User\CIM_RoleBasedAuthorizationService.mof.mof (HTML version)

Return to index
CIM_RoleBasedAuthorizationService Superclass: CIM_PrivilegeManagementService
The CIM_RoleBasedAuthorizationService class represents the authorization service that manages and configures roles on a managed system. The CIM_RoleBasedAuthorizationService is responsible for creating, and deleting CIM_Role instances. Privileges of the roles are represented through the instance(s) of CIM_Privilege class associated to CIM_Role instances through the CIM_MemberOfCollection association. As a result of creating, and deleting CIM_Role instances the CIM_Privilege instances can also be affected. The limiting scope of the role is determined by the CIM_RoleLimitedToTarget association.
Qualifiers:Version ( "2.14.0" ) Experimental UMLPackagePath ( "CIM::User::Role" )
Parameters (local in grey)
ValueMap { "Success" , "Not Supported" , "Unknown" , "Timeout" , "Failed" , "Invalid Parameter" , "DMTF Reserved" , "Vendor Specific" }
Values { "0" , "1" , "2" , "3" , "4" , "5" , "16000..31999" , "32000..65535" }
uint32DeleteRole(
Role parameter is the reference to the Role instance to be deleted.
Qualifiers:IN
CIM_Role REF Role
)
DeleteRole method deletes the CIM_Role instance referenced in the call. This method will delete each instance of CIM_MemberOfCollection and CIM_RoleLimitedToTarget that references the specified instance of CIM_Role. Any instances of CIM_Privilege that are associated with the this instance of CIM_Role and no other instances will also be deleted, as well as the CIM_MemberOfCollection associations that associate the CIM_Privilege with the CIM_Role.
ValueMap { "Success" , "Not Supported" , "Unknown" , "Timeout" , "Failed" , "Invalid Parameter" , "Inappropriate Privilege" , "DMTF Reserved" , "Vendor Specific" }
Values { "0" , "1" , "2" , "3" , "4" , "5" , "6" , "16000..31999" , "32000..65535" }
uint32CreateRole(
NewRole parameter is the desired CIM_Role instance to be created. This is an element of class CIM_Role, encoded as a string-valued embedded instance parameter. The embedded instance allows the client to specify the properties desired for the new CIM_Role instance.
Qualifiers:EmbeddedInstance ( "CIM_Role" ) IN
string RoleTemplate
If present, CIM_OwningSystem defines a System to which an CIM_OwningCollectionElement association to the new CIM_Role shall be instantiated.
Qualifiers:IN
CIM_System REF OwningSystem
Privileges parameter is the desired CIM_Privilege instances to be associated with the new role. This is an array of elements of class CIM_Privilege, encoded as a string-valued embedded instance parameter. The embedded instances allow the client to specify the properties desired for the CIM_Privilege instances to be associated to the new CIM_Role instance through CIM_MemberOfCollection association.
Qualifiers:EmbeddedInstance ( "CIM_Privilege" ) Required IN
string Privileges [ ]
RoleLimitedToTargets parameter references CIM_ManagedElement instances that the new role will be limited to. The call will create CIM_RoleLimitedToTarget association instances between the new CIM_Role instance and the referenced CIM_ManagedElement instances that the role is limited to.
Qualifiers:IN
CIM_ManagedElement REF RoleLimitedToTargets [ ]
Role is an output parameter that per successful execution of the method will contain the reference to the newly created CIM_Role instance.
Qualifiers:OUT IN ( false )
CIM_Role REF Role
)
The CreateRole method creates a new instance of CIM_Role with the specified privileges. If the NewRole parameter is specified, the embedded instance will be used as a template for the newly created CIM_Role instance. If the NewRole parameter is not specified, the method will create a default instance of CIM_Role that is implementation specific. In order to be meaningful, a Role requires a set of associated privileges, thus an array of embedded instances of CIM_Privilege is provided as a parameter. An implementation may not support the creation of a Role with the privileges indicated by the specified combination of CIM_Privilege instances.
The implementation will create new instances of CIM_Privilege as needed to enable the implementation to represent the rights granted to the new instance of Role. The implementation will associate these Privilege instances to CIM_Role via MemberOfCollection.
If the RoleLimitedToTargets parameter is specified, the scope of the new role will be limited to the CIM_ManagedElement instances whose references are specified. For each CIM_ManagedElement specified, the implementation will create an instance of CIM_RoleLimitedToTarget which references CIM_ManagedElement instance and the created instance of CIM_Role. If the RoleLimitedToTargets parameter is not specified, the Role applies to all resources in the target namespace.
ValueMap { "Success" , "Not Supported" , "Unknown" , "Timeout" , "Failed" , "Invalid Parameter" , "Inappropriate Privilege" , "DMTF Reserved" , "Vendor Specific" }
Values { "0" , "1" , "2" , "3" , "4" , "5" , "6" , "16001..31999" , "32000..65535" }
uint32ModifyRole(
Privileges parameter represents the desired privileges for the targeted role. When this parameter is non-null, upon successful completion of the method, the instances of CIM_Privilege associated with the targeted CIM_Role instance shall convey equivalent privileges as those indicated by the specified embedded CIM_Privilege instances. The Privilege parameter is an array of elements of CIM_Privilege, encoded as a string valued embedded instance parameter. The embedded instances allow the client to convey the privileges desired for the targeted CIM_Role instance. The method may result in the creation, deletion, or modification of the CIM_Privilege instances. The rights indicated by a CIM_Privilege may be revoked by passing the embedded instance of CIM_Privilege with PrivilegeGranted property set to 'FALSE.'. When the parameter is null, the privileges for the CIM_Role shall not be modified.
Qualifiers:EmbeddedInstance ( "CIM_Privilege" ) IN
string Privileges [ ]
RoleLimitedToTargets parameter references all of the CIM_ManagedElement instances to which the role shall be limited. When this parameter is non-null, upon successful completion of the method, the targeted CIM_Role instance shall be associated through the CIM_RoleLimitedToTarget association with only the specified instances of CIM_ManagedElement. This may result in the creation and deletion of instances of CIM_RoleLimitedToTarget. When this parameter is null, the set of instances of CIM_RoleLimitedToTarget that reference the targeted CIM_Role instance shall not be modified.
Qualifiers:IN
CIM_ManagedElement REF RoleLimitedToTargets [ ]
Role parameter is the reference to the targeted CIM_Role instance for which the privileges will be modified.
Qualifiers:Required IN
CIM_Role REF Role
)
ModifyRole method modifies the privileges and the scope of the specified instance of the targeted CIM_Role instance. The call may result in the creation, deletion, or modification of CIM_Privilege instances. The call may result in the creation and deletion of CIM_RoleLimitedTarget association instances.
ValueMap { "0" , "1" , "2" , ".." , "32000..65535" }
Values { "Success" , "Not Supported" , "FailedMethod Reserved" , "Vendor Specific" }
uint32ShowRoles(
The Subject parameter identifies the instance of CIM_Identity whose containing instances of CIM_Role will be returned.
Qualifiers:IN
CIM_Identity REF Subject
The Target parameter identifies an instance of CIM_ManagedElement whose scoping instances of CIM_Role will be returned.
Qualifiers:IN
CIM_ManagedElement REF Target
The set of instances of CIM_Role filtered according to the Subject and Target parameters.
Qualifiers:ArrayType ( "Indexed" ) EmbeddedInstance ( "CIM_Role" ) OUT ModelCorrespondence { "CIM_PrivilegeManagementService.ShowAccess.Privileges" } IN ( false )
