| Name | Data Type | Value |
| Description | string | ChangeAccess updates the specified Subject's rights to the Target according to the parameters of this call. The method may be called to update the propagation of Privileges, and/or to define new Privileges for a Subject/Target pair. Because the Subject/Target pair is required in any usage scenario, these parameters are defined as Required.
If an instance of Privilege is created, it is associated to this Service via ConcreteDependency. Further, if the Privilege is an AuthorizedPrivilege, it is linked to the specified Subject and Target via the AuthorizedSubject and AuthorizedTarget associations, respectively. |
| ValueMap | string | 0, 1, 2, 3, 4, 5, .., 16000, 16001, 16002, 16003, 16004, 16005..31999, 32000..65535 |
| Values | string | Success, Not Supported, Unknown, Timeout, Failed, Invalid Parameter, DMTF Reserved, Unsupported Subject, Unsupported Privilege, Unsupported Target, Authorization Error, NULL not supported, Method Reserved, Vendor Specific |
| Name | Type | Qualifiers |
| Name | Data Type | Value |
| Privileges | string[] |
| Description | string | A set of zero or more instances of CIM_Privilege (or a subclass of Privilege) that are passed 'by value' as embedded objects. An embedded object is used since the Privilege may only define a subset of the total rights that should be assigned or revoked. On input, Privilege.PrivilegeGranted MAY be set to False to indicate that the enclosed rights are denied. On return, the embedded Privilege objects represent the cumulative rights granted between the specified Subject and Target (filtered to return the information that the requestor is authorized to view). If the Privileges array is empty, then there exist NO rights that the requestor is authorized to view between the Subject/Target pair. |
| EmbeddedObject | boolean | true |
| IN | boolean | true |
| OUT | boolean | true |
| PropagationPolicies | CIM_PrivilegePropagationRule[] |
| Description | string | If supplied, PropagationPolicy defines the policy rules that govern how the specified access rights are propagated to instances associated with the named Subject and/or Target. If a policy rule is not supplied, the rights defined in the Privilege are only granted or denied between the named Subject and Target. |
| IN | boolean | true |
| Subject |
REF
CIM_ManagedElement |
| Description | string | The Subject parameter is required and references an instance of ManagedElement. The result of this operation is that the Subject SHALL be authorized to access or define the authorization rights for the Target, via one or more instances of the Privilege class - where the Privileges represent the cumulative rights of this Subject. The distinction between the Privileges specified in this method call and the 'cumulative rights' is that the implementation returns all rights that the Subject has in regards to the Target (that the requestor is authorized to review), versus the specific subset that may be specified in this method call. The exception to the above is when there are no remaining rights between the Subject and Target. In that case, the Privilege instance MAY be deleted.
Note that even if the Subject element is a Collection, the operation is only applied to the Collection itself and NOT its members via MemberOfCollection unless an appropriate PolicyPropagationRule is specified. In either case, the output parameters for this method pertain only to the specified Subject/Collection and Target, and do not provide details on the individual members of the Collection. If this information is needed, use the ShowAccess method.
As noted in the method Description, if the resultant Privileges are AuthorizedPrivileges, then AuthorizedSubject associations SHALL be created. |
| IN | boolean | true |
| Required | boolean | true |
| Target |
REF
CIM_ManagedElement |
| Description | string | The Target parameter is required and references an instance of ManagedElement. The result of this operation is that the Subject SHALL be authorized to access or define the authorization rights for the Target, via one or more instances of the Privilege class - where the Privileges represent the cumulative rights of this Subject. The distinction between the Privileges specified in this method call and the 'cumulative rights' is that the implementation returns all rights that the Subject has in regards to this Target (that the requestor is authorized to review), versus the specific subset that may be specified in this method call. The exception to the above is when there are no remaining rights between the Subject and Target. In that case, the Privilege instance MAY be deleted.
