Class CIM_RoleBasedAuthorizationService
extends CIM_PrivilegeManagementService

The CIM_RoleBasedAuthorizationService class represents the authorization service that manages and configures roles on a managed system. The CIM_RoleBasedAuthorizationService is responsible for creating, and deleting CIM_Role instances. Privileges of the roles are represented through the instance(s) of CIM_Privilege class associated to CIM_Role instances through the CIM_MemberOfCollection association. As a result of creating, and deleting CIM_Role instances the CIM_Privilege instances can also be affected. The limiting scope of the role is determined by the CIM_RoleLimitedToTarget association.

Table of Contents
Hierarchy
Direct Known Subclasses
Class Qualifiers
Class Properties
Class Methods

Class Hierarchy

Direct Known Subclasses

Class Qualifiers

Name	Data Type	Value
Description	string	The CIM_RoleBasedAuthorizationService class represents the authorization service that manages and configures roles on a managed system. The CIM_RoleBasedAuthorizationService is responsible for creating, and deleting CIM_Role instances. Privileges of the roles are represented through the instance(s) of CIM_Privilege class associated to CIM_Role instances through the CIM_MemberOfCollection association. As a result of creating, and deleting CIM_Role instances the CIM_Privilege instances can also be affected. The limiting scope of the role is determined by the CIM_RoleLimitedToTarget association.
Experimental	boolean	true
UMLPackagePath	string	CIM::User::Role
Version	string	2.37.0

Class Properties

Inherited Properties

Name	Data Type	Class Origin
Caption	string	CIM_ManagedElement
CommunicationStatus	uint16	CIM_ManagedSystemElement
CreationClassName	string	CIM_Service
Description	string	CIM_ManagedElement
DetailedStatus	uint16	CIM_ManagedSystemElement
ElementName	string	CIM_ManagedElement
EnabledDefault	uint16	CIM_EnabledLogicalElement
EnabledState	uint16	CIM_EnabledLogicalElement
Generation	uint64	CIM_ManagedElement
HealthState	uint16	CIM_ManagedSystemElement
InstallDate	datetime	CIM_ManagedSystemElement
InstanceID	string	CIM_ManagedElement
LoSID	string	CIM_Service
LoSOrgID	string	CIM_Service
Name	string	CIM_Service
OperatingStatus	uint16	CIM_ManagedSystemElement
OtherEnabledState	string	CIM_EnabledLogicalElement
PrimaryOwnerContact	string	CIM_Service
PrimaryOwnerName	string	CIM_Service
PrimaryStatus	uint16	CIM_ManagedSystemElement
RequestedState	uint16	CIM_EnabledLogicalElement
Started	boolean	CIM_Service
StartMode	string	CIM_Service
Status	string	CIM_ManagedSystemElement
SystemCreationClassName	string	CIM_Service
SystemName	string	CIM_Service
TimeOfLastStateChange	datetime	CIM_EnabledLogicalElement
TransitioningToState	uint16	CIM_EnabledLogicalElement
AvailableRequestedStates	uint16[]	CIM_EnabledLogicalElement
OperationalStatus	uint16[]	CIM_ManagedSystemElement
StatusDescriptions	string[]	CIM_ManagedSystemElement

Class Methods

Local Class Methods

AssignRoles (uint32)

Method Qualifiers (AssignRoles)

Name	Data Type	Value
Description	string	AssignRoles() removes a security principal from any Roles to which it currently belongs and assigns it to the Roles identified by the Roles[] parameter. Upon successful completion of the method, the instance of CIM_Identity identified by the Identity parameter shall be associated to each Role referenced by the Roles parameter through the CIM_MemberOfCollection association and shall not be associated to an instance of CIM_Role unless a reference to it is contained in the Roles parameter.
ValueMap	string	0, 1, 2, .., 32000..65535
Values	string	Success, Not Supported, Failed, Method Reserved, Vendor Specific

Method Parameters (AssignRoles)

Name	Type	Qualifiers
Name	Type	Name	Data Type	Value
Roles	CIM_Role[]
		Description	string	The set of Roles to which the Identity will be associated through CIM_MemberOfCollection. If the Roles parameter is an empty array, then the successful execution of the method will unassign all the roles from the identity represented by the Identity parameter.
		IN	boolean	true
		Required	boolean	true
Identity	REF CIM_Identity
		Description	string	The Identity instance representing the security principal whose role membership is being modified.
		IN	boolean	true
		Required	boolean	true

ModifyRole (uint32)

Method Qualifiers (ModifyRole)

Name	Data Type	Value
Description	string	ModifyRole method modifies the privileges and the scope of the specified instance of the targeted CIM_Role instance. The call may result in the creation, deletion, or modification of CIM_Privilege instances. The call may result in the creation and deletion of CIM_RoleLimitedTarget association instances.
ValueMap	string	0, 1, 2, 3, 4, 5, 6, .., 32000..65535
Values	string	Success, Not Supported, Unknown, Timeout, Failed, Invalid Parameter, Inappropriate Privilege, DMTF Reserved, Vendor Specific

