// Copyright (c) 2005 DMTF.  All rights reserved.// <change cr="ArchCR00066.004" type="add">Add UmlPackagePath// qualifier values to CIM Schema.</change>// ==================================================================//  CIM_Privilege// ==================================================================   [UMLPackagePath ( "CIM::User::Privilege" ), Version ( "2.8.0" ),     Description (       "Privilege is the base class for all types of activities which "       "are granted or denied by a Role or an Identity. Whether an "       "individual Privilege is granted or denied is defined using the "       "PrivilegeGranted boolean. Any Privileges not specifically "       "granted are assumed to be denied. An explicit deny (Privilege "       "Granted = FALSE) takes precedence over any granted Privileges. "       "\n\n"       "The association of subjects (Roles and Identities) to "       "Privileges is accomplished using policy or explicitly via the "       "associations on a subclass. The entities that are protected "       "(targets) can be similarly defined. \n"       "\n"       "Note that Privileges may be inherited through hierarchical "       "Roles, or may overlap. For example, a Privilege denying any "       "instance Writes in a particular CIM Server Namespace would "       "overlap with a Privilege defining specific access rights at an "       "instance level within that Namespace. In this example, the "       "AuthorizedSubjects are either Identities or Roles, and the "       "AuthorizedTargets are a Namespace in the former case, and a "       "particular instance in the latter.")]class CIM_Privilege : CIM_ManagedElement {      [Key, Description (          "Within the scope of the instantiating Namespace, InstanceID "          "opaquely and uniquely identifies an instance of this class. "          "In order to ensure uniqueness within the NameSpace, the "          "value of InstanceID SHOULD be constructed using the "          "following 'preferred' algorithm: \n"          "<OrgID>:<LocalID> \n"          "Where <OrgID> and <LocalID> are separated by a colon ':', "          "and where <OrgID> MUST include a copyrighted, trademarked "          "or otherwise unique name that is owned by the business "          "entity creating/defining the InstanceID, or is a registered "          "ID that is assigned to the business entity by a recognized "          "global authority. (This is similar to the <Schema "          "Name>_<Class Name> structure of Schema class names.) In "          "addition, to ensure uniqueness <OrgID> MUST NOT contain a "          "colon (':'). When using this algorithm, the first colon to "          "appear in InstanceID MUST appear between <OrgID> and "          "<LocalID>. \n"          "<LocalID> is chosen by the business entity and SHOULD not "          "be re-used to identify different underlying (real-world) "          "elements. If the above 'preferred' algorithm is not used, "          "the defining entity MUST assure that the resultant "          "InstanceID is not re-used across any InstanceIDs produced "          "by this or other providers for this instance's NameSpace. "          "For DMTF defined instances, the 'preferred' algorithm MUST "          "be used with the <OrgID> set to 'CIM'.")]   string InstanceID;      [Description (          "Boolean indicating whether the Privilege is granted (TRUE) "          "or denied (FALSE). The default is to grant permission.")]   boolean PrivilegeGranted = TRUE;      [Description (          "An enumeration indicating the activities that are granted "          "or denied. These activities apply to all entities specified "          "in the ActivityQualifiers array. The values in the "          "enumeration are straightforward except for one, "          "4=\"Detect\". This value indicates that the existence or "          "presence of an entity may be determined, but not "          "necessarily specific data (which requires the Read "          "privilege to be true). This activity is exemplified by "          "'hidden files'- if you list the contents of a directory, "          "you will not see hidden files. However, if you know a "          "specific file name, or know how to expose hidden files, "          "then they can be 'detected'. Another example is the ability "          "to define search privileges in directory implementations."),        ValueMap { "1", "2", "3", "4", "5", "6", "7", "..15999",          "16000.." },        Values { "Other", "Create", "Delete", "Detect", "Read", "Write",          "Execute", "DMTF Reserved", "Vendor Reserved" },          ArrayType ( "Indexed" ),        ModelCorrespondence { "CIM_Privilege.ActivityQualifiers" }]   uint16 Activities[];      [Description (          "The ActivityQualifiers property is an array of string "          "values used to further qualify and specify the privileges "          "granted or denied. For example, it is used to specify a set "          "of files for which 'Read'/'Write' access is permitted or "          "denied. Or, it defines a class' methods that may be "          "'Executed'. Details on the semantics of the individual "          "entries in ActivityQualifiers are provided by corresponding "          "entries in the QualifierFormats array."),        ArrayType ( "Indexed" ),        ModelCorrespondence { "CIM_Privilege.Activities",          "CIM_Privilege.QualifierFormats" }]   string ActivityQualifiers[];      [Description (          "Defines the semantics of corresponding entries in the "          "ActivityQualifiers array. An example of each of these "          "'formats' and their use follows: \n"          "- 2=Class Name. Example: If the authorization target is a "          "CIM Service or a Namespace, then the ActivityQualifiers "          "entries can define a list of classes that the authorized "          "subject is able to create or delete. \n"          "- 3=<Class.>Property. Example: If the authorization target "          "is a CIM Service, Namespace or Collection of instances, "          "then the ActivityQualifiers entries can define the class "          "properties that may or may not be accessed. In this case, "          "the class names are specified with the property names to "          "avoid ambiguity - since a CIM Service, Namespace or "          "Collection could manage multiple classes. On the other "          "hand, if the authorization target is an individual "          "instance, then there is no possible ambiguity and the class "          "name may be omitted. To specify ALL properties, the "          "wildcard string \"*\" should be used. \n"          "- 4=<Class.>Method. This example is very similar to the "          "Property one, above. And, as above, the string \"*\" may be "          "specified to select ALL methods. \n"          "- 5=Object Reference. Example: If the authorization target "          "is a CIM Service or Namespace, then the ActivityQualifiers "          "entries can define a list of object references (as strings) "          "that the authorized subject can access. \n"          "- 6=Namespace. Example: If the authorization target is a "          "CIM Service, then the ActivityQualifiers entries can define "          "a list of Namespaces that the authorized subject is able to "          "access. \n"          "- 7=URL. Example: An authorization target may not be "          "defined, but a Privilege could be used to deny access to "          "specific URLs by individual Identities or for specific "          "Roles, such as the 'under 17' Role. \n"          "- 8=Directory/File Name. Example: If the authorization "          "target is a FileSystem, then the ActivityQualifiers entries "          "can define a list of directories and files whose access is "          "protected. \n"          "- 9=Command Line Instruction. Example: If the authorization "          "target is a ComputerSystem or Service, then the "          "ActivityQualifiers entries can define a list of command "          "line instructions that may or may not be 'Executed' by the "          "authorized subjects."),        ValueMap { "2", "3", "4", "5", "6", "7", "8", "9", "..15999",          "16000.." },        Values { "Class Name", "<Class.>Property", "<Class.>Method",          "Object Reference", "Namespace", "URL",          "Directory/File Name", "Command Line Instruction",          "DMTF Reserved", "Vendor Reserved" }, ArrayType ( "Indexed" ),        ModelCorrespondence { "CIM_Privilege.ActivityQualifiers" }]   uint16 QualifierFormats[];};