Note that even if the Target element is a Collection, the operation is only applied to the Collection itself and NOT its members via MemberOfCollection unless an appropriate PolicyPropagationRule is specified. In either case, the output parameters for this method pertain only to the specified Subject and Target/Collection, and do not provide details on the individual members of the Collection. If this information is needed, use the ShowAccess method.
As noted in the method Description, if the resultant Privileges are AuthorizedPrivileges, then AuthorizedTarget associations SHALL be created. |
| IN | boolean | true |
| Required | boolean | true |
| Name | Data Type | Value |
| Description | string | ShowAccess reports the Privileges (i.e., rights) granted to a particular Subject and/or Target pair. Either a Subject, a Target or both MUST be specified. In the case where only one is specified, the method will return all rights to all Targets for the specified Subject, or all rights for all subjects which apply to the specified Target.
ShowAccess returns the cumulative rights granted between the OutSubjects and OutTargets at the same array index (filtered to return the information that the requestor is authorized to view). If a specific array entry is NULL, then there exist NO rights that the requestor is authorized to view between the Subject/Target pair.
Note that the Privileges returned by this method MAY NOT correspond to what is actually instantiated in the model, and MAY be optimized for ease of reporting. Hence, the data is passed 'by value', as embedded objects. Also, note that multiple Privileges MAY be defined for a given Subject/Target pair.
Other mechanisms MAY also be used to retrieve this information. CIM Operations' EnumerateInstances MAY be used to return all Privileges currently instantiated within a namespace. Also, if the AuthorizedPrivilege subclass is instantiated, the CIM Operation Associators MAY be used to navigate from the Privilege to AuthorizedSubjects and AuthorizedTargets. These CIM Operations will not generally provide the functionality or optimizations available with ShowAccess. |
| ValueMap | string | 0, 1, 2, 3, 4, 5, .., 16000, 16002, 16003, 16004, 16005..31999, 32000..65535 |
| Values | string | Success, Not Supported, Unknown, Timeout, Failed, Invalid Parameter, DMTF Reserved, Unsupported Subject, Unsupported Target, Authorization Error, NULL not supported, Method Reserved, Vendor Specific |
| Name | Type | Qualifiers |
| Name | Data Type | Value |
| Privileges | string[] |
| ArrayType | string | Indexed |
| Description | string | The returned Privilege objects represent the cumulative rights granted between the OutSubjects and OutTargets at the same array index (filtered to return the information that the requestor is authorized to view). If a specific array entry is NULL, then there exist NO rights that the requestor is authorized to view between the Subject/Target pair. |
| EmbeddedObject | boolean | true |
| IN | boolean | false |
| ModelCorrespondence | string | CIM_PrivilegeManagementService.ShowAccess.OutTargets, CIM_PrivilegeManagementService.ShowAccess.OutSubjects |
| OUT | boolean | true |
| OutSubjects | CIM_ManagedElement[] |
| ArrayType | string | Indexed |
| Description | string | The array of Subject REFs corresponding to the individual Privileges and OutTargets arrays. The resulting OutSubjects, Privileges and OutTargets arrays define the cumulative rights granted between the Subject/Target at the corresponding index (filtered to return the information that the requestor is authorized to view). |
| IN | boolean | false |
| ModelCorrespondence | string | CIM_PrivilegeManagementService.ShowAccess.Subject, CIM_PrivilegeManagementService.ShowAccess.Privileges, CIM_PrivilegeManagementService.ShowAccess.OutTargets |
| OUT | boolean | true |
| OutTargets | CIM_ManagedElement[] |
| ArrayType | string | Indexed |
| Description | string | The array of Target REFs corresponding to the individual Privileges and OutSubjects arrays. The resulting OutSubjects, Privileges and OutTargets arrays define the cumulative rights granted between the Subject/Target at the corresponding index (filtered to return the information that the requestor is authorized to view). |