Method Parameters (ModifyRole)

Name	Type	Qualifiers
Name	Type	Name	Data Type	Value
Privileges	string[]
		Description	string	Privileges parameter represents the desired privileges for the targeted role. When this parameter is non-null, upon successful completion of the method, the instances of CIM_Privilege associated with the targeted CIM_Role instance shall convey equivalent privileges as those indicated by the specified embedded CIM_Privilege instances. The Privilege parameter is an array of elements of CIM_Privilege, encoded as a string valued embedded instance parameter. The embedded instances allow the client to convey the privileges desired for the targeted CIM_Role instance. The method may result in the creation, deletion, or modification of the CIM_Privilege instances. The rights indicated by a CIM_Privilege may be revoked by passing the embedded instance of CIM_Privilege with PrivilegeGranted property set to "FALSE.". When the parameter is null, the privileges for the CIM_Role shall not be modified.
		EmbeddedInstance	string	CIM_Privilege
		IN	boolean	true
RoleLimitedToTargets	CIM_ManagedElement[]
		Description	string	RoleLimitedToTargets parameter references all of the CIM_ManagedElement instances to which the role shall be limited. When this parameter is non-null, upon successful completion of the method, the targeted CIM_Role instanceshall be associated through the CIM_RoleLimitedToTarget association with only the specified instances of CIM_ManagedElement. This may result in the creation and deletion of instances of CIM_RoleLimitedToTarget. When this parameter is null, the set of instances of CIM_RoleLimitedToTarget that reference the targeted CIM_Role instance shall not be modified.
		IN	boolean	true
Role	REF CIM_Role
		Description	string	Role parameter is the reference to the targeted CIM_Role instance for which the privileges will be modified.
		IN	boolean	true
		Required	boolean	true

ShowRoles (uint32)

Method Qualifiers (ShowRoles)

Name	Data Type	Value
Description	string	ShowRoles reports the Privileges (i.e., rights) granted to a particular Subject, for a particular Target, or to a particular Subject for a particular Target through membership in, or scoping to instances of CIM_Role. The Subject parameter, Target parameter, or both shall be specified. When the Subject parameter is specified and the Target parameter is not specified, the method shall return all of Roles to which the subject is associated through CIM_MemberOfCollection. When Target parameter is specified and the Subject parameter is not specified, the method shall all instances of CIM_Role within whose scope the Target Parameter lies. When the Subject parameter and Target parameter are both specified, the method shall return an instance of CIM_Role if and only if the Subject Parameter is associated to the instance of CIM_Role through CIM_MemberOfCollection and the Target Parameter lies within the scope of the instance of CIM_Role. For each instance of CIM_Role returned in the Roles parameter, the corresponding index of the Privileges parameter may contain an instance of CIM_Privilege. The corresponding index of the Privileges parameter may be null when rights granted through a CIM_Role are not explicitly managed, or when there are not currently any instances of CIM_Privilege associated with the CIM_Role instance. When the corresponding index of of the Privileges parameter is non-null, the embedded instance of CIM_Privilege shall reflect the cumulative rights granted through membership in the Role. Each embedded instance of CIM_Role contained in the Roles parameter shall correspond to an instrumented instance of CIM_Role. Each embedded instance of CIM_Privilege contained in the Privileges parameter may correspond to an instance of CIM_Privilege associated to the corresponding instance of CIM_Role through the CIM_MemberOfCollection. However, this is not required. Embedded instances of CIM_Role are returned rather than References in order to simplify the query operation for clients. The properties of the instances of CIM_Role provide context to aid a client in selecting which instance(s) to modify in order to change the privileges of a Subject or for a Target.
ValueMap	string	0, 1, 2, .., 32000..65535
Values	string	Success, Not Supported, Failed, Method Reserved, Vendor Specific

Method Parameters (ShowRoles)

Name	Type	Qualifiers
Name	Type	Name	Data Type	Value
Privileges	string[]
		ArrayType	string	Indexed
		Description	string	The cumulative rights granted through membership in the instance of CIM_Role located at the same array index in the Roles parameter.
		EmbeddedInstance	string	CIM_Privilege
		IN	boolean	false
		ModelCorrespondence	string	CIM_PrivilegeManagementService.ShowAccess(Privileges)
		OUT	boolean	true
Roles	string[]
		ArrayType	string	Indexed
		Description	string	The set of instances of CIM_Role filtered according to the Subject and Target parameters.
		EmbeddedInstance	string	CIM_Role
		IN	boolean	false
		ModelCorrespondence	string	CIM_PrivilegeManagementService.ShowAccess(Privileges)
		OUT	boolean	true
Subject	REF CIM_Identity
		Description	string	The Subject parameter identifies the instance of CIM_Identity whose containing instances of CIM_Role will be returned.
		IN	boolean	true
Target	REF CIM_ManagedElement
		Description	string	The Target parameter identifies an instance of CIM_ManagedElement whose scoping instances of CIM_Role will be returned.
		IN	boolean	true

