User\CIM_Account.mof.mof (HTML version)

Return to index
CIM_Account Superclass: CIM_EnabledLogicalElement
CIM_Account is the information held by a SecurityService to track identity and privileges managed by that service. Common examples of an Account are the entries in a UNIX /etc/passwd file. Several kinds of security services use various information from those entries - the /bin/login program uses the account name ('root') and hashed password to authenticate users, and the file service, for instance, uses the UserID field ('0') and GroupID field ('0') to record ownership and determine access control privileges on files in the file system. This class is defined so as to incorporate commonly-used LDAP attributes to permit implementations to easily derive this information from LDAP-accessible directories.

The semantics of Account overlap with that of the class, CIM_Identity. However, aspects of Account - such as its specific tie to a System - are valuable and have been widely implemented. For this reason, the Account and Identity classes are associated using a subclass of LogicalIdentity (AccountIdentity), instead of deprecating the Account class in the CIM Schema. When an Account has been authenticated, the corresponding Identity's TrustEstablished Boolean would be set to TRUE. Then, the Identity class can be used as defined for authorization purposes.
Qualifiers:Version ( "2.14.0" ) UMLPackagePath ( "CIM::User::Account" )
Parameters (local in grey)
Experimental
uint16 MaximumSuccessiveLoginFailures ;
MaximumSuccessiveLoginFailures indicates the number of successive failed login attempts that shall result in the Account being disabled. A value of zero shall indicate that the Account will not be disabled due to successive failed login attempts.
MaxLen ( 256 )
string UserID ;
UserID is the value used by the SecurityService to represent identity. For an authentication service, the UserID may be the name of the user, or for an authorization service the value which serves as a handle to a mapping of the identity.
MaxLen ( 256 )
Propagated ( "CIM_System.Name" )
Key
string SystemName ;
The scoping System's Name.
string OU [ ] ;
The name of an organizational unit related to the account.
MaxLen ( 1024 )
string Descriptions [ ] ;
The Descriptions property values may contain human-readable descriptions of the object. In the case of an LDAP-derived instance, the description attribute may have multiple values that, therefore, cannot be placed in the inherited Description property.
string ObjectClass [ ] ;
In the case of an LDAP-derived instance, the ObjectClass property value(s) may be set to the objectClass attribute values.
string LocalityName [ ] ;
This property contains the name of a locality, such as a city, county or other geographic region.
ValueMap { "2" , "3" , "4" , "5" , "6" , "7" , "8" , ".." , "0x8000..0xFFFF" }
Values { "Minimum Length" , "Preclude User ID Inclusion" , "Maximum Repeating Characters" , "Lower Case Alpha" , "Upper Case Alpha" , "Numeric Character" , "Special Character" , "DMTF Reserved" , "Vendor Reserved" }
Experimental
uint16 ComplexPasswordRulesEnforced [ ] ;
ComplexPasswordRulesEnforced indicates the rules for constructing a complex password enforced by the Account.
Minimum Length a minimum length is enforced for passwords for the account.
Preclude User ID inclusion precluding the password from including the user ID is supported.
Maximum Repeating Characters a limit will be enforced on the number of times a character can occur consecutively.
Lower Case Alpha at least one lower case alpha character is required.
Upper Case Alpha at least one upper case alpha character is required.
Numeric Character at least one numeric character is required.
Special Character at least one special character is required.
Experimental
datetime PasswordExpiration ;
PasswordExpiration indicates the maximum password age enforced for the Account. The value may be expressed as an absolute date-time as an interval, or may be NULL.
An absolute date-time shall indicate the date and time when the password will expire.
An interval value shall indicate the time remaining until the password expires.
A value of NULL shall indicate the password never expires.
string SeeAlso [ ] ;
In the case of an LDAP-derived instance, the SeeAlso property specifies distinguished name of other Directory objects which may be other aspects (in some sense) of the same real world object.
Experimental
datetime InactivityTimeout ;
InactivityTimeout specifies the interval after which if an account has been inactive, it shall be Disabled. The value may be expressed in interval format, as an absolute date-time, or be NULL.
An absolute date-time shall indicate when the password will be disabled due to inactivity.
