File: //usr/share/mof/cimv2.33.0/User/CIM_RoleBasedAuthorizationService.mof
// Copyright (c) 2010 DMTF. All rights reserved.
[Version ( "2.26.0" ),
UMLPackagePath ( "CIM::User::Role" ),
Description (
"The CIM_RoleBasedAuthorizationService class represents the "
"authorization service that manages and configures roles on a "
"managed system. The CIM_RoleBasedAuthorizationService is "
"responsible for creating, and deleting CIM_Role instances. "
"Privileges of the roles are represented through the "
"instance(s) of CIM_Privilege class associated to CIM_Role "
"instances through the CIM_MemberOfCollection association. As a "
"result of creating, and deleting CIM_Role instances the "
"CIM_Privilege instances can also be affected. The limiting "
"scope of the role is determined by the CIM_RoleLimitedToTarget "
"association." )]
class CIM_RoleBasedAuthorizationService : CIM_PrivilegeManagementService {
[Description (
"The CreateRole method creates a new instance of CIM_Role "
"with the specified privileges. If the NewRole parameter "
"is specified, the embedded instance will be used as a "
"template for the newly created CIM_Role instance. If the "
"NewRole parameter is not specified, the method will "
"create a default instance of CIM_Role that is "
"implementation specific. In order to be meaningful, a "
"Role requires a set of associated privileges, thus an "
"array of embedded instances of CIM_Privilege is provided "
"as a parameter. An implementation may not support the "
"creation of a Role with the privileges indicated by the "
"specified combination of CIM_Privilege instances. \n"
"The implementation will create new instances of "
"CIM_Privilege as needed to enable the implementation to "
"represent the rights granted to the new instance of "
"Role. The implementation will associate these Privilege "
"instances to CIM_Role via MemberOfCollection. \n"
"If the RoleLimitedToTargets parameter is specified, the "
"scope of the new role will be limited to the "
"CIM_ManagedElement instances whose references are "
"specified. For each CIM_ManagedElement specified, the "
"implementation will create an instance of "
"CIM_RoleLimitedToTarget which references "
"CIM_ManagedElement instance and the created instance of "
"CIM_Role. If the RoleLimitedToTargets parameter is not "
"specified, the Role applies to all resources in the "
"target namespace." ),
ValueMap { "0", "1", "2", "3", "4", "5", "6", "..",
"32000..65535" },
Values { "Success", "Not Supported", "Unknown", "Timeout",
"Failed", "Invalid Parameter", "Inappropriate Privilege",
"DMTF Reserved", "Vendor Specific" }]
uint32 CreateRole(
[IN, Description (
"NewRole parameter is the desired CIM_Role instance "
"to be created. This is an element of class "
"CIM_Role, encoded as a string-valued embedded "
"instance parameter. The embedded instance allows "
"the client to specify the properties desired for "
"the new CIM_Role instance." ),
EmbeddedInstance ( "CIM_Role" )]
string RoleTemplate,
[IN, Description (
"If present, CIM_OwningSystem defines a System to "
"which an CIM_OwningCollectionElement association "
"to the new CIM_Role shall be instantiated." )]
CIM_System REF OwningSystem,
[Required, IN, Description (
"Privileges parameter is the desired CIM_Privilege "
"instances to be associated with the new role. This "
"is an array of elements of class CIM_Privilege, "
"encoded as a string-valued embedded instance "
"parameter. The embedded instances allow the client "
"to specify the properties desired for the "
"CIM_Privilege instances to be associated to the "
"new CIM_Role instance through "
"CIM_MemberOfCollection association." ),
EmbeddedInstance ( "CIM_Privilege" )]
string Privileges[],
[IN, Description (
"RoleLimitedToTargets parameter references "
"CIM_ManagedElement instances that the new role "
"will be limited to. The call will create "
"CIM_RoleLimitedToTarget association instances "
"between the new CIM_Role instance and the "
"referenced CIM_ManagedElement instances that the "
"role is limited to." )]