| IN | boolean | false |
| ModelCorrespondence | string | CIM_PrivilegeManagementService.ShowAccess.Target, CIM_PrivilegeManagementService.ShowAccess.Privileges, CIM_PrivilegeManagementService.ShowAccess.OutSubjects |
| OUT | boolean | true |
| Subject |
REF
CIM_ManagedElement |
| Description | string | The Subject parameter references an instance of ManagedElement. The result of this operation is that the cumulative rights of the Subject to access or define authorization rights for the Target will be reported. If no Subject is specified, then a Target MUST be supplied and ALL Subjects that have rights to access or define authorizations for the Target will be reported. (It should be noted that the information reported MUST be filtered by the rights of the requestor to view that data.) If the Subject element is a Collection, then the operation will specifically report the Privileges for all elements associated to the Collection via MemberOfCollection. These elements will be reported individually in the returned OutSubjects array. |
| IN | boolean | true |
| ModelCorrespondence | string | CIM_PrivilegeManagementService.ShowAccess.Target |
| Target |
REF
CIM_ManagedElement |
| Description | string | The Target parameter references an instance of ManagedElement. The result of this operation is that the cumulative rights of the Subject to access or define authorization rights for the Target will be reported. If no Target is specified, then a Subject MUST be supplied and ALL Targets for which that the Subject has rights to access or define authorization will be reported. (It should be noted that the information reported MUST be filtered by the rights of the requestor to view that data.) If the Target element is a Collection, then the operation will be applied to all elements associated to the Collection via MemberOfCollection. These elements will be reported individually in the returned OutTargets array. |
| IN | boolean | true |
| ModelCorrespondence | string | CIM_PrivilegeManagementService.ShowAccess.Subject |
| Name | Data Type | Value |
| Description | string | When this method is called, a provider updates the specified Subject's rights to the Target according to the parameters of this call. The rights are modeled via an AuthorizedPrivilege instance. If an AuthorizedPrivilege instance is created as a result of this call, it MUST be linked to the Subject and Target via the AuthorizedSubject and AuthorizedTarget associations, respectively. When created, the AuthorizedPrivilege instance is associated to this PrivilegeManagementService via ConcreteDependency. If the execution of this call results in no rights between the Subject and Target, then they MUST NOT be linked to a particular AuthorizedPrivilege instance via AuthorizedSubject and AuthorizedTarget respectively.
Note that regardless of whether specified via parameter, or template, the Activities, ActivityQualifiers and QualifierFormats, are mutually indexed. Also note that Subject and Target references MUST be supplied.
The successful completion of the method SHALL create any necessary AuthorizedSubject, AuthorizedTarget, AuthorizedPrivilege, HostedDependency, and ConcreteDependency instances.
Note if an associated PrivilegeManagementCapabilities.SharedPrivilegeSupported is FALSE, then an 'Unsupported Shared Privilege' error will be returned if either the Subjects or the Targets parameter of the AssignAccess method has more than one entry. |
| Experimental | boolean | true |
| ValueMap | string | 0, 1, 2, 3, 4, 5, 6..15999, 16000, 16001, 16002, 16003, 16004, 16005, 16005..31999, 32000..65535 |
| Values | string | Success, Not Supported, Unspecified Error, Timeout, Failed, Invalid Parameter, DMTF Reserved, Unsupported Subject, Unsupported Privilege, Unsupported Target, Authorization Error, NULL not supported, UnSupported Sharing Privileges, Method Reserved, Vendor Specific |
| Name | Type | Qualifiers |
| Name | Data Type | Value |
| PrivilegeGranted | boolean |