An interval value shall indicate the time remaining before the password is disabled due to inactivity.
A value of NULL shall indicate that the Account will not be disabled due to inactivity.
MaxLen ( 256 )
Propagated ( "CIM_System.CreationClassName" )
Key
string SystemCreationClassName ;
The scoping System's CCN.
OctetString
string UserCertificate [ ] ;
Based on inetOrgPerson and for directory compatibility, the UserCertificate property may be used to specify a public key certificate for the person.
Experimental
uint16 PasswordHistoryDepth ;
PasswordHistoryDepth indicates the number of previous passwords that shall be maintained for the Account. The Account shall preclude the selection of a password if it occurs in the password history. A value of zero shall indicate that a password history is not maintained.
MaxLen ( 1024 )
Key
Override ( "Name" )
string Name ;
The Name property defines the label by which the object is known. The value of this property may be set to be the same as that of the UserID property or, in the case of an LDAP-derived instance, the Name property value may be set to the distinguishedName of the LDAP-accessed object instance.
MaxLen ( 256 )
Key
string CreationClassName ;
CreationClassName indicates the name of the class or the subclass used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified.
string Host [ ] ;
Based on RFC1274, the host name of the system(s) for which the account applies. The host name may be a fully-qualified DNS name or it may be an unqualified host name.
OctetString
string UserPassword [ ] ;
In the case of an LDAP-derived instance, the UserPassword property may contain an encrypted password used to access the person's resources in a directory.
Experimental
datetime LastLogin ;
LastLogin shall be an absolute date-time that specifies the last successful authentication that occurred for this Account. A value of 99990101000000.000000+000 shall indicate the Account has never been used. A value of NULL shall indicate the last successful login is unknown.
Required
string OrganizationName [ ] ;
The name of the organization related to the account.
datetime TimeOfLastStateChange ;
The date or time when the EnabledState of the element last changed. If the state of the element has not changed and this property is populated, then it must be set to a 0 interval value. If a state change was requested, but rejected or not yet processed, the property must not be updated.
ValueMap { "0" , "1" , "2" , "3" , "4" , "5" , "6" , ".." , "4096" , "4097" , "4098" , "4099" , "4100..32767" , "32768..65535" }
Values { "Completed with No Error" , "Not Supported" , "Unknown or Unspecified Error" , "Cannot complete within Timeout Period" , "Failed" , "Invalid Parameter" , "In Use" , "DMTF Reserved" , "Method Parameters Checked - Job Started" , "Invalid State Transition" , "Use of Timeout Parameter Not Supported" , "Busy" , "Method Reserved" , "Vendor Specific" }
ModelCorrespondence { "CIM_EnabledLogicalElement.RequestedState" }
uint32RequestStateChange(
The state requested for the element. This information will be placed into the RequestedState property of the instance if the return code of the RequestStateChange method is 0 ('Completed with No Error'), 3 ('Timeout'), or 4096 (0x1000) ('Job Started'). Refer to the description of the EnabledState and RequestedState properties for the detailed explanations of the RequestedState values.
Qualifiers:ValueMap { "2" , "3" , "4" , "6" , "7" , "8" , "9" , "10" , "11" , ".." , "32768..65535" } Values { "Enabled" , "Disabled" , "Shut Down" , "Offline" , "Test" , "Defer" , "Quiesce" , "Reboot" , "Reset" , "DMTF Reserved" , "Vendor Reserved" } ModelCorrespondence { "CIM_EnabledLogicalElement.RequestedState" } IN
uint16 RequestedState
Reference to the job (can be null if the task is completed).
Qualifiers:OUT IN ( false )
CIM_ConcreteJob REF Job
A timeout period that specifies the maximum amount of time that the client expects the transition to the new state to take. The interval format must be used to specify the TimeoutPeriod. A value of 0 or a null parameter indicates that the client has no time requirements for the transition.
If this property does not contain 0 or null and the implementation does not support this parameter, a return code of 'Use Of Timeout Parameter Not Supported' must be returned.

Qualifiers:IN
datetime TimeoutPeriod
)
Requests that the state of the element be changed to the value specified in the RequestedState parameter. When the requested state change takes place, the EnabledState and RequestedState of the element will be the same. Invoking the RequestStateChange method multiple times could result in earlier requests being overwritten or lost.
