Share via


CIM_Privilege class

The base class for all types of activities which are granted or denied by a Role or an Identity. Any privileges not specifically granted are assumed to be denied. An explicit denial takes precedence over any granted privileges.

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.

Syntax

[Abstract, Version("2.8.0"), AMENDMENT]
class CIM_Privilege : CIM_ManagedElement
{
  string  Caption;
  string  Description;
  string  ElementName;
  string  InstanceID;
  boolean PrivilegeGranted = TRUE;
  uint16  Activities[];
  string  ActivityQualifiers[];
  uint16  QualifierFormats[];
};

Members

The CIM_Privilege class has these types of members:

Properties

The CIM_Privilege class has these properties.

Activities

Data type: uint16 array

Access type: Read-only

Qualifiers: ArrayType ("Indexed"), ModelCorrespondence ("CIM_Privilege.ActivityQualifiers")

An enumeration indicating the activities that are granted or denied. These activities apply to all entities specified in the ActivityQualifiers array.

Detect (4) indicates that the existence or presence of an entity may be determined, but not necessarily specific data, which requires the Read privilege.

Other (1)

Create (2)

Delete (3)

Detect (4)

Read (5)

Write (6)

Execute (7)

DMTF Reserved

8 15999

Vendor Reserved

16000 65535

ActivityQualifiers

Data type: string array

Access type: Read-only

Qualifiers: ArrayType ("Indexed"), ModelCorrespondence ("CIM_Privilege.Activities", "CIM_Privilege.QualifierFormats")

An array of values used to further qualify and specify the privileges granted or denied. For example, it is used to specify a set of files for which Read or Write access is permitted or denied. The semantics of the individual entries in ActivityQualifiers are provided in corresponding entries in the QualifierFormats array.

Caption

Data type: string

Access type: Read-only

Qualifiers: MaxLen (64)

A short textual description of the object.

This property is inherited from CIM_ManagedElement.

Description

Data type: string

Access type: Read-only

A textual description of the object.

This property is inherited from CIM_ManagedElement.

ElementName

Data type: string

Access type: Read-only

A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties/identity data, and description information.

This property is inherited from CIM_ManagedElement.

InstanceID

Data type: string

Access type: Read-only

Qualifiers: Key

Opaquely and uniquely identifies an instance of this class within the scope of the instantiating Namespace. To ensure uniqueness within the NameSpace, the value of InstanceID should be constructed using the following format:

<OrgID>:<LocalID>

<OrgID> must include a copyrighted, trademarked or otherwise unique name that is owned by the business entity creating the InstanceID, or is a registered ID that is assigned to the business entity by a recognized global authority. <OrgID> must not contain a colon (":"). The first colon to appear in InstanceID must be between <OrgID> and <LocalID>.

<LocalID> is chosen by the business entity and should not be re-used to identify different underlying elements.

If the above format is not used, the defining entity must assure that the resultant InstanceID is not re-used by this or other providers for this instance's NameSpace.

For DMTF defined instances, the format must have <OrgID> set to "CIM".

PrivilegeGranted

Data type: boolean

Access type: Read-only

Whether the privilege is granted. The default is to grant permission.

QualifierFormats

Data type: uint16 array

Access type: Read-only

Qualifiers: ArrayType ("Indexed"), ModelCorrespondence ("CIM_Privilege.ActivityQualifiers")

Defines the semantics of corresponding entries in the ActivityQualifiers array.

The possible values, with examples, are.

Class Name (2)

If the authorization target is a CIM Service or a Namespace, the ActivityQualifiers entries can define a list of classes that the authorized subject is able to create or delete.

<Class.>Property (3)

If the authorization target is a CIM Service, Namespace or Collection of instances, the ActivityQualifiers entries can define the class properties that can or cannot be accessed. Since these targets can manage multiple classes, the class names are included to avoid ambiguity.

If the authorization target is an individual instance, there is no possible ambiguity and the class name may be omitted.

Use the "*" wildcard character to specify all properties.

<Class.>Method (4)

Usage is similar to <Class.>Property (3).

Use the "*" wildcard character to specify all properties.

Object Reference (5)

If the authorization target is a CIM Service or Namespace, the ActivityQualifiers entries can define a list of object references that the authorized subject can access.

Namespace (6)

If the authorization target is a CIM Service, then the ActivityQualifiers entries can define a list of Namespaces that the authorized subject can access.

URL (7)

An authorization target may not be defined, but a Privilege could be used to deny access to specific URLs.

Directory/File Name (8)

If the authorization target is a file system, then the ActivityQualifiers entries can define a list of directories and files whose access is protected.

Command Line Instruction (9)

If the authorization target is a compute system or service, then the ActivityQualifiers entries can define a list of command line instructions that can or cannot be run by the authorized subjects.

DMTF Reserved

Vendor Reserved

Requirements

Minimum supported client
Windows Vista
Minimum supported server
Windows Server 2008
Namespace
Root\Hardware
MOF
IpmiPrv.mof
DLL
IpmiPrv.dll

See also

CIM_ManagedElement