| Description | string | MUST be NULL unless Privilege is NULL on input. The PrivilegeGranted flag indicates whether the rights defined by the parameters in this call should be granted or denied to the named Subject/Target pair. |
| IN | boolean | true |
| ModelCorrespondence | string | CIM_AuthorizedPrivilege.PrivilegeGranted, CIM_PrivilegeManagementService.AssignAccess.Privilege |
| Activities | uint16[] |
| ArrayType | string | Indexed |
| Description | string | MUST be NULL unless the Privilege is NULL on input. This parameter specifies the activities to be granted or denied. |
| IN | boolean | true |
| ModelCorrespondence | string | CIM_AuthorizedPrivilege.Activities, CIM_PrivilegeManagementService.AssignAccess.Privilege |
| ValueMap | string | 1, 2, 3, 4, 5, 6, 7, .., 16000..65535 |
| Values | string | Other, Create, Delete, Detect, Read, Write, Execute, DMTF Reserved, Vendor Reserved |
| ActivityQualifiers | string[] |
| ArrayType | string | Indexed |
| Description | string | MUST be NULL unless Privilege is NULL on input. This parameter defines the activity qualifiers for the Activities to be granted or denied. |
| IN | boolean | true |
| ModelCorrespondence | string | CIM_AuthorizedPrivilege.ActivityQualifers, CIM_PrivilegeManagementService.AssignAccess.Privilege |
| QualifierFormats | uint16[] |
| ArrayType | string | Indexed |
| Description | string | MUST be NULL unless Privilege is NULL on input. This parameter defines the qualifier formats for the corresponding ActivityQualifiers. |
| IN | boolean | true |
| ModelCorrespondence | string | CIM_AuthorizedPrivilege.QualifierFormats, CIM_PrivilegeManagementService.AssignAccess.Privilege |
| ValueMap | string | 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, .., 16000..65535 |
| Values | string | Class Name, <Class.>Property, <Class.>Method, Object Reference, Namespace, URL, Directory/File Name, Command Line Instruction, SCSI Command, Packets, DMTF Reserved, Vendor Reserved |
| Privilege |
REF
CIM_AuthorizedPrivilege |
| Description | string | On input, this reference MUST be either NULL or refer to an instance of AuthorizedPrivilege that is used as a template. The rights granted by corresponding entries in the Activities, ActivityQualifiers and QualifierFormats array properties are applied incrementally and do not affect unnamed rights. If the property, PrivilegeGranted, is false, then the named rights are removed. If PrivilegeGranted is True, then the named rights are added. (Note that the RemoveAccess method SHOULD be used to completely remove all privileges between a subject and a target. On output, this property references an AuthorizedPrivilege instance that represents the resulting rights between the named Subject and the named Target. AuthorizedPrivilege instances used as a templates in this property SHOULD have a HostedDependency association to the PriviligeManagementService and SHOULD NOT have any AuthorizedTarget or AuthorizedSubject associations to it. |
| IN | boolean | true |
| OUT | boolean | true |
| Subject |
REF
CIM_ManagedElement |
| Description | string | The Subject parameter is a reference to a ManagedElement instance. This parameter MUST be supplied. |
| IN | boolean | true |
| Required | boolean | true |
| Target |
REF
CIM_ManagedElement |
| Description | string | The Target parameter is a reference to an instance of ManagedElement. This parameter MUST be supplied. |
| IN | boolean | true |
| Required | boolean | true |
| Name | Data Type | Value |
| Description | string | This method revokes a specific AuthorizedPrivilege or all privileges for a particular target, subject, or subject/target pair. If an AuthorizedPrivilege instance is left with no AuthorizedTarget associations, it SHOULD be deleted. The successful completion of the method SHALL remove the directly or indirectly requested AuthorizedSubject, AuthorizedTarget and AuthorizedPrivilege instances. |
| ValueMap | string | 0, 1, 2, 3, 4, 5, 6..15999, 16000, 16001, 16002, 16003, 16004..32767, 32768..65535 |
| Values | string | Success, Not Supported, Unspecified Error, Timeout, Failed, Invalid Parameter, DMTF Reserved, Unsupported Privilege, Unsupported Target, Authorization Error, Null parameter not supported, Method Reserved, Vendor Specific |