If 0 is returned, then the task completed successfully and the use of ConcreteJob was not required. If 4096 (0x1000) is returned, then the task will take some time to complete, ConcreteJob will be created, and its reference returned in the output parameter Job. Any other return code indicates an error condition.
ValueMap { "2" , "3" , "4" , "5" , "6" , "7" , "8" , "9" , "10" , "11" , "12" , ".." , "32768..65535" }
Values { "Enabled" , "Disabled" , "Shut Down" , "No Change" , "Offline" , "Test" , "Deferred" , "Quiesce" , "Reboot" , "Reset" , "Not Applicable" , "DMTF Reserved" , "Vendor Reserved" }
ModelCorrespondence { "CIM_EnabledLogicalElement.EnabledState" }
uint16 RequestedState = 12 ;
RequestedState is an integer enumeration that indicates the last requested or desired state for the element. The actual state of the element is represented by EnabledState. This property is provided to compare the last requested and current enabled or disabled states. Note that when EnabledState is set to 5 ('Not Applicable'), then this property has no meaning. By default, the RequestedState of the element is 5 ('No Change'). Refer to the EnabledState property description for explanations of the values in the RequestedState enumeration.
Offline (6) indicates that the element has been requested to transition to the Enabled but Offline EnabledState.
It should be noted that there are two new values in RequestedState that build on the statuses of EnabledState. These are 'Reboot' (10) and 'Reset' (11). Reboot refers to doing a 'Shut Down' and then moving to an 'Enabled' state. Reset indicates that the element is first 'Disabled' and then 'Enabled'. The distinction between requesting 'Shut Down' and 'Disabled' should also be noted. Shut Down requests an orderly transition to the Disabled state, and might involve removing power, to completely erase any existing state. The Disabled state requests an immediate disabling of the element, such that it will not execute or accept any commands or processing requests.

This property is set as the result of a method invocation (such as Start or StopService on CIM_Service), or can be overridden and defined as WRITEable in a subclass. The method approach is considered superior to a WRITEable property, because it allows an explicit invocation of the operation and the return of a result code.

A particular instance of EnabledLogicalElement might not support RequestedStateChange. If this occurs, the value 12 ('Not Applicable') is used.
ValueMap { "2" , "3" , "5" , "6" , "7" , "9" , ".." , "32768..65535" }
Values { "Enabled" , "Disabled" , "Not Applicable" , "Enabled but Offline" , "No Default" , "Quiesce" , "DMTF Reserved" , "Vendor Reserved" }
Write
uint16 EnabledDefault = 2 ;
An enumerated value indicating an administrator's default or startup configuration for the Enabled State of an element. By default, the element is 'Enabled' (value=2).
ModelCorrespondence { "CIM_EnabledLogicalElement.EnabledState" }
string OtherEnabledState ;
A string that describes the enabled or disabled state of the element when the EnabledState property is set to 1 ('Other'). This property must be set to null when EnabledState is any value other than 1.
ValueMap { "0" , "1" , "2" , "3" , ".." , "0x8000.." }
Values { "Unknown" , "OK" , "Degraded" , "Error" , "DMTF Reserved" , "Vendor Reserved" }
Experimental
ModelCorrespondence { "CIM_ManagedSystemElement.DetailedStatus" , "CIM_ManagedSystemElement.HealthState" }
uint16 PrimaryStatus ;
PrimaryStatus provides a high level status value, intended to align with Red-Yellow-Green type representation of status. It should be used in conjunction with DetailedStatus to provide high level and detailed health status of the ManagedElement and its subcomponents.
PrimaryStatus consists of one of the following values: Unknown, OK, Degraded or Error. 'Unknown' indicates the implementation is in general capable of returning this property, but is unable to do so at this time.
'OK' indicates the ManagedElement is functioning normally.
'Degraded' indicates the ManagedElement is functioning below normal.
'Error' indicates the ManagedElement is in an Error condition.