CIM_ManagedElement REF RoleLimitedToTargets[],
[IN ( false ), OUT, Description (
"Role is an output parameter that per successful "
"execution of the method will contain the reference "
"to the newly created CIM_Role instance." )]
CIM_Role REF Role);
[Description (
"DeleteRole method deletes the CIM_Role instance "
"referenced in the call. This method will delete each "
"instance of CIM_MemberOfCollection and "
"CIM_RoleLimitedToTarget that references the specified "
"instance of CIM_Role. Any instances of CIM_Privilege "
"that are associated with the this instance of CIM_Role "
"and no other instances will also be deleted, as well as "
"the CIM_MemberOfCollection associations that associate "
"the CIM_Privilege with the CIM_Role." ),
ValueMap { "0", "1", "2", "3", "4", "5", "..", "32000..65535" },
Values { "Success", "Not Supported", "Unknown", "Timeout",
"Failed", "Invalid Parameter", "DMTF Reserved",
"Vendor Specific" }]
uint32 DeleteRole(
[Required, IN, Description (
"Role parameter is the reference to the Role "
"instance to be deleted." )]
CIM_Role REF Role);
[Description (
"ModifyRole method modifies the privileges and the scope "
"of the specified instance of the targeted CIM_Role "
"instance. The call may result in the creation, deletion, "
"or modification of CIM_Privilege instances. The call may "
"result in the creation and deletion of "
"CIM_RoleLimitedTarget association instances." ),
ValueMap { "0", "1", "2", "3", "4", "5", "6", "..",
"32000..65535" },
Values { "Success", "Not Supported", "Unknown", "Timeout",
"Failed", "Invalid Parameter", "Inappropriate Privilege",
"DMTF Reserved", "Vendor Specific" }]
uint32 ModifyRole(
[IN, Description (
"Privileges parameter represents the desired "
"privileges for the targeted role. When this "
"parameter is non-null, upon successful completion "
"of the method, the instances of CIM_Privilege "
"associated with the targeted CIM_Role instance "
"shall convey equivalent privileges as those "
"indicated by the specified embedded CIM_Privilege "
"instances. The Privilege parameter is an array of "
"elements of CIM_Privilege, encoded as a string "
"valued embedded instance parameter. The embedded "
"instances allow the client to convey the "
"privileges desired for the targeted CIM_Role "
"instance. The method may result in the creation, "
"deletion, or modification of the CIM_Privilege "
"instances. The rights indicated by a CIM_Privilege "
"may be revoked by passing the embedded instance of "
"CIM_Privilege with PrivilegeGranted property set "
"to \"FALSE.\". When the parameter is null, the "
"privileges for the CIM_Role shall not be modified." ),
EmbeddedInstance ( "CIM_Privilege" )]
string Privileges[],
[IN, Description (
"RoleLimitedToTargets parameter references all of "
"the CIM_ManagedElement instances to which the role "
"shall be limited. When this parameter is non-null, "
"upon successful completion of the method, the "
"targeted CIM_Role instanceshall be associated "
"through the CIM_RoleLimitedToTarget association "
"with only the specified instances of "
"CIM_ManagedElement. This may result in the "
"creation and deletion of instances of "
"CIM_RoleLimitedToTarget. When this parameter is "
"null, the set of instances of "
"CIM_RoleLimitedToTarget that reference the "
"targeted CIM_Role instance shall not be modified." )]
CIM_ManagedElement REF RoleLimitedToTargets[],
[Required, IN, Description (
"Role parameter is the reference to the targeted "
"CIM_Role instance for which the privileges will be "
"modified." )]
CIM_Role REF Role);
[Description (
"AssignRoles() removes a security principal from any "
"Rolesto which it currently belongs and assigns it to the "
"Roles identified by the Roles[] parameter. Upon "
"successful completion of the method, the instance of "
"CIM_Identity identified by the Identity parameter shall "
"be associated to each Role referenced by the Roles "
"parameter through the CIM_MemberOfCollection association "
"and shall not be associated to an instance of CIM_Role "
