次の方法で共有


5.2 Index of Security Parameters

The server MUST secure access to each CIM namespace by using security descriptors<88> as specified in [MS-DTYP].

The server MUST use the DCOM identity of the caller against the security descriptor of the namespace to grant or deny the access.

The access mask that controls the security principal rights contains the following specific rights, which are interpreted as specified in the table.

Constants

Value

Meaning

WBEM_ENABLE

0x1

Grants the security principal read permissions.

WBEM_FULL_WRITE

0x4

Grants the security principal to write to classes and instances.

WBEM_METHOD_EXECUTE

0x2

Grants the security principal to execute methods.

WBEM_PARTIAL_WRITE_REP

0x8

Grants the security principal to update or delete CIM instances that are static.

WBEM_REMOTE_ENABLE

0x20

Grants the security principal to remotely access the server.

WBEM_WRITE_PROVIDER

0x10

Grants the security principal to update or delete CIM instances that are dynamic.

READ_CONTROL

0x20000

Allows the security principal to read the security descriptor of CIM namespace.

WRITE_DAC

0x40000

Allows the security principal to modify the security descriptor of CIM namespace.

In order to change the namespace security descriptor, a client MUST use the Windows Management Instrumentation Remote Protocol and the required CIM object encoding, as specified in [MS-WMIO]. To query or change the security descriptor, the __SystemSecurity class methods GetSD and SetSD defined in section 2.2.30 MUST be used. To manage the namespace security, the __SystemSecurity class MUST be implemented at the top level of every namespace. The GetSD and SetSD methods are invoked as specified in sections 3.1.4.3.22 and 3.1.4.3.23.

If the event object that is delivered to the WMI server (as specified in 3.2.4.2.1) contains a non-null SECURITY_DESCRIPTOR as specified in 2.2.4.2, the server MUST secure access to the event object by using access controls specified in the security descriptor. The access mask that controls the security principal rights has the following specific rights, which are interpreted as specified in the following table.

Constants

Value

Meaning

WBEM_RIGHTS_PUBLISH

0x80

Grants the security principal permission to send events to the WMI server as specified in 3.2.4.2.1.

WBEM_RIGHT_SUBSCRIBE

0x40

Grants the security principal permission to receive the event object using the IWbemServices::ExecNotificationQuery or IWbemServices::ExecNotificationQueryAsync method call. If this permission is not granted, the client can make IWbemServices::ExecNotificationQuery or IWbemServices::ExecNotificationQueryAsync calls, but the event is not delivered.