Class CIM_RoleBasedAuthorizationService
extends CIM_PrivilegeManagementService

The CIM_RoleBasedAuthorizationService class represents the authorization service that manages and configures roles on a managed system. The CIM_RoleBasedAuthorizationService is responsible for creating, and deleting CIM_Role instances. Privileges of the roles are represented through the instance(s) of CIM_Privilege class associated to CIM_Role instances through the CIM_MemberOfCollection association. As a result of creating, and deleting CIM_Role instances the CIM_Privilege instances can also be affected. The limiting scope of the role is determined by the CIM_RoleLimitedToTarget association.

Table of Contents
Hierarchy
Direct Known Subclasses
Class Qualifiers
Class Properties
Class Methods


Class Hierarchy

CIM_ManagedElement
   |
   +--CIM_ManagedSystemElement
   |
   +--CIM_LogicalElement
   |
   +--CIM_EnabledLogicalElement
   |
   +--CIM_Service
   |
   +--CIM_SecurityService
   |
   +--CIM_AuthorizationService
   |
   +--CIM_PrivilegeManagementService
   |
   +--CIM_RoleBasedAuthorizationService

Direct Known Subclasses

Class Qualifiers

NameData TypeValue
DescriptionstringThe CIM_RoleBasedAuthorizationService class represents the authorization service that manages and configures roles on a managed system. The CIM_RoleBasedAuthorizationService is responsible for creating, and deleting CIM_Role instances. Privileges of the roles are represented through the instance(s) of CIM_Privilege class associated to CIM_Role instances through the CIM_MemberOfCollection association. As a result of creating, and deleting CIM_Role instances the CIM_Privilege instances can also be affected. The limiting scope of the role is determined by the CIM_RoleLimitedToTarget association.
Experimentalbooleantrue
UMLPackagePathstringCIM::User::Role
Versionstring2.37.0

Class Properties

Inherited Properties

NameData TypeClass Origin
CaptionstringCIM_ManagedElement
CommunicationStatusuint16CIM_ManagedSystemElement
CreationClassNamestringCIM_Service
DescriptionstringCIM_ManagedElement
DetailedStatusuint16CIM_ManagedSystemElement
ElementNamestringCIM_ManagedElement
EnabledDefaultuint16CIM_EnabledLogicalElement
EnabledStateuint16CIM_EnabledLogicalElement
Generationuint64CIM_ManagedElement
HealthStateuint16CIM_ManagedSystemElement
InstallDatedatetimeCIM_ManagedSystemElement
InstanceIDstringCIM_ManagedElement
LoSIDstringCIM_Service
LoSOrgIDstringCIM_Service
NamestringCIM_Service
OperatingStatusuint16CIM_ManagedSystemElement
OtherEnabledStatestringCIM_EnabledLogicalElement
PrimaryOwnerContactstringCIM_Service
PrimaryOwnerNamestringCIM_Service
PrimaryStatusuint16CIM_ManagedSystemElement
RequestedStateuint16CIM_EnabledLogicalElement
StartedbooleanCIM_Service
StartModestringCIM_Service
StatusstringCIM_ManagedSystemElement
SystemCreationClassNamestringCIM_Service
SystemNamestringCIM_Service
TimeOfLastStateChangedatetimeCIM_EnabledLogicalElement
TransitioningToStateuint16CIM_EnabledLogicalElement
AvailableRequestedStatesuint16[]CIM_EnabledLogicalElement
OperationalStatusuint16[]CIM_ManagedSystemElement
StatusDescriptionsstring[]CIM_ManagedSystemElement

Class Methods

Local Class Methods

AssignRoles (uint32)

Method Qualifiers (AssignRoles)

NameData TypeValue
DescriptionstringAssignRoles() removes a security principal from any Roles to which it currently belongs and assigns it to the Roles identified by the Roles[] parameter. Upon successful completion of the method, the instance of CIM_Identity identified by the Identity parameter shall be associated to each Role referenced by the Roles parameter through the CIM_MemberOfCollection association and shall not be associated to an instance of CIM_Role unless a reference to it is contained in the Roles parameter.
ValueMapstring0, 1, 2, .., 32000..65535
ValuesstringSuccess, Not Supported, Failed, Method Reserved, Vendor Specific

Method Parameters (AssignRoles)

NameTypeQualifiers
NameData TypeValue
RolesCIM_Role[]
DescriptionstringThe set of Roles to which the Identity will be associated through CIM_MemberOfCollection. If the Roles parameter is an empty array, then the successful execution of the method will unassign all the roles from the identity represented by the Identity parameter.
INbooleantrue
Requiredbooleantrue
Identity REF CIM_Identity
DescriptionstringThe Identity instance representing the security principal whose role membership is being modified.
INbooleantrue
Requiredbooleantrue

ModifyRole (uint32)

Method Qualifiers (ModifyRole)

