📄 cim_privilege.mof
字号:
// Copyright (c) 2005 DMTF. All rights reserved.// <change cr="ArchCR00066.004" type="add">Add UmlPackagePath// qualifier values to CIM Schema.</change>// ==================================================================// CIM_Privilege// ================================================================== [UMLPackagePath ( "CIM::User::Privilege" ), Version ( "2.8.0" ), Description ( "Privilege is the base class for all types of activities which " "are granted or denied by a Role or an Identity. Whether an " "individual Privilege is granted or denied is defined using the " "PrivilegeGranted boolean. Any Privileges not specifically " "granted are assumed to be denied. An explicit deny (Privilege " "Granted = FALSE) takes precedence over any granted Privileges. " "\n\n" "The association of subjects (Roles and Identities) to " "Privileges is accomplished using policy or explicitly via the " "associations on a subclass. The entities that are protected " "(targets) can be similarly defined. \n" "\n" "Note that Privileges may be inherited through hierarchical " "Roles, or may overlap. For example, a Privilege denying any " "instance Writes in a particular CIM Server Namespace would " "overlap with a Privilege defining specific access rights at an " "instance level within that Namespace. In this example, the " "AuthorizedSubjects are either Identities or Roles, and the " "AuthorizedTargets are a Namespace in the former case, and a " "particular instance in the latter.")]class CIM_Privilege : CIM_ManagedElement { [Key, Description ( "Within the scope of the instantiating Namespace, InstanceID " "opaquely and uniquely identifies an instance of this class. " "In order to ensure uniqueness within the NameSpace, the " "value of InstanceID SHOULD be constructed using the " "following 'preferred' algorithm: \n" "<OrgID>:<LocalID> \n" "Where <OrgID> and <LocalID> are separated by a colon ':', " "and where <OrgID> MUST include a copyrighted, trademarked " "or otherwise unique name that is owned by the business " "entity creating/defining the InstanceID, or is a registered " "ID that is assigned to the business entity by a recognized " "global authority. (This is similar to the <Schema " "Name>_<Class Name> structure of Schema class names.) In " "addition, to ensure uniqueness <OrgID> MUST NOT contain a " "colon (':'). When using this algorithm, the first colon to " "appear in InstanceID MUST appear between <OrgID> and " "<LocalID>. \n" "<LocalID> is chosen by the business entity and SHOULD not " "be re-used to identify different underlying (real-world) " "elements. If the above 'preferred' algorithm is not used, " "the defining entity MUST assure that the resultant " "InstanceID is not re-used across any InstanceIDs produced " "by this or other providers for this instance's NameSpace. " "For DMTF defined instances, the 'preferred' algorithm MUST " "be used with the <OrgID> set to 'CIM'.")] string InstanceID; [Description ( "Boolean indicating whether the Privilege is granted (TRUE) " "or denied (FALSE). The default is to grant permission.")] boolean PrivilegeGranted = TRUE; [Description ( "An enumeration indicating the activities that are granted " "or denied. These activities apply to all entities specified " "in the ActivityQualifiers array. The values in the " "enumeration are straightforward except for one, " "4=\"Detect\". This value indicates that the existence or " "presence of an entity may be determined, but not " "necessarily specific data (which requires the Read " "privilege to be true). This activity is exemplified by " "'hidden files'- if you list the contents of a directory, " "you will not see hidden files. However, if you know a " "specific file name, or know how to expose hidden files, " "then they can be 'detected'. Another example is the ability " "to define search privileges in directory implementations."), ValueMap { "1", "2", "3", "4", "5", "6", "7", "..15999", "16000.." }, Values { "Other", "Create", "Delete", "Detect", "Read", "Write", "Execute", "DMTF Reserved", "Vendor Reserved" }, ArrayType ( "Indexed" ), ModelCorrespondence { "CIM_Privilege.ActivityQualifiers" }] uint16 Activities[]; [Description ( "The ActivityQualifiers property is an array of string " "values used to further qualify and specify the privileges " "granted or denied. For example, it is used to specify a set " "of files for which 'Read'/'Write' access is permitted or " "denied. Or, it defines a class' methods that may be " "'Executed'. Details on the semantics of the individual " "entries in ActivityQualifiers are provided by corresponding " "entries in the QualifierFormats array."), ArrayType ( "Indexed" ), ModelCorrespondence { "CIM_Privilege.Activities", "CIM_Privilege.QualifierFormats" }] string ActivityQualifiers[]; [Description ( "Defines the semantics of corresponding entries in the " "ActivityQualifiers array. An example of each of these " "'formats' and their use follows: \n" "- 2=Class Name. Example: If the authorization target is a " "CIM Service or a Namespace, then the ActivityQualifiers " "entries can define a list of classes that the authorized " "subject is able to create or delete. \n" "- 3=<Class.>Property. Example: If the authorization target " "is a CIM Service, Namespace or Collection of instances, " "then the ActivityQualifiers entries can define the class " "properties that may or may not be accessed. In this case, " "the class names are specified with the property names to " "avoid ambiguity - since a CIM Service, Namespace or " "Collection could manage multiple classes. On the other " "hand, if the authorization target is an individual " "instance, then there is no possible ambiguity and the class " "name may be omitted. To specify ALL properties, the " "wildcard string \"*\" should be used. \n" "- 4=<Class.>Method. This example is very similar to the " "Property one, above. And, as above, the string \"*\" may be " "specified to select ALL methods. \n" "- 5=Object Reference. Example: If the authorization target " "is a CIM Service or Namespace, then the ActivityQualifiers " "entries can define a list of object references (as strings) " "that the authorized subject can access. \n" "- 6=Namespace. Example: If the authorization target is a " "CIM Service, then the ActivityQualifiers entries can define " "a list of Namespaces that the authorized subject is able to " "access. \n" "- 7=URL. Example: An authorization target may not be " "defined, but a Privilege could be used to deny access to " "specific URLs by individual Identities or for specific " "Roles, such as the 'under 17' Role. \n" "- 8=Directory/File Name. Example: If the authorization " "target is a FileSystem, then the ActivityQualifiers entries " "can define a list of directories and files whose access is " "protected. \n" "- 9=Command Line Instruction. Example: If the authorization " "target is a ComputerSystem or Service, then the " "ActivityQualifiers entries can define a list of command " "line instructions that may or may not be 'Executed' by the " "authorized subjects."), ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", "..15999", "16000.." }, Values { "Class Name", "<Class.>Property", "<Class.>Method", "Object Reference", "Namespace", "URL", "Directory/File Name", "Command Line Instruction", "DMTF Reserved", "Vendor Reserved" }, ArrayType ( "Indexed" ), ModelCorrespondence { "CIM_Privilege.ActivityQualifiers" }] uint16 QualifierFormats[];};⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -