| Name | Data Type | Qualifiers |
| Name | Data Type | Value | Scope | Flavors |
| Caption | string |
| Description | string | The Caption property is a short textual description (one- line string) of the object. | None | TRANSLATABLE= true |
| MaxLen | uint32 | 64 | None | None |
| CommonName | string |
| Description | string | A user-friendly name of this policy-related object. | None | TRANSLATABLE= true |
| ConditionListType | uint16 |
| Description | string | Indicates whether the list of PolicyConditions associated with this PolicyRule is in disjunctive normal form (DNF), conjunctive normal form (CNF), or has no conditions (i.e., is an UnconditionalRule) and is automatically evaluated to "True." The default value is 1 ("DNF"). | None | TRANSLATABLE= true |
| ValueMap | string | 0, 1, 2 | None | None |
| Values | string | Unconditional Rule, DNF, CNF | None | TRANSLATABLE= true |
| CreationClassName | string |
| Description | string | CreationClassName indicates the name of the class or the subclass used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified. | None | TRANSLATABLE= true |
| Key | boolean | true | None | OVERRIDABLE= false
|
| MaxLen | uint32 | 256 | None | None |
| Description | string |
| Description | string | The Description property provides a textual description of the object. | None | TRANSLATABLE= true |
| ElementName | string |
| Description | string | A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information.
Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties. | None | TRANSLATABLE= true |
| Enabled | uint16 |
| Description | string | Indicates whether this PolicySet is administratively enabled, administratively disabled, or enabled for debug. The "EnabledForDebug" property value is deprecated and, when it or any value not understood by the receiver is specified, the receiving enforcement point treats the PolicySet as "Disabled". To determine if a PolicySet is "Enabled", the containment hierarchy specified by the PolicySetComponent aggregation is examined and the Enabled property values of the hierarchy are ANDed together. Thus, for example, everything aggregated by a PolicyGroup may be disabled by setting the Enabled property in the PolicyGroup instance to "Disabled" without changing the Enabled property values of any of the aggregated instances. The default value is 1 ("Enabled"). | None | TRANSLATABLE= true |
| ValueMap | string | 1, 2, 3 | None | None |
| Values | string | Enabled, Disabled, Enabled For Debug | None | TRANSLATABLE= true |
| ExecutionStrategy | uint16 |
| Description | string | ExecutionStrategy defines the strategy to be used in executing the sequenced actions aggregated by this PolicyRule. There are three execution strategies:
Do Until Success - execute actions according to predefined order, until successful execution of a single action.
Do All - execute ALL actions which are part of the modeled set, according to their predefined order. Continue doing this, even if one or more of the actions fails.
Do Until Failure - execute actions according to predefined order, until the first failure in execution of an action instance. | None | TRANSLATABLE= true |
| ValueMap | string | 1, 2, 3 | None | None |
| Values | string | Do Until Success, Do All, Do Until Failure | None | TRANSLATABLE= true |
| Generation | uint64 |
| Description | string | Generation is an optional, monotonically increasing property that may be used to identify a particular generation of the resource represented by this class.
If Generation is supported by the implementation, its value shall not be null.
Except as otherwise specified, a value (including null) of Generation specified at creation time shall be replaced by null if Generation is not supported by the implementation or shall be a, (possibly different), non-null value if the implementation does support Generation.
After creation and if supported, Generation shall be updated, at least once per access, whenever the represented resource is modified, regardless of the source of the modification.
Note: the Generation value only needs to be updated once between references, even if the resource is updated many times. The key point is to assure that it will be different if there have been updates, not to count each update.
Note: unless otherwise specified, the value of Generation within one instance is not required to be coordinated with the value of Generation in any other instance.
Note:the semantics of the instance, (as defined by its creation class), define the underlying resource. That underlying resource may be a collection or aggregation of resources. And, in that case, the semantics of the instance further define when updates to constituent resources also require updates to the Generation of the collective resource. Default behavior of composite aggregations should be to update the Generation of the composite whenever the Generation of a component is updated.
Subclasses may define additional requirements for updates on some or all of related instances.
For a particular instance, the value of Generation may wrap through zero, but the elapsed time between wraps shall be greater than 10's of years.