string Roles [ ]
The cumulative rights granted through membership in the instance of CIM_Role located at the same array index in the Roles parameter.
Qualifiers:ArrayType ( "Indexed" ) EmbeddedInstance ( "CIM_Privilege" ) OUT ModelCorrespondence { "CIM_PrivilegeManagementService.ShowAccess.Roles" } IN ( false )
string Privileges [ ]
)
ShowRoles reports the Privileges (i.e., rights) granted to a particular Subject, for a particular Target, or to a particular Subject for a particular Target through membership in, or scoping to instances of CIM_Role. The Subject parameter, Target parameter, or both shall be specified.
When the Subject parameter is specified and the Target parameter is not specified, the method shall return all of Roles to which the subject is associated through CIM_MemberOfCollection.
When Target parameter is specified and the Subject parameter is not specified, the method shall all instances of CIM_Role within whose scope the Target Parameter lies.
When the Subject parameter and Target parameter are both specified, the method shall return an instance of CIM_Role if and only if the Subject Parameter is associated to the instance of CIM_Role through CIM_MemberOfCollection and the Target Parameter lies within the scope of the instance of CIM_Role.
For each instance of CIM_Role returned in the Roles parameter, the corresponding index of the Privileges parameter may contain an instance of CIM_Privilege. The corresponding index of the Privileges parameter may be null when rights granted through a CIM_Role are not explicitly managed, or when there are not currently any instances of CIM_Privilege associated with the CIM_Role instance. When the corresponding index of of the Privileges parameter is non-null, the embedded instance of CIM_Privilege shall reflect the cumulative rights granted through membership in the Role.
Each embedded instance of CIM_Role contained in the Roles parameter shall correspond to an instrumented instance of CIM_Role. Each embedded instance of CIM_Privilege contained in the Privileges parameter may correspond to an instance of CIM_Privilege associated to the corresponding instance of CIM_Role through the CIM_MemberOfCollection. However, this is not required. Embedded instances of CIM_Role are returned rather than References in order to simplify the query operation for clients. The properties of the instances of CIM_Role provide context to aid a client in selecting which instance(s) to modify in order to change the privileges of a Subject or for a Target.
ValueMap { "0" , "1" , "2" , ".." , "32000..65535" }
Values { "Success" , "Not Supported" , "Failed" , "Method Reserved" , "Vendor Specific" }
uint32AssignRoles(
The Identity instance representing the security principal whose role membership is being modified.
Qualifiers:Required IN
CIM_Identity REF Identity
The set of Roles to which the Identity will be associated through CIM_MemberOfCollection.
Qualifiers:Required IN
CIM_Role REF Roles [ ]
)
AssignRoles() removes a security principal from any Roles to which it currently belongs and assigns it to the Roles identified by the Roles[] parameter. Upon successful completion of the method, the instance of CIM_Identity identified by the Identity parameter shall be associated to each Role referenced by the Roles parameter through the CIM_MemberOfCollection association and shall not be associated to an instance of CIM_Role unless a reference to it is contained in the Roles parameter.
ValueMap { "0" , "1" , "2" , "3" , "4" , "5" , "6..15999" , "16000" , "16001" , "16002" , "16003" , "16004" , "16005" , "16005..31999" , "32000..65535" }
Values { "Success" , "Not Supported" , "Unspecified Error" , "Timeout" , "Failed" , "Invalid Parameter" , "DMTF Reserved" , "Unsupported Subject" , "Unsupported Privilege" , "Unsupported Target" , "Authorization Error" , "NULL not supported" , "UnSupported Sharing Privileges" , "Method Reserved" , "Vendor Specific" }
uint32AssignAccess(
The Subject parameter is a reference to a ManagedElement instance. This parameter MUST be supplied.
Qualifiers:Required IN
CIM_ManagedElement REF Subject
MUST be NULL unless Privilege is NULL on input. The PrivilegeGranted flag indicates whether the rights defined by the parameters in this call should be granted or denied to the named Subject/Target pair.
Qualifiers:ModelCorrespondence { "CIM_AuthorizedPrivilege.PrivilegeGranted" , "CIM_PrivilegeManagementService.AssignAccess.Privilege" } IN
boolean PrivilegeGranted
MUST be NULL unless the Privilege is NULL on input. This parameter specifies the activities to be granted or denied.
Qualifiers:ValueMap { "1" , "2" , "3" , "4" , "5" , "6" , "7" , ".." , "16000..65535" } ArrayType ( "Indexed" ) Values { "Other" , "Create" , "Delete" , "Detect" , "Read" , "Write" , "Execute" , "DMTF Reserved" , "Vendor Reserved" } ModelCorrespondence { "CIM_AuthorizedPrivilege.Activities" , "CIM_PrivilegeManagementService.AssignAccess.Privilege" } IN
uint16 Activities [ ]
MUST be NULL unless Privilege is NULL on input. This parameter defines the activity qualifiers for the Activities to be granted or denied.
Qualifiers:ArrayType ( "Indexed" ) ModelCorrespondence { "CIM_AuthorizedPrivilege.ActivityQualifers" , "CIM_PrivilegeManagementService.AssignAccess.Privilege" } IN
string ActivityQualifiers [ ]
MUST be NULL unless Privilege is NULL on input. This parameter defines the qualifier formats for the corresponding ActivityQualifiers.
Qualifiers:ValueMap { "2" , "3" , "4" , "5" , "6" , "7" , "8" , "9" , "10" , "11" , ".." , "16000..65535" } ArrayType ( "Indexed" ) Values { "Class Name" , "Property" , "Method" , "Object Reference" , "Namespace" , "URL" , "Directory/File Name" , "Command Line Instruction" , "SCSI Command" , "Packets" , "DMTF Reserved" , "Vendor Reserved" } ModelCorrespondence { "CIM_AuthorizedPrivilege.QualifierFormats" , "CIM_PrivilegeManagementService.AssignAccess.Privilege" } IN
uint16 QualifierFormats [ ]
The Target parameter is a reference to an instance of ManagedElement. This parameter MUST be supplied.
Qualifiers:Required IN
CIM_ManagedElement REF Target
On input, this reference MUST be either NULL or refer to an instance of AuthorizedPrivilege that is used as a template. The rights granted by corresponding entries in the Activities, ActivityQualifiers and QualifierFormats array properties are applied incrementally and do not affect unnamed rights. If the property, PrivilegeGranted, is false, then the named rights are removed. If PrivilegeGranted is True, then the named rights are added. (Note that the RemoveAccess method SHOULD be used to completely remove all privileges between a subject and a target. On output, this property references an AuthorizedPrivilege instance that represents the resulting rights between the named Subject and the named Target. AuthorizedPrivilege instances used as a templates in this property SHOULD have a HostedDependency association to the PriviligeManagementService and SHOULD NOT have any AuthorizedTarget or AuthorizedSubject associations to it.
Qualifiers:OUT IN
CIM_AuthorizedPrivilege REF Privilege
)
When this method is called, a provider updates the specified Subject's rights to the Target according to the parameters of this call. The rights are modeled via an AuthorizedPrivilege instance. If an AuthorizedPrivilege instance is created as a result of this call, it MUST be linked to the Subject and Target via the AuthorizedSubject and AuthorizedTarget associations, respectively. When created, the AuthorizedPrivilege instance is associated to this PrivilegeManagementService via ConcreteDependency. If the execution of this call results in no rights between the Subject and Target, then they MUST NOT be linked to a particular AuthorizedPrivilege instance via AuthorizedSubject and AuthorizedTarget respectively.

