicyRuleDependent
CIM_PolicySetComponentCIM_PolicySetGroupComponent
CIM_PolicySetComponentCIM_PolicySetPartComponent
CIM_PolicySetValidityPeriodCIM_PolicySetGroupComponent
CIM_PolicySetInSystemCIM_PolicySetDependent
CIM_PolicySetInRoleCollectionCIM_PolicySetMember
CIM_PolicySetAppliesToElementCIM_PolicySetPolicySet
CIM_PolicyComponentCIM_PolicyGroupComponent
CIM_PolicyComponentCIM_PolicyPartComponent
CIM_PolicyConditionStructureCIM_PolicyGroupComponent
CIM_PolicyActionStructureCIM_PolicyGroupComponent
CIM_PolicyInSystemCIM_PolicyDependent
CIM_ReusablePolicyCIM_PolicyDependent
CIM_ComponentCIM_ManagedElementGroupComponent
CIM_ComponentCIM_ManagedElementPartComponent
CIM_ConcreteComponentCIM_ManagedElementGroupComponent
CIM_ConcreteComponentCIM_ManagedElementPartComponent
CIM_CredentialContextCIM_ManagedElementElementProvidingContext
CIM_DefaultElementCapabilitiesCIM_ManagedElementManagedElement
CIM_DependencyCIM_ManagedElementAntecedent
CIM_DependencyCIM_ManagedElementDependent
CIM_HostedDependencyCIM_ManagedElementAntecedent
CIM_HostedDependencyCIM_ManagedElementDependent
CIM_ScopedSettingCIM_ManagedElementAntecedent
CIM_MetricDefForMECIM_ManagedElementAntecedent
CIM_MetricForMECIM_ManagedElementAntecedent
CIM_RelatedElementCausingErrorCIM_ManagedElementDependent
CIM_RelatedElementCausingErrorCIM_ManagedElementAntecedent
CIM_SparedCIM_ManagedElementAntecedent
CIM_SparedCIM_ManagedElementDependent
CIM_ConcreteDependencyCIM_ManagedElementAntecedent
CIM_ConcreteDependencyCIM_ManagedElementDependent
CIM_ElementAsUserCIM_ManagedElementAntecedent
CIM_RecordAppliesToElementCIM_ManagedElementDependent
CIM_AuthenticationTargetCIM_ManagedElementDependent
CIM_AuthorizationSubjectCIM_ManagedElementDependent
CIM_AuthorizationTargetCIM_ManagedElementDependent
CIM_ElementSoftwareIdentityCIM_ManagedElementDependent
CIM_IsSpareCIM_ManagedElementAntecedent
CIM_ProvidesServiceToElementCIM_ManagedElementDependent
CIM_ElementCapabilitiesCIM_ManagedElementManagedElement
CIM_IdentityContextCIM_ManagedElementElementProvidingContext
CIM_LogicalIdentityCIM_ManagedElementSystemElement
CIM_LogicalIdentityCIM_ManagedElementSameElement
CIM_ConcreteIdentityCIM_ManagedElementSystemElement
CIM_ConcreteIdentityCIM_ManagedElementSameElement
CIM_SWRManageableAspectCIM_ManagedElementSystemElement
CIM_MemberOfCollectionCIM_ManagedElementMember
CIM_MemberPrincipalCIM_ManagedElementMember
CIM_ElementInPolicyRoleCollectionCIM_ManagedElementMember
CIM_OwningCollectionElementCIM_ManagedElementOwningElement
CIM_ParametersForMethodCIM_ManagedElementTheMethod
CIM_ParameterValueSourcesCIM_ManagedElementValueSource
CIM_PolicySetAppliesToElementCIM_ManagedElementManagedElement
CIM_AuthorizationRuleAppliesToTargetCIM_ManagedElementManagedElement
CIM_RoleLimitedToTargetCIM_ManagedElementTargetElement
CIM_StatisticsCIM_ManagedElementElement
CIM_SynchronizedCIM_ManagedElementSystemElement
CIM_SynchronizedCIM_ManagedElementSyncedElement
CIM_StorageSynchronizedCIM_ManagedElementSystemElement
CIM_StorageSynchronizedCIM_ManagedElementSyncedElement
CIM_AssignedIdentityCIM_ManagedElementManagedElement
CIM_AuthorizedSubjectCIM_ManagedElementPrivilegedElement
CIM_AuthorizedTargetCIM_ManagedElementTargetElement
CIM_ElementConformsToProfileCIM_ManagedElementManagedElement
CIM_ElementLocationCIM_ManagedElementElement
CIM_ElementProfileCIM_ManagedElementManagedElement
CIM_ElementSecuritySensitivityCIM_ManagedElementManagedElement
CIM_ElementSettingDataCIM_ManagedElementManagedElement
CIM_ElementStatisticalDataCIM_ManagedElementManagedElement
CIM_OwningJobElementCIM_ManagedElementOwningElement
CIM_AffectedJobElementCIM_ManagedElementAffectedElement
CIM_ServiceAffectsElementCIM_ManagedElementAffectedElement
CIM_ServiceAvailableToElementCIM_ManagedElementUserOfService
CIM_SAPAvailableForElementCIM_ManagedElementManagedElement
CIM_ManagementSAPCIM_ManagedElementManagedElement