This class does not require Generation to be unique across instances of other classes nor across instances of the same class that have different keys. Generation shall be different across power cycles, resets, or reboots if any of those actions results in an update. Generation may be different across power cycles, resets, or reboots if those actions do not result in an update. If the Generation property of an instance is non-null, and if any attempt to update the instance includes the Generation property, then if it doesn't match the current value, the update shall fail.
The usage of this property is intended to be further specified by applicable management profiles.
Typically, a client will read the value of this property and then supply that value as input to an operation that modifies the instance in some means. This may be via an explicit parameter in an extrinsic method or via an embedded value in an extrinsic method or intrinsic operation.
For example: a profile may require that an intrinsic instance modification supply the Generation property and that it must match for the modification to succeed. | None | TRANSLATABLE= true |
| Experimental | boolean | true | TOSUBCLASS= false | None |
| InstanceID | string |
| Description | string | InstanceID is an optional property that may be used to opaquely and uniquely identify an instance of this class within the scope of the instantiating Namespace. Various subclasses of this class may override this property to make it required, or a key. Such subclasses may also modify the preferred algorithms for ensuring uniqueness that are defined below.
To ensure uniqueness within the NameSpace, the value of InstanceID should be constructed using the following "preferred" algorithm:
<OrgID>:<LocalID>
Where <OrgID> and <LocalID> are separated by a colon (:), and where <OrgID> must include a copyrighted, trademarked, or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID or that is a registered ID assigned to the business entity by a recognized global authority. (This requirement is similar to the <Schema Name>_<Class Name> structure of Schema class names.) In addition, to ensure uniqueness, <OrgID> must not contain a colon (:). When using this algorithm, the first colon to appear in InstanceID must appear between <OrgID> and <LocalID>.
<LocalID> is chosen by the business entity and should not be reused to identify different underlying (real-world) elements. If not null and the above "preferred" algorithm is not used, the defining entity must assure that the resulting InstanceID is not reused across any InstanceIDs produced by this or other providers for the NameSpace of this instance.
If not set to null for DMTF-defined instances, the "preferred" algorithm must be used with the <OrgID> set to CIM. | None | TRANSLATABLE= true |
| LimitNegotiation | uint16 |
| Description | string | LimitNegotiation is used as part of processing either a key exchange or IPsec Rule. Before proceeding with either a phase 1 or a phase 2 negotiation, this property is checked to determine if the negotiation role of the Rule matches that defined for the negotiation being undertaken (e.g., Initiator, Responder, or Both). If this check fails, then the negotiation is stopped. Note that this only applies to new negotiations and has no effect on either renegotiation or refresh operations with peers for which an established Security Association already exists. | None | TRANSLATABLE= true |
| MappingStrings | string | IPSP Policy Model.IETF|SARule.LimitNegotiation | None | None |
| ValueMap | string | 1, 2, 3 | None | None |
| Values | string | Initiator-Only, Responder-Only, Either | None | TRANSLATABLE= true |
| Mandatory | boolean |
| Deprecated | string | No Value | TOSUBCLASS= false | None |
| Description | string | A flag indicating that the evaluation of the Policy Conditions and execution of PolicyActions (if the Conditions evaluate to TRUE) is required. The evaluation of a PolicyRule MUST be attempted if the Mandatory property value is TRUE. If the Mandatory property is FALSE, then the evaluation of the Rule is 'best effort' and MAY be ignored. | None | TRANSLATABLE= true |
| PolicyDecisionStrategy | uint16 |
| Description | string | PolicyDecisionStrategy defines the evaluation method used for policies contained in the PolicySet. There are two values currently defined:
- 'First Matching' (1) executes the actions of the first rule whose conditions evaluate to TRUE. The concept of 'first' is determined by examining the priority of the rule within the policy set (i.e., by examining the property, PolicySetComponent.Priority). Note that this ordering property MUST be maintained when processing the PolicyDecisionStrategy.
- 'All' (2) executes the actions of ALL rules whose conditions evaluate to TRUE, in the set. As noted above, the order of processing of the rules is defined by the property, PolicySetComponent.Priority (and within a rule, the ordering of the actions is defined by the property, PolicyActionStructure.ActionOrder). Note that when this strategy is defined, processing MUST be completed of ALL rules whose conditions evaluate to TRUE, regardless of errors in the execution of the rule actions. | None | TRANSLATABLE= true |
| ValueMap | string | 1, 2 | None | None |
| Values | string | First Matching, All | None | TRANSLATABLE= true |
| PolicyKeywords | string |
| Description | string | An array of keywords for characterizing / categorizing policy objects. Keywords are of one of two types:
- Keywords defined in this and other MOFs, or in DMTF white papers. These keywords provide a vendor- independent, installation-independent way of characterizing policy objects.