Note that regardless of whether specified via parameter, or template, the Activities, ActivityQualifiers and QualifierFormats, are mutually indexed. Also note that Subject and Target references MUST be supplied.

The successful completion of the method SHALL create any necessary AuthorizedSubject, AuthorizedTarget, AuthorizedPrivilege, HostedDependency, and ConcreteDependency instances.
Note if an associated PrivilegeManagementCapabilities.SharedPrivilegeSupported is FALSE, then an 'Unsupported Shared Privilege' error will be returned if either the Subjects or the Targets parameter of the AssignAccess method has more than one entry.
ValueMap { "0" , "1" , "2" , "3" , "4" , "5" , "6..15999" , "16000" , "16001" , "16002" , "16003" , "16004..32767" , "32768..65535" }
Values { "Success" , "Not Supported" , "Unspecified Error" , "Timeout" , "Failed" , "Invalid Parameter" , "DMTF Reserved" , "Unsupported Privilege" , "Unsupported Target" , "Authorization Error" , "Null parameter not supported" , "Method Reserved" , "Vendor Specific" }
uint32RemoveAccess(
The Subject parameter is a reference to a ManagedElement instance (associated via AuthorizedSubject) for which privileges are to be revoked.
Qualifiers:IN
CIM_ManagedElement REF Subject
A reference to the AuthorizedPrivilege to be revoked.
Qualifiers:IN
CIM_AuthorizedPrivilege REF Privilege
The Target parameter is a reference to a ManagedElement (associated via AuthorizedTarget) which will no longer be protected via the AuthorizedPrivilege.
Qualifiers:IN
CIM_ManagedElement REF Target
)
This method revokes a specific AuthorizedPrivilege or all privileges for a particular target, subject, or subject/target pair. If an AuthorizedPrivilege instance is left with no AuthorizedTarget associations, it SHOULD be deleted. The successful completion of the method SHALL remove the directly or indirectly requested AuthorizedSubject, AuthorizedTarget and AuthorizedPrivilege instances.
ValueMap { "0" , "1" , "2" , "3" , "4" , "5" , ".." , "16000" , "16002" , "16003" , "16004" , "16005..31999" , "32000..65535" }
Values { "Success" , "Not Supported" , "Unknown" , "Timeout" , "Failed" , "Invalid Parameter" , "DMTF Reserved" , "Unsupported Subject" , "Unsupported Target" , "Authorization Error" , "NULL not supported" , "Method Reserved" , "Vendor Specific" }
uint32ShowAccess(
The Subject parameter references an instance of ManagedElement. The result of this operation is that the cumulative rights of the Subject to access or define authorization rights for the Target will be reported. If no Subject is specified, then a Target MUST be supplied and ALL Subjects that have rights to access or define authorizations for the Target will be reported. (It should be noted that the information reported MUST be filtered by the rights of the requestor to view that data.) If the Subject element is a Collection, then the operation will specifically report the Privileges for all elements associated to the Collection via MemberOfCollection. These elements will be reported individually in the returned OutSubjects array.
Qualifiers:ModelCorrespondence { "CIM_PrivilegeManagementService.ShowAccess.Target" } IN
CIM_ManagedElement REF Subject
The Target parameter references an instance of ManagedElement. The result of this operation is that the cumulative rights of the Subject to access or define authorization rights for the Target will be reported. If no Target is specified, then a Subject MUST be supplied and ALL Targets for which that the Subject has rights to access or define authorization will be reported. (It should be noted that the information reported MUST be filtered by the rights of the requestor to view that data.) If the Target element is a Collection, then the operation will be applied to all elements associated to the Collection via MemberOfCollection. These elements will be reported individually in the returned OutTargets array.
Qualifiers:ModelCorrespondence { "CIM_PrivilegeManagementService.ShowAccess.Subject" } IN
CIM_ManagedElement REF Target
The array of Subject REFs corresponding to the individual Privileges and OutTargets arrays. The resulting OutSubjects, Privileges and OutTargets arrays define the cumulative rights granted between the Subject/Target at the corresponding index (filtered to return the information that the requestor is authorized to view).
Qualifiers:ArrayType ( "Indexed" ) OUT ModelCorrespondence { "CIM_PrivilegeManagementService.ShowAccess.Subject" , "CIM_PrivilegeManagementService.ShowAccess.Privileges" , "CIM_PrivilegeManagementService.ShowAccess.OutTargets" } IN ( false )
CIM_ManagedElement REF OutSubjects [ ]
The array of Target REFs corresponding to the individual Privileges and OutSubjects arrays. The resulting OutSubjects, Privileges and OutTargets arrays define the cumulative rights granted between the Subject/Target at the corresponding index (filtered to return the information that the requestor is authorized to view).
Qualifiers:ArrayType ( "Indexed" ) OUT ModelCorrespondence { "CIM_PrivilegeManagementService.ShowAccess.Target" , "CIM_PrivilegeManagementService.ShowAccess.Privileges" , "CIM_PrivilegeManagementService.ShowAccess.OutSubjects" } IN ( false )
CIM_ManagedElement REF OutTargets [ ]
The returned Privilege objects represent the cumulative rights granted between the OutSubjects and OutTargets at the same array index (filtered to return the information that the requestor is authorized to view). If a specific array entry is NULL, then there exist NO rights that the requestor is authorized to view between the Subject/Target pair.
Qualifiers:ArrayType ( "Indexed" ) EmbeddedObject OUT ModelCorrespondence { "CIM_PrivilegeManagementService.ShowAccess.OutTargets" , "CIM_PrivilegeManagementService.ShowAccess.OutSubjects" } IN ( false )
string Privileges [ ]
)
ShowAccess reports the Privileges (i.e., rights) granted to a particular Subject and/or Target pair. Either a Subject, a Target or both MUST be specified. In the case where only one is specified, the method will return all rights to all Targets for the specified Subject, or all rights for all subjects which apply to the specified Target.

ShowAccess returns the cumulative rights granted between the OutSubjects and OutTargets at the same array index (filtered to return the information that the requestor is authorized to view). If a specific array entry is NULL, then there exist NO rights that the requestor is authorized to view between the Subject/Target pair.

Note that the Privileges returned by this method MAY NOT correspond to what is actually instantiated in the model, and MAY be optimized for ease of reporting. Hence, the data is passed 'by value', as embedded objects. Also, note that multiple Privileges MAY be defined for a given Subject/Target pair.

Other mechanisms MAY also be used to retrieve this information. CIM Operations' EnumerateInstances MAY be used to return all Privileges currently instantiated within a namespace. Also, if the AuthorizedPrivilege subclass is instantiated, the CIM Operation Associators MAY be used to navigate from the Privilege to AuthorizedSubjects and AuthorizedTargets. These CIM Operations will not generally provide the functionality or optimizations available with ShowAccess.
ValueMap { "0" , "1" , "2" , "3" , "4" , "5" , ".." , "16000" , "16001" , "16002" , "16003" , "16004" , "16005..31999" , "32000..65535" }
Values { "Success" , "Not Supported" , "Unknown" , "Timeout" , "Failed" , "Invalid Parameter" , "DMTF Reserved" , "Unsupported Subject" , "Unsupported Privilege" , "Unsupported Target" , "Authorization Error" , "NULL not supported" , "Method Reserved" , "Vendor Specific" }
uint32ChangeAccess(
The Subject parameter is required and references an instance of ManagedElement. The result of this operation is that the Subject SHALL be authorized to access or define the authorization rights for the Target, via one or more instances of the Privilege class - where the Privileges represent the cumulative rights of this Subject. The distinction between the Privileges specified in this method call and the 'cumulative rights' is that the implementation returns all rights that the Subject has in regards to the Target (that the requestor is authorized to review), versus the specific subset that may be specified in this method call. The exception to the above is when there are no remaining rights between the Subject and Target. In that case, the Privilege instance MAY be deleted.

Note that even if the Subject element is a Collection, the operation is only applied to the Collection itself and NOT its members via MemberOfCollection unless an appropriate PolicyPropagationRule is specified. In either case, the output parameters for this method pertain only to the specified Subject/Collection and Target, and do not provide details on the individual members of the Collection. If this information is needed, use the ShowAccess method.

As noted in the method Description, if the resultant Privileges are AuthorizedPrivileges, then AuthorizedSubject associations SHALL be created.

Qualifiers:Required IN
CIM_ManagedElement REF Subject
The Target parameter is required and references an instance of ManagedElement. The result of this operation is that the Subject SHALL be authorized to access or define the authorization rights for the Target, via one or more instances of the Privilege class - where the Privileges represent the cumulative rights of this Subject. The distinction between the Privileges specified in this method call and the 'cumulative rights' is that the implementation returns all rights that the Subject has in regards to this Target (that the requestor is authorized to review), versus the specific subset that may be specified in this method call. The exception to the above is when there are no remaining rights between the Subject and Target. In that case, the Privilege instance MAY be deleted.