ValueMap { "0" , "1" , "2" , "3" , "4" , "5" , "6" , "7" , "8" , "9" , "10" , "11" , "12" , "13" , "14" , ".." , "0x8000.." }
Values { "Unknown" , "Not Available" , "In Service" , "Starting" , "Stopping" , "Stopped" , "Aborted" , "Dormant" , "Completed" , "Migrating" , "Emigrating" , "Immigrating" , "Snapshotting" , "Shutting Down" , "In Test" , "DMTF Reserved" , "Vendor Reserved" }
Experimental
ModelCorrespondence { "CIM_EnabledLogicalElement.EnabledState" }
uint16 OperatingStatus ;
OperatingStatus provides a current status value for the operational condition of the element and can be used for providing more detail with respect to the value of EnabledState. It can also provide the transitional states when an element is transitioning from one state to another, such as when an element is transitioning between EnabledState and RequestedState, as well as other transitional conditions.
OperatingStatus consists of one of the following values: Unknown, Not Available, In Service, Starting, Stopping, Stopped, Aborted, Dormant, Completed, Migrating, Emmigrating, Immigrating, Snapshotting. Shutting Down, In Test
A Null return indicates the implementation (provider) does not implement this property.
'Unknown' indicates the implementation is in general capable of returning this property, but is unable to do so at this time.
'None' indicates that the implementation (provider) is capable of returning a value for this property, but not ever for this particular piece of hardware/software or the property is intentionally not used because it adds no meaningful information (as in the case of a property that is intended to add additional info to another property).
'In Service' describes an element being configured, maintained, cleaned, or otherwise administered.
'Starting' describes an element being initialized.
'Stopping' describes an element being brought to an orderly stop.
'Stopped' and 'Aborted' are similar, although the former implies a clean and orderly stop, while the latter implies an abrupt stop where the state and configuration of the element might need to be updated.
'Dormant' indicates that the element is inactive or quiesced.
'Completed' indicates that the element has completed its operation. This value should be combined with either OK, Error, or Degraded in the PrimaryStatus so that a client can tell if the complete operation Completed with OK (passed), Completed with Error (failed), or Completed with Degraded (the operation finished, but it did not complete OK or did not report an error).
'Migrating' element is being moved between host elements.
'Immigrating' element is being moved to new host element.
'Emigrating' element is being moved away from host element.
'Shutting Down' describes an element being brought to an abrupt stop.
'In Test' element is performing test functions.
ValueMap { "0" , "1" , "2" , "3" , "4" , "5" , "6" , "7" , "8" , "9" , "10" , "11..32767" , "32768..65535" }
Values { "Unknown" , "Other" , "Enabled" , "Disabled" , "Shutting Down" , "Not Applicable" , "Enabled but Offline" , "In Test" , "Deferred" , "Quiesce" , "Starting" , "DMTF Reserved" , "Vendor Reserved" }
ModelCorrespondence { "CIM_EnabledLogicalElement.OtherEnabledState" }
uint16 EnabledState = 5 ;
EnabledState is an integer enumeration that indicates the enabled and disabled states of an element. It can also indicate the transitions between these requested states. For example, shutting down (value=4) and starting (value=10) are transient states between enabled and disabled. The following text briefly summarizes the various enabled and disabled states:
Enabled (2) indicates that the element is or could be executing commands, will process any queued commands, and queues new requests.
Disabled (3) indicates that the element will not execute commands and will drop any new requests.
Shutting Down (4) indicates that the element is in the process of going to a Disabled state.
Not Applicable (5) indicates the element does not support being enabled or disabled.
Enabled but Offline (6) indicates that the element might be completing commands, and will drop any new requests.
Test (7) indicates that the element is in a test state.
Deferred (8) indicates that the element might be completing commands, but will queue any new requests.
Quiesce (9) indicates that the element is enabled but in a restricted mode.
Starting (10) indicates that the element is in the process of going to an Enabled state. New requests are queued.
ValueMap { "0" , "1" , "2" , "3" , "4" , "5" , ".." , "0x8000.." }
Values { "Not Available" , "No Additional Information" , "Stressed" , "Predictive Failure" , "Non-Recoverable Error" , "Supporting Entity in Error" , "DMTF Reserved" , "Vendor Reserved" }
Experimental
ModelCorrespondence { "CIM_EnabledLogicalElement.PrimaryStatus" , "CIM_ManagedSystemElement.HealthState" }
uint16 DetailedStatus ;
DetailedStatus compliments PrimaryStatus with additional status detail. It consists of one of the following values: Not Available, No Additional Information, Stressed, Predictive Failure, Error, Non-Recoverable Error, SupportingEntityInError. Detailed status is used to expand upon the PrimaryStatus of the element.
