Using the Sun WBEM User Manager to Set Access Control

The Sun allows privileged users to add and delete authorized users and to set their access privileges. Use this application to manage user authentication and access to CIM objects on a WBEM-enabled system. A user must have a Solaris user account.

You can set access privileges on individual namespaces or for a user-namespace combination. When you add a user and select a namespace, by default the user is granted read access to CIM objects in the selected namespace. An effective way to combine user and namespace access rights is to first restrict access to a namespace. Then grant individual users read, read and write, or write access to that namespace.

You cannot set access rights on individual managed objects. However you can set access rights for all managed objects in a namespace as well as on a per-user basis.

If you log in as root, you can set the following types of access to CIM objects:

• Read Only - Allows read-only access to CIM Schema objects. Users with this privilege can retrieve instances and classes, but cannot create, delete, or modify CIM objects.

• Read/Write - Allows full read, write, and delete access to all CIM classes and instances.

• Write - Allows write and delete, but not read access to all CIM classes and instances.

• None - Allows no access to CIM classes and instances.

How to Start Sun WBEM User Manager

1. In a command window, type the command:

   # /usr/sadm/bin/wbemadmin

   The Sun starts, and the Login dialog box opens. Context-help information is available in the Context Help panel when you click on the fields in the dialog box.

2. In the Login dialog box, do the following:

   • In the User Name field, type the user name.

     You must have read access to the root\security namespace to log in. By default, Solaris users have guest privileges, which grant them read access to the default namespaces. Users with read access can view , but cannot change, user privileges.

     You must log in as root or a user with write access to the root\security namespace to grant access rights to users.

   • In the Password field, type the password for the user account.

3. Click OK.

   The User Manager dialog box opens with a list of users and their access rights to WBEM objects within the namespaces on the current host.

How to Grant Default Access Rights to a User

1. Start Sun .

2. In the Users Access portion of the dialog box, click Add.

   A dialog box opens that lists the available namespaces.

3. Type the name of a Solaris user account in the User Name text entry field.

4. Select a namespace from the listed namespaces.

5. Click OK.

   The user name is added to the User Manager dialog box.

6. Click OK to save the changes and close the User Manager dialog box. Click Apply to save the changes and keep the dialog box open.

   This action grants this user read access to CIM objects in the selected namespace.

How to Change Access Rights for a User

1. Start Sun .

2. Select the user whose access rights you want to change.

3. To grant the user read-only access, click the Read check box. To grant the user write access, click the Write check box.

4. Click OK to save the changes and close the User Manager dialog box. Click Apply to save the changes and keep the dialog box open.

How to Remove Access Rights for a User

1. Start Sun .

2. In the Users Access portion of the dialog box, select the user name for which you want to remove access rights.

3. Click Delete to delete the user's access rights to the namespace.

   A confirmation dialog box asks you to confirm your decision to delete the user's access rights. Click OK to confirm.

4. Click OK to save the changes and close the User Manager dialog box. Click Apply to save the changes and keep the dialog box open.

How to Set Access Rights for a Namespace

1. Start Sun .

2. In the Namespace Access portion of the dialog box, click Add.

   A dialog box opens that lists the available namespaces.

3. Select the namespace for which you want to set access rights.

   By default, users have read-only access to a namespace.

   • To allow no access to the namespace, make sure the Read and Write check boxes are not selected.

   • To allow write access, click the Write check box.

   • To allow read access, click the Read check box.

4. Click OK to save the changes and close the User Manager dialog box. Click Apply to save the changes and keep the dialog box open.

How to Remove Access Rights for a Namespace

1. Start Sun .

2. In the Namespace Access portion of the dialog box, select the namespace for which you want to remove access control, and then click Delete.

   Access control is removed from the namespace, and the namespace is removed from the list of namespaces on the User Manager dialog box.

3. Click OK to save the changes and close the User Manager dialog box. Click Apply to save the changes and keep the dialog box open.