Note that even if the Target element is a Collection, the operation is only applied to the Collection itself and NOT its members via MemberOfCollection unless an appropriate PolicyPropagationRule is specified. In either case, the output parameters for this method pertain only to the specified Subject and Target/Collection, and do not provide details on the individual members of the Collection. If this information is needed, use the ShowAccess method.

As noted in the method Description, if the resultant Privileges are AuthorizedPrivileges, then AuthorizedTarget associations SHALL be created.

Qualifiers:Required IN
CIM_ManagedElement REF Target
If supplied, PropagationPolicy defines the policy rules that govern how the specified access rights are propagated to instances associated with the named Subject and/or Target. If a policy rule is not supplied, the rights defined in the Privilege are only granted or denied between the named Subject and Target.
Qualifiers:IN
CIM_PrivilegePropagationRule REF PropagationPolicies [ ]
A set of zero or more instances of CIM_Privilege (or a subclass of Privilege) that are passed 'by value' as embedded objects. An embedded object is used since the Privilege may only define a subset of the total rights that should be assigned or revoked. On input, Privilege.PrivilegeGranted MAY be set to False to indicate that the enclosed rights are denied. On return, the embedded Privilege objects represent the cumulative rights granted between the specified Subject and Target (filtered to return the information that the requestor is authorized to view). If the Privileges array is empty, then there exist NO rights that the requestor is authorized to view between the Subject/Target pair.
Qualifiers:EmbeddedObject OUT IN
string Privileges [ ]
)
ChangeAccess updates the specified Subject's rights to the Target according to the parameters of this call. The method may be called to update the propagation of Privileges, and/or to define new Privileges for a Subject/Target pair. Because the Subject/Target pair is required in any usage scenario, these parameters are defined as Required.

If an instance of Privilege is created, it is associated to this Service via ConcreteDependency. Further, if the Privilege is an AuthorizedPrivilege, it is linked to the specified Subject and Target via the AuthorizedSubject and AuthorizedTarget associations, respectively.
MaxLen ( 256 )
Propagated ( "CIM_System.Name" )
Key
string SystemName ;
The Name of the scoping System.
boolean Started ;
Started is a Boolean that indicates whether the Service has been started (TRUE), or stopped (FALSE).
uint32StopService()
The StopService method places the Service in the stopped state. Note that the function of this method overlaps with the RequestedState property. RequestedState was added to the model to maintain a record (such as a persisted value) of the last state request. Invoking the StopService method should set the RequestedState property appropriately. The method returns an integer value of 0 if the Service was successfully stopped, 1 if the request is not supported, and any other number to indicate an error. In a subclass, the set of possible return codes could be specified using a ValueMap qualifier on the method. The strings to which the ValueMap contents are translated can also be specified in the subclass as a Values array qualifier.

Note: The semantics of this method overlap with the RequestStateChange method that is inherited from EnabledLogicalElement. This method is maintained because it has been widely implemented, and its simple 'stop' semantics are convenient to use.
MaxLen ( 256 )
Propagated ( "CIM_System.CreationClassName" )
Key
string SystemCreationClassName ;
The CreationClassName of the scoping System.
MaxLen ( 64 )
MappingStrings { "MIF.DMTF|General Information|001.3" }
Write
string PrimaryOwnerName ;
The name of the primary owner for the service, if one is defined. The primary owner is the initial support contact for the Service.
uint32StartService()
The StartService method places the Service in the started state. Note that the function of this method overlaps with the RequestedState property. RequestedState was added to the model to maintain a record (such as a persisted value) of the last state request. Invoking the StartService method should set the RequestedState property appropriately. The method returns an integer value of 0 if the Service was successfully started, 1 if the request is not supported, and any other number to indicate an error. In a subclass, the set of possible return codes could be specified using a ValueMap qualifier on the method. The strings to which the ValueMap contents are translated can also be specified in the subclass as a Values array qualifier.

Note: The semantics of this method overlap with the RequestStateChange method that is inherited from EnabledLogicalElement. This method is maintained because it has been widely implemented, and its simple 'start' semantics are convenient to use.
MaxLen ( 256 )
Key
Override ( "Name" )
string Name ;
The Name property uniquely identifies the Service and provides an indication of the functionality that is managed. This functionality is described in more detail in the Description property of the object.
MaxLen ( 256 )
Key
string CreationClassName ;
CreationClassName indicates the name of the class or the subclass that is used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified.
ValueMap { "Automatic" , "Manual" }
MaxLen ( 10 )
Deprecated { "CIM_Service.EnabledDefault" }
string StartMode ;
Note: The use of this element is deprecated in lieu of the EnabledDefault property that is inherited from EnabledLogicalElement. The EnabledLogicalElement addresses the same semantics. The change to a uint16 data type was discussed when CIM V2.0 was defined. However, existing V1.0 implementations used the string property. To remain compatible with those implementations, StartMode was grandfathered into the schema. Use of the deprecated qualifier allows the maintenance of the existing property but also permits an improved, clarified definition using EnabledDefault.
Deprecated description: StartMode is a string value that indicates whether the Service is automatically started by a System, an Operating System, and so on, or is started only upon request.
MaxLen ( 256 )
MappingStrings { "MIF.DMTF|General Information|001.4" }
Write
string PrimaryOwnerContact ;
A string that provides information on how the primary owner of the Service can be reached (for example, phone number, e-mail address, and so on).
datetime TimeOfLastStateChange ;
The date or time when the EnabledState of the element last changed. If the state of the element has not changed and this property is populated, then it must be set to a 0 interval value. If a state change was requested, but rejected or not yet processed, the property must not be updated.
ValueMap { "0" , "1" , "2" , "3" , "4" , "5" , "6" , ".." , "4096" , "4097" , "4098" , "4099" , "4100..32767" , "32768..65535" }
Values { "Completed with No Error" , "Not Supported" , "Unknown or Unspecified Error" , "Cannot complete within Timeout Period" , "Failed" , "Invalid Parameter" , "In Use" , "DMTF Reserved" , "Method Parameters Checked - Job Started" , "Invalid State Transition" , "Use of Timeout Parameter Not Supported" , "Busy" , "Method Reserved" , "Vendor Specific" }
ModelCorrespondence { "CIM_EnabledLogicalElement.RequestedState" }
uint32RequestStateChange(
The state requested for the element. This information will be placed into the RequestedState property of the instance if the return code of the RequestStateChange method is 0 ('Completed with No Error'), 3 ('Timeout'), or 4096 (0x1000) ('Job Started'). Refer to the description of the EnabledState and RequestedState properties for the detailed explanations of the RequestedState values.
Qualifiers:ValueMap { "2" , "3" , "4" , "6" , "7" , "8" , "9" , "10" , "11" , ".." , "32768..65535" } Values { "Enabled" , "Disabled" , "Shut Down" , "Offline" , "Test" , "Defer" , "Quiesce" , "Reboot" , "Reset" , "DMTF Reserved" , "Vendor Reserved" } ModelCorrespondence { "CIM_EnabledLogicalElement.RequestedState" } IN
uint16 RequestedState
Reference to the job (can be null if the task is completed).
Qualifiers:OUT IN ( false )
CIM_ConcreteJob REF Job
A timeout period that specifies the maximum amount of time that the client expects the transition to the new state to take. The interval format must be used to specify the TimeoutPeriod. A value of 0 or a null parameter indicates that the client has no time requirements for the transition.
If this property does not contain 0 or null and the implementation does not support this parameter, a return code of 'Use Of Timeout Parameter Not Supported' must be returned.