- Installation-dependent keywords for characterizing policy objects. Examples include 'Engineering', 'Billing', and 'Review in December 2000'.
This MOF defines the following keywords: 'UNKNOWN', 'CONFIGURATION', 'USAGE', 'SECURITY', 'SERVICE', 'MOTIVATIONAL', 'INSTALLATION', and 'EVENT'. These concepts are self-explanatory and are further discussed in the SLA/Policy White Paper. One additional keyword is defined: 'POLICY'. The role of this keyword is to identify policy-related instances that may not be otherwise identifiable, in some implementations. The keyword 'POLICY' is NOT mutually exclusive of the other keywords specified above. | None | TRANSLATABLE= true |
| PolicyRoles | string |
| Deprecated | string | CIM_PolicySetInRoleCollection | TOSUBCLASS= false | None |
| Description | string | The PolicyRoles property represents the roles associated with a PolicySet. All contained PolicySet instances inherit the values of the PolicyRoles of the aggregating PolicySet but the values are not copied. A contained PolicySet instance may, however, add additional PolicyRoles to those it inherits from its aggregating PolicySet(s). Each value in PolicyRoles multi-valued property represents a role for which the PolicySet applies, i.e., the PolicySet should be used by any enforcement point that assumes any of the listed PolicyRoles values.
Although not officially designated as 'role combinations', multiple roles may be specified using the form:
<RoleName>[&&<RoleName>]*
where the individual role names appear in alphabetical order (according to the collating sequence for UCS-2). Implementations may treat PolicyRoles values that are specified as 'role combinations' as simple strings.
This property is deprecated in lieu of the use of an association, CIM_PolicySetInRoleCollection. The latter is a more explicit and less error-prone approach to modeling that a PolicySet has one or more PolicyRoles. | None | TRANSLATABLE= true |
| PolicyRuleName | string |
| Description | string | A user-friendly name of this PolicyRule. | None | TRANSLATABLE= true |
| Key | boolean | true | None | OVERRIDABLE= false
|
| MaxLen | uint32 | 256 | None | None |
| Priority | uint16 |
| Deprecated | string | CIM_PolicySetComponent.Priority | TOSUBCLASS= false | None |
| Description | string | PolicyRule.Priority is deprecated and replaced by providing the priority for a rule (and a group) in the context of the aggregating PolicySet instead of the priority being used for all aggregating PolicySet instances. Thus, the assignment of priority values is much simpler.
A non-negative integer for prioritizing this Policy Rule relative to other Rules. A larger value indicates a higher priority. The default value is 0. | None | TRANSLATABLE= true |
| RuleUsage | string |
| Description | string | A free-form string that can be used to provide guidelines on how this PolicyRule should be used. | None | TRANSLATABLE= true |
| SequencedActions | uint16 |
| Description | string | This property gives a policy administrator a way of specifying how the ordering of the PolicyActions associated with this PolicyRule is to be interpreted. Three values are supported:
o mandatory(1): Do the actions in the indicated order, or don't do them at all.
o recommended(2): Do the actions in the indicated order if you can, but if you can't do them in this order, do them in another order if you can.
o dontCare(3): Do them -- I don't care about the order.
The default value is 3 ("DontCare"). | None | TRANSLATABLE= true |
| ValueMap | string | 1, 2, 3 | None | None |
| Values | string | Mandatory, Recommended, Dont Care | None | TRANSLATABLE= true |
| SystemCreationClassName | string |
| Description | string | The scoping System's CreationClassName. | None | TRANSLATABLE= true |
| Key | boolean | true | None | OVERRIDABLE= false
|
| MaxLen | uint32 | 256 | None | None |
| Propagated | string | CIM_System.CreationClassName | None | OVERRIDABLE= false
|
| SystemName | string |
| Description | string | The scoping System's Name. | None | TRANSLATABLE= true |
| Key | boolean | true | None | OVERRIDABLE= false
|
| MaxLen | uint32 | 256 | None | None |
| Propagated | string | CIM_System.Name | None | OVERRIDABLE= false
|
Copyright © 2008-2010 VMware, Inc. All rights reserved.