| Name | Data Type | Qualifiers |
| Name | Data Type | Value | Scope | Flavors |
| Activities | uint16 |
| ArrayType | string | Indexed | None | OVERRIDABLE= false
|
| Description | string | An enumeration indicating the activities that are granted or denied. These activities apply to all entities specified in the ActivityQualifiers array. The values in the enumeration are straightforward except for one, 4="Detect". This value indicates that the existence or presence of an entity may be determined, but not necessarily specific data (which requires the Read privilege to be true). This activity is exemplified by 'hidden files'- if you list the contents of a directory, you will not see hidden files. However, if you know a specific file name, or know how to expose hidden files, then they can be 'detected'. Another example is the ability to define search privileges in directory implementations. | None | TRANSLATABLE= true |
| ModelCorrespondence | string | CIM_Privilege.ActivityQualifiers | None | None |
| ValueMap | string | 1, 2, 3, 4, 5, 6, 7, .., 16000.. | None | None |
| Values | string | Other, Create, Delete, Detect, Read, Write, Execute, DMTF Reserved, Vendor Reserved | None | TRANSLATABLE= true |
| ActivityQualifiers | string |
| ArrayType | string | Indexed | None | OVERRIDABLE= false
|
| Description | string | The ActivityQualifiers property is an array of string values used to further qualify and specify the privileges granted or denied. For example, it is used to specify a set of files for which 'Read'/'Write' access is permitted or denied. Or, it defines a class' methods that may be 'Executed'. Details on the semantics of the individual entries in ActivityQualifiers are provided by corresponding entries in the QualifierFormats array. | None | TRANSLATABLE= true |
| ModelCorrespondence | string | CIM_Privilege.Activities, CIM_Privilege.QualifierFormats | None | None |
| Caption | string |
| Description | string | The Caption property is a short textual description (one- line string) of the object. | None | TRANSLATABLE= true |
| MaxLen | uint32 | 64 | None | None |
| Description | string |
| Description | string | The Description property provides a textual description of the object. | None | TRANSLATABLE= true |
| ElementName | string |
| Description | string | A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information.
Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties. | None | TRANSLATABLE= true |
| Generation | uint64 |
| Description | string | Generation is an optional, monotonically increasing property that may be used to identify a particular generation of the resource represented by this class.
If Generation is supported by the implementation, its value shall not be null.
Except as otherwise specified, a value (including null) of Generation specified at creation time shall be replaced by null if Generation is not supported by the implementation or shall be a, (possibly different), non-null value if the implementation does support Generation.
After creation and if supported, Generation shall be updated, at least once per access, whenever the represented resource is modified, regardless of the source of the modification.
Note: the Generation value only needs to be updated once between references, even if the resource is updated many times. The key point is to assure that it will be different if there have been updates, not to count each update.
Note: unless otherwise specified, the value of Generation within one instance is not required to be coordinated with the value of Generation in any other instance.
Note:the semantics of the instance, (as defined by its creation class), define the underlying resource. That underlying resource may be a collection or aggregation of resources. And, in that case, the semantics of the instance further define when updates to constituent resources also require updates to the Generation of the collective resource. Default behavior of composite aggregations should be to update the Generation of the composite whenever the Generation of a component is updated.
Subclasses may define additional requirements for updates on some or all of related instances.
For a particular instance, the value of Generation may wrap through zero, but the elapsed time between wraps shall be greater than 10's of years.
This class does not require Generation to be unique across instances of other classes nor across instances of the same class that have different keys. Generation shall be different across power cycles, resets, or reboots if any of those actions results in an update. Generation may be different across power cycles, resets, or reboots if those actions do not result in an update. If the Generation property of an instance is non-null, and if any attempt to update the instance includes the Generation property, then if it doesn't match the current value, the update shall fail.
The usage of this property is intended to be further specified by applicable management profiles.
Typically, a client will read the value of this property and then supply that value as input to an operation that modifies the instance in some means. This may be via an explicit parameter in an extrinsic method or via an embedded value in an extrinsic method or intrinsic operation.