Qualifiers:IN
datetime TimeoutPeriod
)
Requests that the state of the element be changed to the value specified in the RequestedState parameter. When the requested state change takes place, the EnabledState and RequestedState of the element will be the same. Invoking the RequestStateChange method multiple times could result in earlier requests being overwritten or lost.
If 0 is returned, then the task completed successfully and the use of ConcreteJob was not required. If 4096 (0x1000) is returned, then the task will take some time to complete, ConcreteJob will be created, and its reference returned in the output parameter Job. Any other return code indicates an error condition.
ValueMap { "2" , "3" , "4" , "5" , "6" , "7" , "8" , "9" , "10" , "11" , "12" , ".." , "32768..65535" }
Values { "Enabled" , "Disabled" , "Shut Down" , "No Change" , "Offline" , "Test" , "Deferred" , "Quiesce" , "Reboot" , "Reset" , "Not Applicable" , "DMTF Reserved" , "Vendor Reserved" }
ModelCorrespondence { "CIM_EnabledLogicalElement.EnabledState" }
uint16 RequestedState = 12 ;
RequestedState is an integer enumeration that indicates the last requested or desired state for the element. The actual state of the element is represented by EnabledState. This property is provided to compare the last requested and current enabled or disabled states. Note that when EnabledState is set to 5 ('Not Applicable'), then this property has no meaning. By default, the RequestedState of the element is 5 ('No Change'). Refer to the EnabledState property description for explanations of the values in the RequestedState enumeration.
Offline (6) indicates that the element has been requested to transition to the Enabled but Offline EnabledState.
It should be noted that there are two new values in RequestedState that build on the statuses of EnabledState. These are 'Reboot' (10) and 'Reset' (11). Reboot refers to doing a 'Shut Down' and then moving to an 'Enabled' state. Reset indicates that the element is first 'Disabled' and then 'Enabled'. The distinction between requesting 'Shut Down' and 'Disabled' should also be noted. Shut Down requests an orderly transition to the Disabled state, and might involve removing power, to completely erase any existing state. The Disabled state requests an immediate disabling of the element, such that it will not execute or accept any commands or processing requests.

This property is set as the result of a method invocation (such as Start or StopService on CIM_Service), or can be overridden and defined as WRITEable in a subclass. The method approach is considered superior to a WRITEable property, because it allows an explicit invocation of the operation and the return of a result code.

