Class CIM_AuthorizationRule
extends CIM_PolicyRule

A class representing a company's and/or administrator's rules with respect to authorizing Identities (subjects), for access of target elements, based on associated Privileges/Roles. This includes dynamically permitting and denying access, statically adding or removing Identities (i.e., Subjects) and Targets to/from Roles via the MemberOfCollection and RoleLimitedToTarget associations, and adding or removing AuthorizedSubject and AuthorizedTarget associations when AuthorizedPrivilege classes are implemented. Explaining this in more detail: If a request is made to access a target element associated to this AuthorizationRule via AuthorizationRuleAppliesToTarget, the rights to execute the request are verified by searching for matching Privilege instances and an associated Identity that is tied to the requestor. An Identity is associated to the rule using AuthorizationRuleAppliesToSubject. The associations of Privileges to an AuthorizationRule are either individually using AuthorizationRuleAppliesToPrivilege, or via collection into a Role class (where the Role is associated to the rule using AuthorizationRuleAppliesToRole). If the Identity's CurrentlyAuthorized property is TRUE and a corresponding 'granting' Privilege is defined, then the request for access is authorized. If any of the preceding conditions do not hold, then the request is denied. Note that the evaluation of the AuthorizationRule's conditions MAY result in the 'static' instantiation of associations to AuthorizedPrivilege or Role - that are then traversed to determine access. Targets MAY be statically associated to Privileges or Roles using the AuthorizedTarget and RoleLimitedToTarget relationships, respectively. Identities MAY be statically associated to Privileges or Roles using the AuthorizedSubject and MemberOfCollection relationships, respectively.

Table of Contents
Hierarchy
Direct Known Subclasses
Class Qualifiers
Class Properties
Class Methods


Class Hierarchy

CIM_ManagedElement
   |
   +--CIM_Policy
   |
   +--CIM_PolicySet
   |
   +--CIM_PolicyRule
   |
   +--CIM_AuthorizationRule

Direct Known Subclasses

Class Qualifiers

NameData TypeValue
DescriptionstringA class representing a company's and/or administrator's rules with respect to authorizing Identities (subjects), for access of target elements, based on associated Privileges/Roles. This includes dynamically permitting and denying access, statically adding or removing Identities (i.e., Subjects) and Targets to/from Roles via the MemberOfCollection and RoleLimitedToTarget associations, and adding or removing AuthorizedSubject and AuthorizedTarget associations when AuthorizedPrivilege classes are implemented. Explaining this in more detail: If a request is made to access a target element associated to this AuthorizationRule via AuthorizationRuleAppliesToTarget, the rights to execute the request are verified by searching for matching Privilege instances and an associated Identity that is tied to the requestor. An Identity is associated to the rule using AuthorizationRuleAppliesToSubject. The associations of Privileges to an AuthorizationRule are either individually using AuthorizationRuleAppliesToPrivilege, or via collection into a Role class (where the Role is associated to the rule using AuthorizationRuleAppliesToRole). If the Identity's CurrentlyAuthorized property is TRUE and a corresponding 'granting' Privilege is defined, then the request for access is authorized. If any of the preceding conditions do not hold, then the request is denied. Note that the evaluation of the AuthorizationRule's conditions MAY result in the 'static' instantiation of associations to AuthorizedPrivilege or Role - that are then traversed to determine access. Targets MAY be statically associated to Privileges or Roles using the AuthorizedTarget and RoleLimitedToTarget relationships, respectively. Identities MAY be statically associated to Privileges or Roles using the AuthorizedSubject and MemberOfCollection relationships, respectively.
Experimentalbooleantrue
UMLPackagePathstringCIM::Policy
Versionstring2.8.1000

Class Properties

Inherited Properties

NameData TypeClass Origin
CaptionstringCIM_ManagedElement
CommonNamestringCIM_Policy
ConditionListTypeuint16CIM_PolicyRule
CreationClassNamestringCIM_PolicyRule
DescriptionstringCIM_ManagedElement
ElementNamestringCIM_ManagedElement
Enableduint16CIM_PolicySet
ExecutionStrategyuint16CIM_PolicyRule
Generationuint64CIM_ManagedElement
InstanceIDstringCIM_ManagedElement
MandatorybooleanCIM_PolicyRule
PolicyDecisionStrategyuint16CIM_PolicySet
PolicyRuleNamestringCIM_PolicyRule
Priorityuint16CIM_PolicyRule
RuleUsagestringCIM_PolicyRule
SequencedActionsuint16CIM_PolicyRule
SystemCreationClassNamestringCIM_PolicyRule
SystemNamestringCIM_PolicyRule
PolicyKeywordsstring[]CIM_Policy
PolicyRolesstring[]CIM_PolicySet

Class Methods