MaskingMapping
Class IBMTSDS_PrivilegeManagementService


CIM_ManagedElement
\_CIM_ManagedSystemElement
  \_CIM_LogicalElement
    \_CIM_EnabledLogicalElement
      \_CIM_Service
        \_CIM_SecurityService
          \_CIM_AuthorizationService
            \_CIM_PrivilegeManagementService


Description

The PrivilegeManagementService is responsible for creating, deleting, and associating Privilege instances. References to'target'define the entity (or entities) that are associated with a Privilege instance via AuthorizedTarget. References to'subject'define the elements associated to the Privilege instance via AuthorizedSubject. The Privilege instance is related to this AuthenticationService via ConcreteDependency.

Subclasses


Referenced By

IBMTSDS_ConcreteDependencyPrivilege IBMTSDS_HostedPrivilegeManagementService

Properties

IdTypeRangeDescription
Key
CreationClassName string
Max Length256
CreationClassName indicates the name of the class or the subclass that is used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified.
Name string
Max Length256
The Name property uniquely identifies the Service and provides an indication of the functionality that is managed. This functionality is described in more detail in the Description property of the object.
SystemCreationClassName string
Max Length256
The CreationClassName of the scoping System.
SystemName string
Max Length256
The Name of the scoping System.
Read Only
ElementName string
User friendly name. Same as Name.
Read Write
 
Inherited from class CIM_ManagedElement
Caption, Description, ElementName
 
Inherited from class CIM_ManagedSystemElement
HealthState, InstallDate, Name, OperationalStatus, Status, StatusDescriptions
 
Inherited from class CIM_EnabledLogicalElement
EnabledState, OtherEnabledState, RequestedState, TimeOfLastStateChange, EnabledDefault
 
Inherited from class CIM_Service
Started, StartMode, PrimaryOwnerContact, PrimaryOwnerName
 

Method Summary

NameDescription
AssignAccessWhen this method is called, a provider identifies an appropriate existing Privilege or creates a new instance of Privilege to satisfy the parameters of the request.
RemoveAccessThis method revokes a specific privilege or all privileges for a particular target, subject, or subject/target pair.
 
Inherited from class CIM_EnabledLogicalElement
RequestStateChange
 
Inherited from class CIM_Service
StartService, StopService
 
Inherited from class CIM_PrivilegeManagementService
AssignAccess, ChangeAccess, RemoveAccess, ShowAccess
 

Method Detail


AssignAccess

Description

When this method is called, a provider identifies an appropriate existing Privilege or creates a new instance of Privilege to satisfy the parameters of the request. The Privilege is linked to the ManagedElements that are its subject and target via the AuthorizedSubject and AuthorizedTarget associations, respectively. When created, the Privilege instance is associated to this PrivilegeManagementService via ConcreteDependency.Note that the method's input parameters, Activities, ActivityQualifiers and QualifierFormats, are mutually indexed. Values for these parameters MAY be supplied with the method invocation or MAY be obtained via reference to an existing Privilege. One of these two approaches MUST be taken to specify the values of the Privilege's properties. Also note that Subject and Target references MAY be supplied.The successful completion of the method SHALL create any necessary AuthorizedSubject, AuthorizedTarget and Privilege instances. Returning references to the AuthorizedSubject and AuthorizedTarget instances is NOT REQUIRED since they can be construed using the Privilege output parameter and intrinsic methods.

Parameters

IdTypeRangeDescription
In
Subject CIM_ManagedElement
The Subject parameter is a reference to a ManagedElement instance that SHALL be associated via AuthorizedSubject to the Privilege. This parameter MAY NOT be supplied when an existing Privilege is referenced by the Privilege parameter. Note that a Subject reference MUST be provided when creating a new instance of Privilege.
PrivilegeGranted boolean
The PrivilegesGranted flag in the new/existing Privilege.
Activities uint16
The activities granted in the new/existing Privilege.
ActivityQualifiers string
The activity qualifiers set in the new/existing Privilege.
QualifierFormats uint16
The qualifier formats set in the new/existing Privilege.
Target CIM_ManagedElement
The Target parameter is a reference to a ManagedElement that SHALL be associated via AuthorizedTarget to the Privilege. This parameter MAY NOT be supplied when an existing Privilege is referenced by the Privilege parameter. Note that a Target reference MUST be provided when creating a new instance of Privilege.
Privilege CIM_AuthorizedPrivilege
Reference to the Privilege used or created.If a reference is not provided, an implementation MAY create a new instance of Privilege, or MAY reuse an existing one. The Privilege that is created or reused is returned in this parameter. If a reference is input, it serves as the definition of the Privilege, replacing the method's input parameters, PrivilegeGranted, Activities[]ActivityQualifiers[]and QualifierFormats[]. Also, the existing Privilege defines the relevant'subject'and'target'ManagedElements, when one or the other of the Subject/Target input parameters is not specified. An implementation MAY use the supplied reference purely as a template and MAY return a reference to a different Privilege instance
out
Privilege CIM_AuthorizedPrivilege
Reference to the Privilege used or created.If a reference is not provided, an implementation MAY create a new instance of Privilege, or MAY reuse an existing one. The Privilege that is created or reused is returned in this parameter. If a reference is input, it serves as the definition of the Privilege, replacing the method's input parameters, PrivilegeGranted, Activities[]ActivityQualifiers[]and QualifierFormats[]. Also, the existing Privilege defines the relevant'subject'and'target'ManagedElements, when one or the other of the Subject/Target input parameters is not specified. An implementation MAY use the supplied reference purely as a template and MAY return a reference to a different Privilege instance
Return Codes
none

RemoveAccess

Description

This method revokes a specific privilege or all privileges for a particular target, subject, or subject/target pair. If a Privilege instance is left with no AuthorizedTarget associations, it SHOULD be deleted. The successful completion of the method SHALL remove the directly or indirectly requested AuthorizedSubject, AuthorizedTarget and Privilege instances.

Parameters

IdTypeRangeDescription
In
Subject CIM_ManagedElement
The Subject parameter is a reference to a ManagedElement instance (associated via AuthorizedSubject) for which privileges are to be revoked.
Privilege CIM_AuthorizedPrivilege
A reference to the Privilege to be revoked.
Target CIM_ManagedElement
The Target parameter is a reference to a ManagedElement (associated via AuthorizedTarget) which will no longer be protected via the Privilege.
out
none
Return Codes
none