A particular instance of EnabledLogicalElement might not support RequestedStateChange. If this occurs, the value 12 ('Not Applicable') is used.
ValueMap { "2" , "3" , "5" , "6" , "7" , "9" , ".." , "32768..65535" }
Values { "Enabled" , "Disabled" , "Not Applicable" , "Enabled but Offline" , "No Default" , "Quiesce" , "DMTF Reserved" , "Vendor Reserved" }
Write
uint16 EnabledDefault = 2 ;
An enumerated value indicating an administrator's default or startup configuration for the Enabled State of an element. By default, the element is 'Enabled' (value=2).
ModelCorrespondence { "CIM_EnabledLogicalElement.EnabledState" }
string OtherEnabledState ;
A string that describes the enabled or disabled state of the element when the EnabledState property is set to 1 ('Other'). This property must be set to null when EnabledState is any value other than 1.
ValueMap { "0" , "1" , "2" , "3" , ".." , "0x8000.." }
Values { "Unknown" , "OK" , "Degraded" , "Error" , "DMTF Reserved" , "Vendor Reserved" }
Experimental
ModelCorrespondence { "CIM_ManagedSystemElement.DetailedStatus" , "CIM_ManagedSystemElement.HealthState" }
uint16 PrimaryStatus ;
PrimaryStatus provides a high level status value, intended to align with Red-Yellow-Green type representation of status. It should be used in conjunction with DetailedStatus to provide high level and detailed health status of the ManagedElement and its subcomponents.
PrimaryStatus consists of one of the following values: Unknown, OK, Degraded or Error. 'Unknown' indicates the implementation is in general capable of returning this property, but is unable to do so at this time.
'OK' indicates the ManagedElement is functioning normally.
'Degraded' indicates the ManagedElement is functioning below normal.
'Error' indicates the ManagedElement is in an Error condition.
ValueMap { "0" , "1" , "2" , "3" , "4" , "5" , "6" , "7" , "8" , "9" , "10" , "11" , "12" , "13" , "14" , ".." , "0x8000.." }
Values { "Unknown" , "Not Available" , "In Service" , "Starting" , "Stopping" , "Stopped" , "Aborted" , "Dormant" , "Completed" , "Migrating" , "Emigrating" , "Immigrating" , "Snapshotting" , "Shutting Down" , "In Test" , "DMTF Reserved" , "Vendor Reserved" }
Experimental
ModelCorrespondence { "CIM_EnabledLogicalElement.EnabledState" }
uint16 OperatingStatus ;
OperatingStatus provides a current status value for the operational condition of the element and can be used for providing more detail with respect to the value of EnabledState. It can also provide the transitional states when an element is transitioning from one state to another, such as when an element is transitioning between EnabledState and RequestedState, as well as other transitional conditions.
OperatingStatus consists of one of the following values: Unknown, Not Available, In Service, Starting, Stopping, Stopped, Aborted, Dormant, Completed, Migrating, Emmigrating, Immigrating, Snapshotting. Shutting Down, In Test
A Null return indicates the implementation (provider) does not implement this property.
'Unknown' indicates the implementation is in general capable of returning this property, but is unable to do so at this time.
'None' indicates that the implementation (provider) is capable of returning a value for this property, but not ever for this particular piece of hardware/software or the property is intentionally not used because it adds no meaningful information (as in the case of a property that is intended to add additional info to another property).
'In Service' describes an element being configured, maintained, cleaned, or otherwise administered.
'Starting' describes an element being initialized.
'Stopping' describes an element being brought to an orderly stop.
'Stopped' and 'Aborted' are similar, although the former implies a clean and orderly stop, while the latter implies an abrupt stop where the state and configuration of the element might need to be updated.
'Dormant' indicates that the element is inactive or quiesced.
'Completed' indicates that the element has completed its operation. This value should be combined with either OK, Error, or Degraded in the PrimaryStatus so that a client can tell if the complete operation Completed with OK (passed), Completed with Error (failed), or Completed with Degraded (the operation finished, but it did not complete OK or did not report an error).
'Migrating' element is being moved between host elements.
'Immigrating' element is being moved to new host element.
'Emigrating' element is being moved away from host element.
'Shutting Down' describes an element being brought to an abrupt stop.
'In Test' element is performing test functions.
ValueMap { "0" , "1" , "2" , "3" , "4" , "5" , "6" , "7" , "8" , "9" , "10" , "11..32767" , "32768..65535" }
Values { "Unknown" , "Other" , "Enabled" , "Disabled" , "Shutting Down" , "Not Applicable" , "Enabled but Offline" , "In Test" , "Deferred" , "Quiesce" , "Starting" , "DMTF Reserved" , "Vendor Reserved" }
ModelCorrespondence { "CIM_EnabledLogicalElement.OtherEnabledState" }
uint16 EnabledState = 5 ;
EnabledState is an integer enumeration that indicates the enabled and disabled states of an element. It can also indicate the transitions between these requested states. For example, shutting down (value=4) and starting (value=10) are transient states between enabled and disabled. The following text briefly summarizes the various enabled and disabled states:
Enabled (2) indicates that the element is or could be executing commands, will process any queued commands, and queues new requests.
Disabled (3) indicates that the element will not execute commands and will drop any new requests.
Shutting Down (4) indicates that the element is in the process of going to a Disabled state.
Not Applicable (5) indicates the element does not support being enabled or disabled.
Enabled but Offline (6) indicates that the element might be completing commands, and will drop any new requests.
Test (7) indicates that the element is in a test state.
Deferred (8) indicates that the element might be completing commands, but will queue any new requests.
Quiesce (9) indicates that the element is enabled but in a restricted mode.
Starting (10) indicates that the element is in the process of going to an Enabled state. New requests are queued.
ValueMap { "0" , "1" , "2" , "3" , "4" , "5" , ".." , "0x8000.." }
Values { "Not Available" , "No Additional Information" , "Stressed" , "Predictive Failure" , "Non-Recoverable Error" , "Supporting Entity in Error" , "DMTF Reserved" , "Vendor Reserved" }
Experimental
ModelCorrespondence { "CIM_EnabledLogicalElement.PrimaryStatus" , "CIM_ManagedSystemElement.HealthState" }
uint16 DetailedStatus ;
DetailedStatus compliments PrimaryStatus with additional status detail. It consists of one of the following values: Not Available, No Additional Information, Stressed, Predictive Failure, Error, Non-Recoverable Error, SupportingEntityInError. Detailed status is used to expand upon the PrimaryStatus of the element.
A Null return indicates the implementation (provider) does not implement this property.
'Not Available' indicates that the implementation (provider) is capable of returning a value for this property, but not ever for this particular piece of hardware/software or the property is intentionally not used because it adds no meaningful information (as in the case of a property that is intended to add additional info to another property).
'No Additional Information' indicates that the element is functioning normally as indicated by PrimaryStatus = 'OK'.
'Stressed' indicates that the element is functioning, but needs attention. Examples of 'Stressed' states are overload, overheated, and so on.
'Predictive Failure' indicates that an element is functioning normally but a failure is predicted in the near future.
'Non-Recoverable Error ' indicates that this element is in an error condition that requires human intervention.
'Supporting Entity in Error' indicates that this element might be 'OK' but that another element, on which it is dependent, is in error. An example is a network service or endpoint that cannot function due to lower-layer networking problems.
ValueMap { "0" , "1" , "2" , "3" , "4" , ".." , "0x8000.." }
Values { "Unknown" , "Not Available" , "Communication OK" , "Lost Communication" , "No Contact" , "DMTF Reserved" , "Vendor Reserved" }