NameData TypeValue
DescriptionstringModifyRole method modifies the privileges and the scope of the specified instance of the targeted CIM_Role instance. The call may result in the creation, deletion, or modification of CIM_Privilege instances. The call may result in the creation and deletion of CIM_RoleLimitedTarget association instances.
ValueMapstring0, 1, 2, 3, 4, 5, 6, .., 32000..65535
ValuesstringSuccess, Not Supported, Unknown, Timeout, Failed, Invalid Parameter, Inappropriate Privilege, DMTF Reserved, Vendor Specific

Method Parameters (ModifyRole)

NameTypeQualifiers
NameData TypeValue
Privilegesstring[]
DescriptionstringPrivileges parameter represents the desired privileges for the targeted role. When this parameter is non-null, upon successful completion of the method, the instances of CIM_Privilege associated with the targeted CIM_Role instance shall convey equivalent privileges as those indicated by the specified embedded CIM_Privilege instances. The Privilege parameter is an array of elements of CIM_Privilege, encoded as a string valued embedded instance parameter. The embedded instances allow the client to convey the privileges desired for the targeted CIM_Role instance. The method may result in the creation, deletion, or modification of the CIM_Privilege instances. The rights indicated by a CIM_Privilege may be revoked by passing the embedded instance of CIM_Privilege with PrivilegeGranted property set to "FALSE.". When the parameter is null, the privileges for the CIM_Role shall not be modified.
EmbeddedInstancestringCIM_Privilege
INbooleantrue
RoleLimitedToTargetsCIM_ManagedElement[]
DescriptionstringRoleLimitedToTargets parameter references all of the CIM_ManagedElement instances to which the role shall be limited. When this parameter is non-null, upon successful completion of the method, the targeted CIM_Role instanceshall be associated through the CIM_RoleLimitedToTarget association with only the specified instances of CIM_ManagedElement. This may result in the creation and deletion of instances of CIM_RoleLimitedToTarget. When this parameter is null, the set of instances of CIM_RoleLimitedToTarget that reference the targeted CIM_Role instance shall not be modified.
INbooleantrue
Role REF CIM_Role
DescriptionstringRole parameter is the reference to the targeted CIM_Role instance for which the privileges will be modified.
INbooleantrue
Requiredbooleantrue

ShowRoles (uint32)

Method Qualifiers (ShowRoles)

NameData TypeValue
DescriptionstringShowRoles reports the Privileges (i.e., rights) granted to a particular Subject, for a particular Target, or to a particular Subject for a particular Target through membership in, or scoping to instances of CIM_Role. The Subject parameter, Target parameter, or both shall be specified. When the Subject parameter is specified and the Target parameter is not specified, the method shall return all of Roles to which the subject is associated through CIM_MemberOfCollection. When Target parameter is specified and the Subject parameter is not specified, the method shall all instances of CIM_Role within whose scope the Target Parameter lies. When the Subject parameter and Target parameter are both specified, the method shall return an instance of CIM_Role if and only if the Subject Parameter is associated to the instance of CIM_Role through CIM_MemberOfCollection and the Target Parameter lies within the scope of the instance of CIM_Role. For each instance of CIM_Role returned in the Roles parameter, the corresponding index of the Privileges parameter may contain an instance of CIM_Privilege. The corresponding index of the Privileges parameter may be null when rights granted through a CIM_Role are not explicitly managed, or when there are not currently any instances of CIM_Privilege associated with the CIM_Role instance. When the corresponding index of of the Privileges parameter is non-null, the embedded instance of CIM_Privilege shall reflect the cumulative rights granted through membership in the Role. Each embedded instance of CIM_Role contained in the Roles parameter shall correspond to an instrumented instance of CIM_Role. Each embedded instance of CIM_Privilege contained in the Privileges parameter may correspond to an instance of CIM_Privilege associated to the corresponding instance of CIM_Role through the CIM_MemberOfCollection. However, this is not required. Embedded instances of CIM_Role are returned rather than References in order to simplify the query operation for clients. The properties of the instances of CIM_Role provide context to aid a client in selecting which instance(s) to modify in order to change the privileges of a Subject or for a Target.
ValueMapstring0, 1, 2, .., 32000..65535
ValuesstringSuccess, Not Supported, Failed, Method Reserved, Vendor Specific

Method Parameters (ShowRoles)

NameTypeQualifiers
NameData TypeValue
Privilegesstring[]
ArrayTypestringIndexed
DescriptionstringThe cumulative rights granted through membership in the instance of CIM_Role located at the same array index in the Roles parameter.
EmbeddedInstancestringCIM_Privilege
INbooleanfalse
ModelCorrespondencestringCIM_PrivilegeManagementService.ShowAccess(Privileges)
OUTbooleantrue
Rolesstring[]
ArrayTypestringIndexed
DescriptionstringThe set of instances of CIM_Role filtered according to the Subject and Target parameters.
EmbeddedInstancestringCIM_Role
INbooleanfalse
ModelCorrespondencestringCIM_PrivilegeManagementService.ShowAccess(Privileges)
OUTbooleantrue
Subject REF CIM_Identity
DescriptionstringThe Subject parameter identifies the instance of CIM_Identity whose containing instances of CIM_Role will be returned.
INbooleantrue
Target REF CIM_ManagedElement
DescriptionstringThe Target parameter identifies an instance of CIM_ManagedElement whose scoping instances of CIM_Role will be returned.
INbooleantrue

