// Copyright (c) 2005 DMTF. All rights reserved. // Add UmlPackagePath // qualifier values to CIM Schema. // ================================================================== // CIM_AuthorizationRule // ================================================================== [Experimental, Version ( "2.8.1000" ), UMLPackagePath ( "CIM::Policy" ), Description ( "A class representing a company\'s and/or administrator\'s " "rules with respect to authorizing Identities (subjects), for " "access of target elements, based on associated " "Privileges/Roles. This includes dynamically permitting and " "denying access, statically adding or removing Identities " "(i.e., Subjects) and Targets to/from Roles via the " "MemberOfCollection and RoleLimitedToTarget associations, and " "adding or removing AuthorizedSubject and AuthorizedTarget " "associations when AuthorizedPrivilege classes are implemented. \n" "\n" "Explaining this in more detail: If a request is made to access " "a target element associated to this AuthorizationRule via " "AuthorizationRuleAppliesToTarget, the rights to execute the " "request are verified by searching for matching Privilege " "instances and an associated Identity that is tied to the " "requestor. An Identity is associated to the rule using " "AuthorizationRuleAppliesToSubject. The associations of " "Privileges to an AuthorizationRule are either individually " "using AuthorizationRuleAppliesToPrivilege, or via collection " "into a Role class (where the Role is associated to the rule " "using AuthorizationRuleAppliesToRole). If the Identity\'s " "CurrentlyAuthorized property is TRUE and a corresponding " "\'granting\' Privilege is defined, then the request for access " "is authorized. If any of the preceding conditions do not hold, " "then the request is denied. \n" "\n" "Note that the evaluation of the AuthorizationRule\'s " "conditions MAY result in the \'static\' instantiation of " "associations to AuthorizedPrivilege or Role - that are then " "traversed to determine access. Targets MAY be statically " "associated to Privileges or Roles using the AuthorizedTarget " "and RoleLimitedToTarget relationships, respectively. " "Identities MAY be statically associated to Privileges or Roles " "using the AuthorizedSubject and MemberOfCollection " "relationships, respectively." )] class CIM_AuthorizationRule : CIM_PolicyRule { };