Experimental
uint16 CommunicationStatus ;
CommunicationStatus indicates the ability of the instrumentation to communicate with the underlying ManagedElement. CommunicationStatus consists of one of the following values: Unknown, None, Communication OK, Lost Communication, or No Contact.
A Null return indicates the implementation (provider) does not implement this property.
'Unknown' indicates the implementation is in general capable of returning this property, but is unable to do so at this time.
'Not Available' indicates that the implementation (provider) is capable of returning a value for this property, but not ever for this particular piece of hardware/software or the property is intentionally not used because it adds no meaningful information (as in the case of a property that is intended to add additional info to another property).
'Communication OK ' indicates communication is established with the element, but does not convey any quality of service.
'No Contact' indicates that the monitoring system has knowledge of this element, but has never been able to establish communications with it.
'Lost Communication' indicates that the Managed Element is known to exist and has been contacted successfully in the past, but is currently unreachable.
ValueMap { "0" , "1" , "2" , "3" , "4" , "5" , "6" , "7" , "8" , "9" , "10" , "11" , "12" , "13" , "14" , "15" , "16" , "17" , "18" , ".." , "0x8000.." }
ArrayType ( "Indexed" )
Values { "Unknown" , "Other" , "OK" , "Degraded" , "Stressed" , "Predictive Failure" , "Error" , "Non-Recoverable Error" , "Starting" , "Stopping" , "Stopped" , "In Service" , "No Contact" , "Lost Communication" , "Aborted" , "Dormant" , "Supporting Entity in Error" , "Completed" , "Power Mode" , "DMTF Reserved" , "Vendor Reserved" }
ModelCorrespondence { "CIM_ManagedSystemElement.StatusDescriptions" }
uint16 OperationalStatus [ ] ;
Indicates the current statuses of the element. Various operational statuses are defined. Many of the enumeration's values are self-explanatory. However, a few are not and are described here in more detail.
'Stressed' indicates that the element is functioning, but needs attention. Examples of 'Stressed' states are overload, overheated, and so on.
'Predictive Failure' indicates that an element is functioning nominally but predicting a failure in the near future.
'In Service' describes an element being configured, maintained, cleaned, or otherwise administered.
'No Contact' indicates that the monitoring system has knowledge of this element, but has never been able to establish communications with it.
'Lost Communication' indicates that the ManagedSystem Element is known to exist and has been contacted successfully in the past, but is currently unreachable.
'Stopped' and 'Aborted' are similar, although the former implies a clean and orderly stop, while the latter implies an abrupt stop where the state and configuration of the element might need to be updated.
'Dormant' indicates that the element is inactive or quiesced.
'Supporting Entity in Error' indicates that this element might be 'OK' but that another element, on which it is dependent, is in error. An example is a network service or endpoint that cannot function due to lower-layer networking problems.
'Completed' indicates that the element has completed its operation. This value should be combined with either OK, Error, or Degraded so that a client can tell if the complete operation Completed with OK (passed), Completed with Error (failed), or Completed with Degraded (the operation finished, but it did not complete OK or did not report an error).
'Power Mode' indicates that the element has additional power model information contained in the Associated PowerManagementService association.
OperationalStatus replaces the Status property on ManagedSystemElement to provide a consistent approach to enumerations, to address implementation needs for an array property, and to provide a migration path from today's environment to the future. This change was not made earlier because it required the deprecated qualifier. Due to the widespread use of the existing Status property in management applications, it is strongly recommended that providers or instrumentation provide both the Status and OperationalStatus properties. Further, the first value of OperationalStatus should contain the primary status for the element. When instrumented, Status (because it is single-valued) should also provide the primary status of the element.
ArrayType ( "Indexed" )
ModelCorrespondence { "CIM_ManagedSystemElement.OperationalStatus" }
string StatusDescriptions [ ] ;
Strings describing the various OperationalStatus array values. For example, if 'Stopping' is the value assigned to OperationalStatus, then this property may contain an explanation as to why an object is being stopped. Note that entries in this array are correlated with those at the same array index in OperationalStatus.
ValueMap { "OK" , "Error" , "Degraded" , "Unknown" , "Pred Fail" , "Starting" , "Stopping" , "Service" , "Stressed" , "NonRecover" , "No Contact" , "Lost Comm" , "Stopped" }
MaxLen ( 10 )
Deprecated { "CIM_ManagedSystemElement.OperationalStatus" }
string Status ;
A string indicating the current status of the object. Various operational and non-operational statuses are defined. This property is deprecated in lieu of OperationalStatus, which includes the same semantics in its enumeration. This change is made for 3 reasons:
1) Status is more correctly defined as an array. This definition overcomes the limitation of describing status using a single value, when it is really a multi-valued property (for example, an element might be OK AND Stopped.
2) A MaxLen of 10 is too restrictive and leads to unclear enumerated values.
3) The change to a uint16 data type was discussed when CIM V2.0 was defined. However, existing V1.0 implementations used the string property and did not want to modify their code. Therefore, Status was grandfathered into the Schema. Use of the deprecated qualifier allows the maintenance of the existing property, but also permits an improved definition using OperationalStatus.
MappingStrings { "MIF.DMTF|ComponentID|001.5" }
datetime InstallDate ;
A datetime value that indicates when the object was installed. Lack of a value does not indicate that the object is not installed.
ValueMap { "0" , "5" , "10" , "15" , "20" , "25" , "30" , ".." }
Values { "Unknown" , "OK" , "Degraded/Warning" , "Minor failure" , "Major failure" , "Critical failure" , "Non-recoverable error" , "DMTF Reserved" }
uint16 HealthState ;
Indicates the current health of the element. This attribute expresses the health of this element but not necessarily that of its subcomponents. The possible values are 0 to 30, where 5 means the element is entirely healthy and 30 means the element is completely non-functional. The following continuum is defined:
'Non-recoverable Error' (30) - The element has completely failed, and recovery is not possible. All functionality provided by this element has been lost.
'Critical Failure' (25) - The element is non-functional and recovery might not be possible.
'Major Failure' (20) - The element is failing. It is possible that some or all of the functionality of this component is degraded or not working.
'Minor Failure' (15) - All functionality is available but some might be degraded.
'Degraded/Warning' (10) - The element is in working order and all functionality is provided. However, the element is not working to the best of its abilities. For example, the element might not be operating at optimal performance or it might be reporting recoverable errors.
'OK' (5) - The element is fully functional and is operating within normal operational parameters and without error.
'Unknown' (0) - The implementation cannot report on HealthState at this time.
DMTF has reserved the unused portion of the continuum for additional HealthStates in the future.
string ElementName ;
A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information.
Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties.
MaxLen ( 64 )
string Caption ;
The Caption property is a short textual description (one- line string) of the object.
string Description ;
The Description property provides a textual description of the object.