CreateRole (uint32)

Method Qualifiers (CreateRole)

NameData TypeValue
DescriptionstringThe CreateRole method creates a new instance of CIM_Role with the specified privileges. If the NewRole parameter is specified, the embedded instance will be used as a template for the newly created CIM_Role instance. If the NewRole parameter is not specified, the method will create a default instance of CIM_Role that is implementation specific. In order to be meaningful, a Role requires a set of associated privileges, thus an array of embedded instances of CIM_Privilege is provided as a parameter. An implementation may not support the creation of a Role with the privileges indicated by the specified combination of CIM_Privilege instances. The implementation will create new instances of CIM_Privilege as needed to enable the implementation to represent the rights granted to the new instance of Role. The implementation will associate these Privilege instances to CIM_Role via MemberOfCollection. If the RoleLimitedToTargets parameter is specified, the scope of the new role will be limited to the CIM_ManagedElement instances whose references are specified. For each CIM_ManagedElement specified, the implementation will create an instance of CIM_RoleLimitedToTarget which references CIM_ManagedElement instance and the created instance of CIM_Role. If the RoleLimitedToTargets parameter is not specified, the Role applies to all resources in the target namespace.
Experimentalbooleantrue
ValueMapstring0, 1, 2, 3, 4, 5, 6, .., 32000..65535
ValuesstringSuccess, Not Supported, Unknown, Timeout, Failed, Invalid Parameter, Inappropriate Privilege, DMTF Reserved, Vendor Specific

Method Parameters (CreateRole)

NameTypeQualifiers
NameData TypeValue
RoleTemplatestring
DescriptionstringNewRole parameter is the desired CIM_Role instance to be created. This is an element of class CIM_Role, encoded as a string-valued embedded instance parameter. The embedded instance allows the client to specify the properties desired for the new CIM_Role instance.
EmbeddedInstancestringCIM_Role
INbooleantrue
Privilegesstring[]
DescriptionstringPrivileges parameter is the desired CIM_Privilege instances to be associated with the new role. This is an array of elements of class CIM_Privilege, encoded as a string-valued embedded instance parameter. The embedded instances allow the client to specify the properties desired for the CIM_Privilege instances to be associated to the new CIM_Role instance through CIM_MemberOfCollection association.
EmbeddedInstancestringCIM_Privilege
INbooleantrue
Requiredbooleantrue
RoleLimitedToTargetsCIM_ManagedElement[]
DescriptionstringRoleLimitedToTargets parameter references CIM_ManagedElement instances that the new role will be limited to. The call will create CIM_RoleLimitedToTarget association instances between the new CIM_Role instance and the referenced CIM_ManagedElement instances that the role is limited to.
INbooleantrue
OwningSystem REF CIM_System
DescriptionstringIf present, CIM_OwningSystem defines a System to which an CIM_OwningCollectionElement association to the new CIM_Role shall be instantiated.
INbooleantrue
Role REF CIM_Role
DescriptionstringRole is an output parameter that per successful execution of the method will contain the reference to the newly created CIM_Role instance.
INbooleanfalse
OUTbooleantrue

DeleteRole (uint32)

Method Qualifiers (DeleteRole)

NameData TypeValue
DescriptionstringDeleteRole method deletes the CIM_Role instance referenced in the call. This method will delete each instance of CIM_MemberOfCollection and CIM_RoleLimitedToTarget that references the specified instance of CIM_Role. Any instances of CIM_Privilege that are associated with the this instance of CIM_Role and no other instances will also be deleted, as well as the CIM_MemberOfCollection associations that associate the CIM_Privilege with the CIM_Role.
Experimentalbooleantrue
ValueMapstring0, 1, 2, 3, 4, 5, .., 32000..65535
ValuesstringSuccess, Not Supported, Unknown, Timeout, Failed, Invalid Parameter, DMTF Reserved, Vendor Specific

Method Parameters (DeleteRole)

NameTypeQualifiers
NameData TypeValue
Role REF CIM_Role
DescriptionstringRole parameter is the reference to the Role instance to be deleted.
INbooleantrue
Requiredbooleantrue

Inherited Class Methods

NameReturn TypeClass Origin
AssignAccessuint32CIM_PrivilegeManagementService
ChangeAffectedElementsAssignedSequenceuint32CIM_Service
RemoveAccessuint32CIM_PrivilegeManagementService
RequestStateChangeuint32CIM_EnabledLogicalElement
ShowAccessuint32CIM_PrivilegeManagementService
StartServiceuint32CIM_Service
StopServiceuint32CIM_Service