Class CIM_AuthorizationRule
extends CIM_PolicyRule

A class representing a company's and/or administrator's rules with respect to authorizing Identities (subjects), for access of target elements, based on associated Privileges/Roles. This includes dynamically permitting and denying access, statically adding or removing Identities (i.e., Subjects) and Targets to/from Roles via the MemberOfCollection and RoleLimitedToTarget associations, and adding or removing AuthorizedSubject and AuthorizedTarget associations when AuthorizedPrivilege classes are implemented. Explaining this in more detail: If a request is made to access a target element associated to this AuthorizationRule via AuthorizationRuleAppliesToTarget, the rights to execute the request are verified by searching for matching Privilege instances and an associated Identity that is tied to the requestor. An Identity is associated to the rule using AuthorizationRuleAppliesToSubject. The associations of Privileges to an AuthorizationRule are either individually using AuthorizationRuleAppliesToPrivilege, or via collection into a Role class (where the Role is associated to the rule using AuthorizationRuleAppliesToRole). If the Identity's CurrentlyAuthorized property is TRUE and a corresponding 'granting' Privilege is defined, then the request for access is authorized. If any of the preceding conditions do not hold, then the request is denied. Note that the evaluation of the AuthorizationRule's conditions MAY result in the 'static' instantiation of associations to AuthorizedPrivilege or Role - that are then traversed to determine access. Targets MAY be statically associated to Privileges or Roles using the AuthorizedTarget and RoleLimitedToTarget relationships, respectively. Identities MAY be statically associated to Privileges or Roles using the AuthorizedSubject and MemberOfCollection relationships, respectively.

Table of Contents
Hierarchy
Direct Known Subclasses
Class Qualifiers
Class Properties
Class Methods


Class Hierarchy

CIM_ManagedElement
   |
   +--CIM_Policy
   |
   +--CIM_PolicySet
   |
   +--CIM_PolicyRule
   |
   +--CIM_AuthorizationRule

Direct Known Subclasses

Class Qualifiers

NameData TypeValue
DescriptionstringA class representing a company's and/or administrator's rules with respect to authorizing Identities (subjects), for access of target elements, based on associated Privileges/Roles. This includes dynamically permitting and denying access, statically adding or removing Identities (i.e., Subjects) and Targets to/from Roles via the MemberOfCollection and RoleLimitedToTarget associations, and adding or removing AuthorizedSubject and AuthorizedTarget associations when AuthorizedPrivilege classes are implemented. Explaining this in more detail: If a request is made to access a target element associated to this AuthorizationRule via AuthorizationRuleAppliesToTarget, the rights to execute the request are verified by searching for matching Privilege instances and an associated Identity that is tied to the requestor. An Identity is associated to the rule using AuthorizationRuleAppliesToSubject. The associations of Privileges to an AuthorizationRule are either individually using AuthorizationRuleAppliesToPrivilege, or via collection into a Role class (where the Role is associated to the rule using AuthorizationRuleAppliesToRole). If the Identity's CurrentlyAuthorized property is TRUE and a corresponding 'granting' Privilege is defined, then the request for access is authorized. If any of the preceding conditions do not hold, then the request is denied. Note that the evaluation of the AuthorizationRule's conditions MAY result in the 'static' instantiation of associations to AuthorizedPrivilege or Role - that are then traversed to determine access. Targets MAY be statically associated to Privileges or Roles using the AuthorizedTarget and RoleLimitedToTarget relationships, respectively. Identities MAY be statically associated to Privileges or Roles using the AuthorizedSubject and MemberOfCollection relationships, respectively.
Experimentalbooleantrue
UMLPackagePathstringCIM::Policy
Versionstring2.8.1000

Class Properties

Inherited Properties

NameData Type
Captionstring
CommonNamestring
ConditionListTypeuint16
CreationClassNamestring
Descriptionstring
ElementNamestring
Enableduint16
ExecutionStrategyuint16
Generationuint64
InstanceIDstring
Mandatoryboolean
PolicyDecisionStrategyuint16
PolicyRuleNamestring
Priorityuint16
RuleUsagestring
SequencedActionsuint16
SystemCreationClassNamestring
SystemNamestring
PolicyKeywordsstring[]
PolicyRolesstring[]

Class Methods