You can set access control on a per-user basis or name space basis. The following access control classes are stored in the root\security name space:
Solaris_Acl – Base class for Solaris OS access control lists (ACLs). This class defines the string property capability and sets its default value to r (read only).
Solaris_UserAcl – Represents a user's access control to the CIM objects within the specified name space.
Solaris_NamespaceAcl – Represents the access control on a name space.
You can set access control for individual users to CIM objects within a name space. Create an instance of the Solaris_UserACL class and then change the access rights for that instance. Similarly, you can set access control for a name space by creating an instance of the Solaris_NameSpaceACL class and then using the createInstance method to set the access rights for that instance.
Combine the use of these two classes by using the Solaris_NameSpaceACL class to first restrict access for all users to the objects in a name space. Then, you can use the Solaris_UserACL class to grant selected users access to the name space.
The Solaris_UserAcl class extends the Solaris_Acl base class, from which it inherits the string property capability with a default value of r (read only). You can set the capability property to any one of the values for access privileges shown in the following table.
Access Right |
Description |
---|---|
r |
Read |
rw |
Read and Write |
w |
Write |
none |
No access |
The Solaris_UserAcl class defines the key properties that are shown in the following table. Only one instance of the name space and user name ACL pair can exist in a name space.
Property |
Data Type |
Purpose |
---|---|---|
nspace |
string |
Identifies the name space to which the ACL applies |
username |
string |
Identifies the user to which the ACL applies |
Create an instance of the Solaris_UserAcl class.
... /* Create a name space object initialized with root\security (name of name space) on the local host. */ CIMNameSpace cns = new CIMNameSpace("", "root\security"); // Connect to the root\security name space as root. cc = new CIMClient(cns, user, user_passwd); // Get the Solaris_UserAcl class cimclass = cc.getClass(new CIMObjectPath("Solaris_UserAcl"); // Create a new instance of the Solaris_UserAcl class ci = cimclass.newInstance(); ...
Set the capability property to the desired access rights.
... /* Change the access rights (capability) to read/write for user Guest on objects in the root\molly name space.*/ ci.setProperty("capability", new CIMValue(new String("rw")); ci.setProperty("nspace", new CIMValue(new String("root\molly")); ci.setProperty("username", new CIMValue(new String("guest")); ...
Update the instance.
... // Pass the updated instance to the CIM Object Manager cc.createInstance(new CIMObjectPath(), ci); ...
The Solaris_NamespaceAcl extends the Solaris_Acl base class and inherits the string property capability with a default value r (read-only for all users). The Solaris_NamespaceAcl class defines this key property.
Property |
Data Type |
Purpose |
---|---|---|
nspace |
string |
Identifies the name space to which the access control list applies. Only one instance of the name space ACL can exist in a name space. |
Create an instance of the Solaris_namespaceAcl class.
... /* Create a name space object initialized with root\security (name of name space) on the local host. */ CIMNameSpace cns = new CIMNameSpace("", "root\security"); // Connect to the root\security name space as root. cc = new CIMClient(cns, user, user_passwd); // Get the Solaris_namespaceAcl class cimclass = cc.getClass(new CIMObjectPath("Solaris_namespaceAcl"); // Create a new instance of the Solaris_namespaceAcl class ci = cimclass.newInstance(); ...
Set the capability property to the desired access rights.
... /* Change the access rights (capability) to read/write to the root\molly name space. */ ci.setProperty("capability", new CIMValue(new String("rw")); ci.setProperty("nspace", new CIMValue(new String("root\molly")); ...
Update the instance.
// Pass the updated instance to the CIM Object Manager cc.createInstance(new CIMObjectPath(), ci);