For example: a profile may require that an intrinsic instance modification supply the Generation property and that it must match for the modification to succeed. | None | TRANSLATABLE= true |
| Experimental | boolean | true | TOSUBCLASS= false | None |
| InstanceID | string |
| Description | string | Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. In order to ensure uniqueness within the NameSpace, the value of InstanceID SHOULD be constructed using the following 'preferred' algorithm:
<OrgID>:<LocalID>
Where <OrgID> and <LocalID> are separated by a colon ':', and where <OrgID> MUST include a copyrighted, trademarked or otherwise unique name that is owned by the business entity creating/defining the InstanceID, or is a registered ID that is assigned to the business entity by a recognized global authority. (This is similar to the <Schema Name>_<Class Name> structure of Schema class names.) In addition, to ensure uniqueness <OrgID> MUST NOT contain a colon (':'). When using this algorithm, the first colon to appear in InstanceID MUST appear between <OrgID> and <LocalID>.
<LocalID> is chosen by the business entity and SHOULD not be re-used to identify different underlying (real-world) elements. If the above 'preferred' algorithm is not used, the defining entity MUST assure that the resultant InstanceID is not re-used across any InstanceIDs produced by this or other providers for this instance's NameSpace. For DMTF defined instances, the 'preferred' algorithm MUST be used with the <OrgID> set to 'CIM'. | None | TRANSLATABLE= true |
| Key | boolean | true | None | OVERRIDABLE= false
|
| Override | string | InstanceID | TOSUBCLASS= false | None |
| PrivilegeGranted | boolean |
| Description | string | Boolean indicating whether the Privilege is granted (TRUE) or denied (FALSE). The default is to grant permission. | None | TRANSLATABLE= true |
| QualifierFormats | uint16 |
| ArrayType | string | Indexed | None | OVERRIDABLE= false
|
| Description | string | Defines the semantics of corresponding entries in the ActivityQualifiers array. An example of each of these 'formats' and their use follows:
- 2=Class Name. Example: If the authorization target is a CIM Service or a Namespace, then the ActivityQualifiers entries can define a list of classes that the authorized subject is able to create or delete.
- 3=<Class.>Property. Example: If the authorization target is a CIM Service, Namespace or Collection of instances, then the ActivityQualifiers entries can define the class properties that may or may not be accessed. In this case, the class names are specified with the property names to avoid ambiguity - since a CIM Service, Namespace or Collection could manage multiple classes. On the other hand, if the authorization target is an individual instance, then there is no possible ambiguity and the class name may be omitted. To specify ALL properties, the wildcard string "*" should be used.
- 4=<Class.>Method. This example is very similar to the Property one, above. And, as above, the string "*" may be specified to select ALL methods.
- 5=Object Reference. Example: If the authorization target is a CIM Service or Namespace, then the ActivityQualifiers entries can define a list of object references (as strings) that the authorized subject can access.
- 6=Namespace. Example: If the authorization target is a CIM Service, then the ActivityQualifiers entries can define a list of Namespaces that the authorized subject is able to access.
- 7=URL. Example: An authorization target may not be defined, but a Privilege could be used to deny access to specific URLs by individual Identities or for specific Roles, such as the 'under 17' Role.
- 8=Directory/File Name. Example: If the authorization target is a FileSystem, then the ActivityQualifiers entries can define a list of directories and files whose access is protected.
- 9=Command Line Instruction. Example: If the authorization target is a ComputerSystem or Service, then the ActivityQualifiers entries can define a list of command line instructions that may or may not be 'Executed' by the authorized subjects.
- 10=SCSI Command, using a format of 'CDB=xx[,Page=pp]'. For example, the ability to select the VPD page of the Inquiry command is encoded as 'CDB=12,Page=83' in the corresponding ActivityQualifiers entry. A '*' may be used to indicate all CDBs or Page numbers.
- 11=Packets. Example: The transmission of packets is permitted or denied by the Privilege for the target (a ComputerSystem, ProtocolEndpoint, Pipe, or other ManagedSystemElement). | None | TRANSLATABLE= true |
| ModelCorrespondence | string | CIM_Privilege.ActivityQualifiers | None | None |
| ValueMap | string | 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, .., 16000.. | None | None |
| Values | string | Class Name, <Class.>Property, <Class.>Method, Object Reference, Namespace, URL, Directory/File Name, Command Line Instruction, SCSI Command, Packets, DMTF Reserved, Vendor Reserved | None | TRANSLATABLE= true |
| RepresentsAuthorizationRights | boolean |
| Description | string | The RepresentsAuthorizationRights flag indicates whether the rights defined by this instance should be interpreted as rights of Subjects to access Targets or as rights of Subjects to change those rights on/for Targets. | None | TRANSLATABLE= true |
| Experimental | boolean | true | TOSUBCLASS= false | None |
Copyright © 2008-2010 VMware, Inc. All rights reserved.