A Null return indicates the implementation (provider) does not implement this property.
'Not Available' indicates that the implementation (provider) is capable of returning a value for this property, but not ever for this particular piece of hardware/software or the property is intentionally not used because it adds no meaningful information (as in the case of a property that is intended to add additional info to another property).
'No Additional Information' indicates that the element is functioning normally as indicated by PrimaryStatus = 'OK'.
'Stressed' indicates that the element is functioning, but needs attention. Examples of 'Stressed' states are overload, overheated, and so on.
'Predictive Failure' indicates that an element is functioning normally but a failure is predicted in the near future.
'Non-Recoverable Error ' indicates that this element is in an error condition that requires human intervention.
'Supporting Entity in Error' indicates that this element might be 'OK' but that another element, on which it is dependent, is in error. An example is a network service or endpoint that cannot function due to lower-layer networking problems.
ValueMap { "0" , "1" , "2" , "3" , "4" , ".." , "0x8000.." }
Values { "Unknown" , "Not Available" , "Communication OK" , "Lost Communication" , "No Contact" , "DMTF Reserved" , "Vendor Reserved" }
Experimental
uint16 CommunicationStatus ;
CommunicationStatus indicates the ability of the instrumentation to communicate with the underlying ManagedElement. CommunicationStatus consists of one of the following values: Unknown, None, Communication OK, Lost Communication, or No Contact.
A Null return indicates the implementation (provider) does not implement this property.
'Unknown' indicates the implementation is in general capable of returning this property, but is unable to do so at this time.
'Not Available' indicates that the implementation (provider) is capable of returning a value for this property, but not ever for this particular piece of hardware/software or the property is intentionally not used because it adds no meaningful information (as in the case of a property that is intended to add additional info to another property).
'Communication OK ' indicates communication is established with the element, but does not convey any quality of service.
'No Contact' indicates that the monitoring system has knowledge of this element, but has never been able to establish communications with it.
'Lost Communication' indicates that the Managed Element is known to exist and has been contacted successfully in the past, but is currently unreachable.
ValueMap { "0" , "1" , "2" , "3" , "4" , "5" , "6" , "7" , "8" , "9" , "10" , "11" , "12" , "13" , "14" , "15" , "16" , "17" , "18" , ".." , "0x8000.." }
ArrayType ( "Indexed" )
Values { "Unknown" , "Other" , "OK" , "Degraded" , "Stressed" , "Predictive Failure" , "Error" , "Non-Recoverable Error" , "Starting" , "Stopping" , "Stopped" , "In Service" , "No Contact" , "Lost Communication" , "Aborted" , "Dormant" , "Supporting Entity in Error" , "Completed" , "Power Mode" , "DMTF Reserved" , "Vendor Reserved" }
ModelCorrespondence { "CIM_ManagedSystemElement.StatusDescriptions" }
uint16 OperationalStatus [ ] ;
Indicates the current statuses of the element. Various operational statuses are defined. Many of the enumeration's values are self-explanatory. However, a few are not and are described here in more detail.
'Stressed' indicates that the element is functioning, but needs attention. Examples of 'Stressed' states are overload, overheated, and so on.
'Predictive Failure' indicates that an element is functioning nominally but predicting a failure in the near future.
'In Service' describes an element being configured, maintained, cleaned, or otherwise administered.
'No Contact' indicates that the monitoring system has knowledge of this element, but has never been able to establish communications with it.
'Lost Communication' indicates that the ManagedSystem Element is known to exist and has been contacted successfully in the past, but is currently unreachable.
'Stopped' and 'Aborted' are similar, although the former implies a clean and orderly stop, while the latter implies an abrupt stop where the state and configuration of the element might need to be updated.
'Dormant' indicates that the element is inactive or quiesced.