CreateRole (uint32)

Method Qualifiers (CreateRole)

Name	Data Type	Value
Description	string	The CreateRole method creates a new instance of CIM_Role with the specified privileges. If the NewRole parameter is specified, the embedded instance will be used as a template for the newly created CIM_Role instance. If the NewRole parameter is not specified, the method will create a default instance of CIM_Role that is implementation specific. In order to be meaningful, a Role requires a set of associated privileges, thus an array of embedded instances of CIM_Privilege is provided as a parameter. An implementation may not support the creation of a Role with the privileges indicated by the specified combination of CIM_Privilege instances. The implementation will create new instances of CIM_Privilege as needed to enable the implementation to represent the rights granted to the new instance of Role. The implementation will associate these Privilege instances to CIM_Role via MemberOfCollection. If the RoleLimitedToTargets parameter is specified, the scope of the new role will be limited to the CIM_ManagedElement instances whose references are specified. For each CIM_ManagedElement specified, the implementation will create an instance of CIM_RoleLimitedToTarget which references CIM_ManagedElement instance and the created instance of CIM_Role. If the RoleLimitedToTargets parameter is not specified, the Role applies to all resources in the target namespace.
Experimental	boolean	true
ValueMap	string	0, 1, 2, 3, 4, 5, 6, .., 32000..65535
Values	string	Success, Not Supported, Unknown, Timeout, Failed, Invalid Parameter, Inappropriate Privilege, DMTF Reserved, Vendor Specific

Method Parameters (CreateRole)

Name	Type	Qualifiers
Name	Type	Name	Data Type	Value
RoleTemplate	string
		Description	string	NewRole parameter is the desired CIM_Role instance to be created. This is an element of class CIM_Role, encoded as a string-valued embedded instance parameter. The embedded instance allows the client to specify the properties desired for the new CIM_Role instance.
		EmbeddedInstance	string	CIM_Role
		IN	boolean	true
Privileges	string[]
		Description	string	Privileges parameter is the desired CIM_Privilege instances to be associated with the new role. This is an array of elements of class CIM_Privilege, encoded as a string-valued embedded instance parameter. The embedded instances allow the client to specify the properties desired for the CIM_Privilege instances to be associated to the new CIM_Role instance through CIM_MemberOfCollection association.
		EmbeddedInstance	string	CIM_Privilege
		IN	boolean	true
		Required	boolean	true
RoleLimitedToTargets	CIM_ManagedElement[]
		Description	string	RoleLimitedToTargets parameter references CIM_ManagedElement instances that the new role will be limited to. The call will create CIM_RoleLimitedToTarget association instances between the new CIM_Role instance and the referenced CIM_ManagedElement instances that the role is limited to.
		IN	boolean	true
OwningSystem	REF CIM_System
		Description	string	If present, CIM_OwningSystem defines a System to which an CIM_OwningCollectionElement association to the new CIM_Role shall be instantiated.
		IN	boolean	true
Role	REF CIM_Role
		Description	string	Role is an output parameter that per successful execution of the method will contain the reference to the newly created CIM_Role instance.
		IN	boolean	false
		OUT	boolean	true

DeleteRole (uint32)

Method Qualifiers (DeleteRole)

Name	Data Type	Value
Description	string	DeleteRole method deletes the CIM_Role instance referenced in the call. This method will delete each instance of CIM_MemberOfCollection and CIM_RoleLimitedToTarget that references the specified instance of CIM_Role. Any instances of CIM_Privilege that are associated with the this instance of CIM_Role and no other instances will also be deleted, as well as the CIM_MemberOfCollection associations that associate the CIM_Privilege with the CIM_Role.
Experimental	boolean	true
ValueMap	string	0, 1, 2, 3, 4, 5, .., 32000..65535
Values	string	Success, Not Supported, Unknown, Timeout, Failed, Invalid Parameter, DMTF Reserved, Vendor Specific

Method Parameters (DeleteRole)

Name	Type	Qualifiers
Name	Type	Name	Data Type	Value
Role	REF CIM_Role
		Description	string	Role parameter is the reference to the Role instance to be deleted.
		IN	boolean	true
		Required	boolean	true

Inherited Class Methods

Name	Return Type	Class Origin
AssignAccess	uint32	CIM_PrivilegeManagementService
ChangeAffectedElementsAssignedSequence	uint32	CIM_Service
RemoveAccess	uint32	CIM_PrivilegeManagementService
RequestStateChange	uint32	CIM_EnabledLogicalElement
ShowAccess	uint32	CIM_PrivilegeManagementService
StartService	uint32	CIM_Service
StopService	uint32	CIM_Service

Class CIM_RoleBasedAuthorizationServiceextends CIM_PrivilegeManagementService

Table of Contents Hierarchy Direct Known Subclasses Class Qualifiers Class Properties Class Methods