JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris WBEM Developer's Guide     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information

Preface

1.  Overview of Solaris Web-Based Enterprise Management

2.  Using the CIM Object Manager

3.  Using the Sample Programs

4.  Writing a Client Program

Client API Overview

Sequence of a Client Application

Opening and Closing a Client Connection

About Namespaces

Opening a Client Connection

Closing a Client Connection

Performing Basic Client Operations

Creating an Instance

Deleting an Instance

Getting and Setting Instances

Getting and Setting Properties

Enumerating Objects

Enumerating Objects

Creating Associations

About the Association Methods

Passing a Class to the Association Methods

Passing Instances to the Association Methods

Using Optional Arguments With the Association Methods

Calling Methods

Retrieving Class Definitions

Handling Exceptions

Creating a Namespace

Deleting a Namespace

Creating a Base Class

Deleting a Class

Setting Access Control

Solaris_UserAcl Class

To Set Access Control for a User

Solaris_NamespaceAcl Class

To Set Access Control for a Namespace

Working With Qualifiers and Qualifier Types

Getting and Setting CIM Qualifiers

Batching Client Requests

Handling CIM Events

About Indications

About Subscriptions

To Create a Subscription

Adding a CIM Listener

Creating an Event Filter

To Create an Event Filter

Creating an Event Handler

Binding an Event Filter to an Event Handler

Reading and Writing Log Messages

About Log Files

5.  Writing WBEM Queries

6.  Writing a Provider Program

7.  Creating JavaBeans Components Using the MOF Compiler

8.  Administering Security

9.  Troubleshooting

A.  Solaris Schema

Index

Setting Access Control

You can set access control on a per-user basis or namespace basis. The following access control classes are stored in the root\security namespace:

You can set access control for individual users to CIM objects within a namespace. Create an instance of the Solaris_UserACL class and then change the access rights for that instance. Similarly, you can set access control for a namespace by creating an instance of the Solaris_NameSpaceACL class and then using the createInstance method to set the access rights for that instance.

Combine the use of these two classes by using the Solaris_NameSpaceACL class to first restrict access for all users to the objects in a namespace. Then, you can use the Solaris_UserACL class to grant selected users access to the namespace.

Solaris_UserAcl Class

The Solaris_UserAcl class extends the Solaris_Acl base class, from which it inherits the string property capability with a default value of r (read only). You can set the capability property to any one of the values for access privileges shown in the following table.

Access Right
Description
r
Read
rw
Read and Write
w
Write
none
No access

The Solaris_UserAcl class defines the key properties that are shown in the following table. Only one instance of the namespace and user name ACL pair can exist in a namespace.

Property
Data Type
Purpose
nspace
string
Identifies the namespace to which the ACL applies
username
string
Identifies the user to which the ACL applies

To Set Access Control for a User

  1. Create an instance of the Solaris_UserAcl class.
    ... 
    /* Create a namespace object initialized with root\security
    (name of namespace) on the local host. */
    
    CIMNameSpace cns = new CIMNameSpace("", "root\security");
    
    // Connect to the root\security namespace as root. 
    cc = new CIMClient(cns, user, user_passwd);
    
    // Get the Solaris_UserAcl class 
    cimclass = cc.getClass(new CIMObjectPath("Solaris_UserAcl");
    
    // Create a new instance of the Solaris_UserAcl
    class ci = cimclass.newInstance();
    ...
  2. Set the capability property to the desired access rights.
    ...
    /* Change the access rights (capability) to read/write for user Guest
    on objects in the root\molly namespace.*/
    ci.setProperty("capability", new CIMValue(new String("rw")); 
    ci.setProperty("nspace", new CIMValue(new String("root\molly")); 
    ci.setProperty("username", new CIMValue(new String("guest"));
    ...
  3. Update the instance.
    ...
    // Pass the updated instance to the CIM Object Manager 
    cc.createInstance(new CIMObjectPath(), ci);
    ...  

Solaris_NamespaceAcl Class

The Solaris_NamespaceAcl extends the Solaris_Acl base class and inherits the string property capability with a default value r (read-only for all users). The Solaris_NamespaceAcl class defines this key property.

Property
Data Type
Purpose
nspace
string
Identifies the namespace to which the access control list applies. Only one instance of the namespace ACL can exist in a namespace.

To Set Access Control for a Namespace

  1. Create an instance of the Solaris_namespaceAcl class.
    ...
    /* Create a namespace object initialized with root\security  
    (name of namespace) on the local host. */   
    CIMNameSpace cns = new CIMNameSpace("", "root\security"); 
    
    // Connect to the root\security namespace as root. 
    cc = new CIMClient(cns, user, user_passwd);
    
    // Get the Solaris_namespaceAcl class 
    cimclass = cc.getClass(new CIMObjectPath("Solaris_namespaceAcl");
    
    // Create a new instance of the Solaris_namespaceAcl 
    class ci = cimclass.newInstance();
    ...
  2. Set the capability property to the desired access rights.
    ...
    /* Change the access rights (capability) to read/write 
    to the root\molly namespace. */
    ci.setProperty("capability", new CIMValue(new String("rw")); 
    ci.setProperty("nspace", new CIMValue(new String("root\molly"));
    ...
  3. Update the instance.
    // Pass the updated instance to the CIM Object Manager 
    cc.createInstance(new CIMObjectPath(), ci);