Class CIM_Role
extends CIM_Collection

The Role object class is used to represent a position or set of responsibilities within an organization, organizational unit or other scope, and MAY be filled by a person or persons (or non-human entities represented by ManagedSystemElement subclasses) - i.e., the 'role occupants'. The latter MAY be explicitly associated to a Role, by associating Identities using MemberOfCollection. The 'position or set of responsibilities' of a Role are represented as a set of rights defined by instances of the Privilege class, and are also associated to the Role via MemberOfCollection. If Identities are not explicitly associated, instances of AuthorizationRule MUST be associated with a Role using AuthorizationRuleAppliesToRole. The rule defines how subject entities are authorized for a Role and to which target entities the Role applies. The Role class is defined so as to incorporate commonly-used LDAP attributes to permit implementations to easily derive this information from LDAP-accessible directories. This class's properties are a subset of a related class, OtherRoleInformation, which defines all the group properties and uses arrays for directory compatibility.

Table of Contents
Hierarchy
Direct Known Subclasses
Class Qualifiers
Class Properties
Class Methods


Class Hierarchy

CIM_ManagedElement
   |
   +--CIM_Collection
   |
   +--CIM_Role

Direct Known Subclasses

Class Qualifiers

NameData TypeValue
DescriptionstringThe Role object class is used to represent a position or set of responsibilities within an organization, organizational unit or other scope, and MAY be filled by a person or persons (or non-human entities represented by ManagedSystemElement subclasses) - i.e., the 'role occupants'. The latter MAY be explicitly associated to a Role, by associating Identities using MemberOfCollection. The 'position or set of responsibilities' of a Role are represented as a set of rights defined by instances of the Privilege class, and are also associated to the Role via MemberOfCollection. If Identities are not explicitly associated, instances of AuthorizationRule MUST be associated with a Role using AuthorizationRuleAppliesToRole. The rule defines how subject entities are authorized for a Role and to which target entities the Role applies. The Role class is defined so as to incorporate commonly-used LDAP attributes to permit implementations to easily derive this information from LDAP-accessible directories. This class's properties are a subset of a related class, OtherRoleInformation, which defines all the group properties and uses arrays for directory compatibility.
UMLPackagePathstringCIM::User::Role
Versionstring2.18.0

Class Properties

Local Class Properties

NameData TypeDefault ValueQualifiers
NameData TypeValue
BusinessCategorystring
DescriptionstringThis property may be used to describe the kind of business activity performed by the members (role occupants) in the position or set of responsibilities represented by the Role.
MaxLenuint32128
CommonNamestring
DescriptionstringA Common Name is a (possibly ambiguous) name by which the role is commonly known in some limited scope (such as an organization) and conforms to the naming conventions of the country or culture with which it is associated.
Requiredbooleantrue
CreationClassNamestring
DescriptionstringCreationClassName indicates the name of the class or the subclass used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified.
Keybooleantrue
MaxLenuint32256
Namestring
DescriptionstringThe Name property defines the label by which the object is known. In the case of an LDAP-derived instance, the Name property value may be set to the distinguished name of the LDAP-accessed object instance.
Keybooleantrue
MaxLenuint321024
RoleCharacteristicsuint16[]
DescriptionstringRoleCharacteristics provides descriptive information about the intended usage of the Role. When the value 2 "Static" is specified, no modification to the role shall be allowed. Any requests by client to change the privileges or the scope of the role by modifying the associated instances of CIM_Privilege or referencing associations shall fail. When the value 2 "Static" is not specified, the instance of CIM_Role may be modified by a client. The modification may include changing the scope of the role or rights granted. When the value 3 "Opaque" is specified, the rights granted by the CIM_Role instance shall not be explicitly modeled through aggregation of instances of CIM_Privilege. When the value 3 "Opaque" is not specified, the rights granted by the instance of CIM_Role shall be explicitly modeled through aggregation of instances of CIM_Privilege.
ValueMapstring2, 3, .., 32000..65535
ValuesstringStatic, Opaque, DMTF Reserved, Vendor Specific

Inherited Properties

NameData Type
Captionstring
Descriptionstring
ElementNamestring
Generationuint64
InstanceIDstring

Class Methods