'Supporting Entity in Error' indicates that this element might be 'OK' but that another element, on which it is dependent, is in error. An example is a network service or endpoint that cannot function due to lower-layer networking problems.
'Completed' indicates that the element has completed its operation. This value should be combined with either OK, Error, or Degraded so that a client can tell if the complete operation Completed with OK (passed), Completed with Error (failed), or Completed with Degraded (the operation finished, but it did not complete OK or did not report an error).
'Power Mode' indicates that the element has additional power model information contained in the Associated PowerManagementService association.
OperationalStatus replaces the Status property on ManagedSystemElement to provide a consistent approach to enumerations, to address implementation needs for an array property, and to provide a migration path from today's environment to the future. This change was not made earlier because it required the deprecated qualifier. Due to the widespread use of the existing Status property in management applications, it is strongly recommended that providers or instrumentation provide both the Status and OperationalStatus properties. Further, the first value of OperationalStatus should contain the primary status for the element. When instrumented, Status (because it is single-valued) should also provide the primary status of the element.
ArrayType ( "Indexed" )
ModelCorrespondence { "CIM_ManagedSystemElement.OperationalStatus" }
string StatusDescriptions [ ] ;
Strings describing the various OperationalStatus array values. For example, if 'Stopping' is the value assigned to OperationalStatus, then this property may contain an explanation as to why an object is being stopped. Note that entries in this array are correlated with those at the same array index in OperationalStatus.
ValueMap { "OK" , "Error" , "Degraded" , "Unknown" , "Pred Fail" , "Starting" , "Stopping" , "Service" , "Stressed" , "NonRecover" , "No Contact" , "Lost Comm" , "Stopped" }
MaxLen ( 10 )
Deprecated { "CIM_ManagedSystemElement.OperationalStatus" }
string Status ;
A string indicating the current status of the object. Various operational and non-operational statuses are defined. This property is deprecated in lieu of OperationalStatus, which includes the same semantics in its enumeration. This change is made for 3 reasons:
1) Status is more correctly defined as an array. This definition overcomes the limitation of describing status using a single value, when it is really a multi-valued property (for example, an element might be OK AND Stopped.
2) A MaxLen of 10 is too restrictive and leads to unclear enumerated values.
3) The change to a uint16 data type was discussed when CIM V2.0 was defined. However, existing V1.0 implementations used the string property and did not want to modify their code. Therefore, Status was grandfathered into the Schema. Use of the deprecated qualifier allows the maintenance of the existing property, but also permits an improved definition using OperationalStatus.
MappingStrings { "MIF.DMTF|ComponentID|001.5" }
datetime InstallDate ;
A datetime value that indicates when the object was installed. Lack of a value does not indicate that the object is not installed.
ValueMap { "0" , "5" , "10" , "15" , "20" , "25" , "30" , ".." }
Values { "Unknown" , "OK" , "Degraded/Warning" , "Minor failure" , "Major failure" , "Critical failure" , "Non-recoverable error" , "DMTF Reserved" }
uint16 HealthState ;
Indicates the current health of the element. This attribute expresses the health of this element but not necessarily that of its subcomponents. The possible values are 0 to 30, where 5 means the element is entirely healthy and 30 means the element is completely non-functional. The following continuum is defined:
'Non-recoverable Error' (30) - The element has completely failed, and recovery is not possible. All functionality provided by this element has been lost.
'Critical Failure' (25) - The element is non-functional and recovery might not be possible.
'Major Failure' (20) - The element is failing. It is possible that some or all of the functionality of this component is degraded or not working.
'Minor Failure' (15) - All functionality is available but some might be degraded.
'Degraded/Warning' (10) - The element is in working order and all functionality is provided. However, the element is not working to the best of its abilities. For example, the element might not be operating at optimal performance or it might be reporting recoverable errors.
'OK' (5) - The element is fully functional and is operating within normal operational parameters and without error.
'Unknown' (0) - The implementation cannot report on HealthState at this time.
DMTF has reserved the unused portion of the continuum for additional HealthStates in the future.
string ElementName ;
A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information.
Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties.
MaxLen ( 64 )
string Caption ;
The Caption property is a short textual description (one- line string) of the object.
string Description ;
The Description property provides a textual description of the object.