"unless a reference to it is contained in the Roles "
"parameter." ),
ValueMap { "0", "1", "2", "..", "32000..65535" },
Values { "Success", "Not Supported", "Failed",
"Method Reserved", "Vendor Specific" }]
uint32 AssignRoles(
[Required, IN, Description (
"The Identity instance representing the security "
"principalwhose role membership is being modified." )]
CIM_Identity REF Identity,
[Required, IN, Description (
"The set of Roles to which the Identity will be "
"associated through CIM_MemberOfCollection." )]
CIM_Role REF Roles[]);
[Description (
"ShowRoles reports the Privileges (i.e., rights) granted "
"to a particular Subject, for a particular Target, or to "
"a particular Subject for a particular Target through "
"membership in, or scoping to instances of CIM_Role. The "
"Subject parameter, Target parameter, or both shall be "
"specified. \n"
"When the Subject parameter is specified and the Target "
"parameter is not specified, the method shall return all "
"of Roles to which the subject is associated through "
"CIM_MemberOfCollection. When Target parameter is "
"specified and the Subject parameter is not specified, "
"the method shall all instances of CIM_Role within whose "
"scope the Target Parameter lies.\n"
"When the Subject parameter and Target parameter are both "
"specified, the method shall return an instance of "
"CIM_Role if and only if the Subject Parameter is "
"associated to the instance of CIM_Role through "
"CIM_MemberOfCollection and the Target Parameter lies "
"within the scope of the instance of CIM_Role.\n"
"For each instance of CIM_Role returned in the Roles "
"parameter, the corresponding index of the Privileges "
"parameter may contain an instance of CIM_Privilege. The "
"corresponding index of the Privileges parameter may be "
"null when rights granted through a CIM_Role are not "
"explicitly managed, or when there are not currently any "
"instances of CIM_Privilege associated with the CIM_Role "
"instance. When the corresponding index of of the "
"Privileges parameter is non-null, the embedded instance "
"of CIM_Privilege shall reflect the cumulative rights "
"granted through membership in the Role. \n"
"Each embedded instance of CIM_Role contained in the "
"Roles parameter shall correspond to an instrumented "
"instance of CIM_Role. Each embedded instance of "
"CIM_Privilege contained in the Privileges parameter may "
"correspond to an instance of CIM_Privilege associated to "
"the corresponding instance of CIM_Role through the "
"CIM_MemberOfCollection. However, this is not required. "
"Embedded instances of CIM_Role are returned rather than "
"References in order to simplify the query operation for "
"clients. The properties of the instances of CIM_Role "
"provide context to aid a client in selecting which "
"instance(s) to modify in order to change the privileges "
"of a Subject or for a Target." ),
ValueMap { "0", "1", "2", "..", "32000..65535" },
Values { "Success", "Not Supported", "Failed",
"Method Reserved", "Vendor Specific" }]
uint32 ShowRoles(
[IN, Description (
"The Subject parameter identifies the instance of "
"CIM_Identity whose containing instances of "
"CIM_Role will be returned." )]
CIM_Identity REF Subject,
[IN, Description (
"The Target parameter identifies an instance of "
"CIM_ManagedElement whose scoping instances of "
"CIM_Role will be returned." )]
CIM_ManagedElement REF Target,
[IN ( false ), OUT, Description (
"The set of instances of CIM_Role filtered "
"according to the Subject and Target parameters." ),
EmbeddedInstance ( "CIM_Role" ),
ArrayType ( "Indexed" ),
ModelCorrespondence {
"CIM_PrivilegeManagementService.ShowAccess.Privileges" }]
string Roles[],
[IN ( false ), OUT, Description (
"The cumulative rights granted through membership "
"in the instance of CIM_Role located at the same "
"array index in the Roles parameter." ),
EmbeddedInstance ( "CIM_Privilege" ),
ArrayType ( "Indexed" ),
ModelCorrespondence {
"CIM_PrivilegeManagementService.ShowAccess.Roles" }]
string Privileges[]);
};