JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Solaris WBEM Developer's Guide
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

1.  Overview of Solaris Web-Based Enterprise Management

2.  Using the CIM Object Manager

3.  Using the Sample Programs

4.  Writing a Client Program

5.  Writing WBEM Queries

6.  Writing a Provider Program

7.  Creating JavaBeans Components Using the MOF Compiler

8.  Administering Security

WBEM Security Mechanisms

Client Authentication

Role Assumption

Secure Messaging

Authorization

Auditing

Logging

Using Sun WBEM User Manager to Set Access Control

What You Can and Cannot Do With Sun WBEM User Manager

Using Sun WBEM User Manager

How to Start Sun WBEM User Manager

How to Grant Default Access Rights to a User

How to Change Access Rights for a User

How to Remove Access Rights for a User

How to Set Access Rights for a Name Space

How to Remove Access Rights for a Name Space

Using the Solaris WBEM SDK APIs to Set Access Control

Solaris_UserAcl Class

How to Set Access Control for a User

Solaris_NamespaceAcl Class

How to Set Access Control for a Name Space

Troubleshooting Problems With WBEM Security

If a Client (User) Cannot Be Authenticated by the CIMOM on the WBEM Server

If Other CIM Security Exceptions Appear

If an Authorization Check Fails

9.  Troubleshooting

A.  Solaris Platform Schema

Index

Using the Solaris WBEM SDK APIs to Set Access Control

You can use the WBEM SDK's application programming interfaces (SDK APIs) to set access control on a name space or on a per-user basis. These security classes are stored in the root\security name space:

You can set access control for individual users to the CIM objects within a name space by creating an instance of the Solaris_UserACL class. Then use the APIs to change the access rights for that instance. Similarly, you can set access control for name spaces by first creating an instance of the Solaris_NameSpaceACL class. Then using APIs, such as the createInstance method, to set the access rights for that instance.

You can combine the use of these two classes. First, use the Solaris_NameSpaceACL class to restrict access to all users for the objects in a name space. Then, use the Solaris_UserACL class to grant selected users access to the name space.

Solaris_UserAcl Class

The Solaris_UserAcl class inherits the string property capability with a default value r (read only) from theSolaris_Acl class.

You can set the capability property to any one of these values for access privileges.

Access Right
Description
r
Read
rw
Read and Write
w
Write
none
No access

The Solaris_UserAcl class defines the following two key properties. Only one instance of the name space and user-name ACL pair can exist in a name space.

Property
Data Type
Purpose
nspace
string
Identifies the name space to which this ACL applies
username
string
Identifies the user to which this ACL applies

How to Set Access Control for a User

  1. Create an instance of the Solaris_UserAcl class.

    For example:

    ... 
/* Create a name space object initialized with root\security
(name of name space) on the local host. */

CIMNameSpace cns = new CIMNameSpace("", "root\security");

// Connect to the root\security name space as root. 
cc = new CIMClient(cns, user, user_passwd);

// Get the Solaris_UserAcl class 
cimclass = cc.getClass(new CIMObjectPath("Solaris_UserAcl");

// Create a new instance of the Solaris_UserAcl
class ci = cimclass.newInstance();
...
  2. Set the capability property to the desired access rights.

    For example:

    ...
/* Change the access rights (capability) to read/write for user Guest
on objects in the root\molly name space.*/
ci.setProperty("capability", new CIMValue(new String("rw")); 
ci.setProperty("nspace", new CIMValue(new String("root\molly")); 
ci.setProperty("username", new CIMValue(new String("guest"));
...
  3. Update the instance.

    For example:

    ...
// Pass the updated instance to the CIM Object Manager 
cc.createInstance(new CIMObjectPath(), ci);
...

Solaris_NamespaceAcl Class

The Solaris_NamespaceAcl inherits the string property capability with a default value r (read-only for all users) from the Solaris_Acl class. The Solaris_NamespaceAcl class defines this key property.

Property
Data Type
Purpose
nspace
string
Identifies the name space to which this access control list applies. Only one instance of the name space ACL can exist in a name space.

How to Set Access Control for a Name Space

  1. Create an instance of the Solaris_NamespaceAcl class.

    For example:

    ...
/* Create a name space object initialized with root\security
(name of name space) on the local host. */ 
CIMNameSpace cns = new CIMNameSpace("", "root\security");

// Connect to the root\security name space as root.
cc = new CIMClient(cns, user, user_passwd);

// Get the Solaris_namespaceAcl class 
cimclass = cc.getClass(new CIMObjectPath("Solaris_namespaceAcl");

// Create a new instance of the Solaris_namespaceAcl 
class ci = cimclass.newInstance();
...
  2. Set the capability property to the desired access rights.

    For example:

    ...
/* Change the access rights (capability) to read/write 
to the root\molly name space. */
ci.setProperty("capability", new CIMValue(new String("rw")); 
ci.setProperty("nspace", new CIMValue(new String("root\molly"));
...
  3. Update the instance.

    For example:

    // Pass the updated instance to the CIM Object Manager 
cc.createInstance(new CIMObjectPath(), ci);
Copyright © 2005, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next