Skip Navigation Links | |
Exit Print View | |
Oracle Solaris WBEM Developer's Guide Oracle Solaris 11 Express 11/10 |
1. Overview of Solaris Web-Based Enterprise Management
2. Using the CIM Object Manager
Sequence of a Client Application
Opening and Closing a Client Connection
Performing Basic Client Operations
Getting and Setting Properties
Passing a Class to the Association Methods
Passing Instances to the Association Methods
Using Optional Arguments With the Association Methods
Working With Qualifiers and Qualifier Types
Getting and Setting CIM Qualifiers
Binding an Event Filter to an Event Handler
Reading and Writing Log Messages
You can set access control on a per-user basis or namespace basis. The following access control classes are stored in the root\security namespace:
Solaris_Acl – Base class for Solaris access control lists (ACLs). This class defines the string property capability and sets its default value to r (read only).
Solaris_UserAcl – Represents a user's access control to the CIM objects within the specified namespace.
Solaris_NamespaceAcl – Represents the access control on a namespace.
You can set access control for individual users to CIM objects within a namespace. Create an instance of the Solaris_UserACL class and then change the access rights for that instance. Similarly, you can set access control for a namespace by creating an instance of the Solaris_NameSpaceACL class and then using the createInstance method to set the access rights for that instance.
Combine the use of these two classes by using the Solaris_NameSpaceACL class to first restrict access for all users to the objects in a namespace. Then, you can use the Solaris_UserACL class to grant selected users access to the namespace.
The Solaris_UserAcl class extends the Solaris_Acl base class, from which it inherits the string property capability with a default value of r (read only). You can set the capability property to any one of the values for access privileges shown in the following table.
|
The Solaris_UserAcl class defines the key properties that are shown in the following table. Only one instance of the namespace and user name ACL pair can exist in a namespace.
|
... /* Create a namespace object initialized with root\security (name of namespace) on the local host. */ CIMNameSpace cns = new CIMNameSpace("", "root\security"); // Connect to the root\security namespace as root. cc = new CIMClient(cns, user, user_passwd); // Get the Solaris_UserAcl class cimclass = cc.getClass(new CIMObjectPath("Solaris_UserAcl"); // Create a new instance of the Solaris_UserAcl class ci = cimclass.newInstance(); ...
... /* Change the access rights (capability) to read/write for user Guest on objects in the root\molly namespace.*/ ci.setProperty("capability", new CIMValue(new String("rw")); ci.setProperty("nspace", new CIMValue(new String("root\molly")); ci.setProperty("username", new CIMValue(new String("guest")); ...
... // Pass the updated instance to the CIM Object Manager cc.createInstance(new CIMObjectPath(), ci); ...
The Solaris_NamespaceAcl extends the Solaris_Acl base class and inherits the string property capability with a default value r (read-only for all users). The Solaris_NamespaceAcl class defines this key property.
|
... /* Create a namespace object initialized with root\security (name of namespace) on the local host. */ CIMNameSpace cns = new CIMNameSpace("", "root\security"); // Connect to the root\security namespace as root. cc = new CIMClient(cns, user, user_passwd); // Get the Solaris_namespaceAcl class cimclass = cc.getClass(new CIMObjectPath("Solaris_namespaceAcl"); // Create a new instance of the Solaris_namespaceAcl class ci = cimclass.newInstance(); ...
... /* Change the access rights (capability) to read/write to the root\molly namespace. */ ci.setProperty("capability", new CIMValue(new String("rw")); ci.setProperty("nspace", new CIMValue(new String("root\molly")); ...
// Pass the updated instance to the CIM Object Manager cc.createInstance(new CIMObjectPath(), ci);