Setting Access Control

You can set access control on a per-user basis or name space basis. The following access control classes are stored in the root\security name space:

• Solaris_Acl – Base class for Solaris OS access control lists (ACLs). This class defines the string property capability and sets its default value to r (read only).

• Solaris_UserAcl – Represents a user's access control to the CIM objects within the specified name space.

• Solaris_NamespaceAcl – Represents the access control on a name space.

You can set access control for individual users to CIM objects within a name space. Create an instance of the Solaris_UserACL class and then change the access rights for that instance. Similarly, you can set access control for a name space by creating an instance of the Solaris_NameSpaceACL class and then using the createInstance method to set the access rights for that instance.

Combine the use of these two classes by using the Solaris_NameSpaceACL class to first restrict access for all users to the objects in a name space. Then, you can use the Solaris_UserACL class to grant selected users access to the name space.

Solaris_UserAcl Class

The Solaris_UserAcl class extends the Solaris_Acl base class, from which it inherits the string property capability with a default value of r (read only). You can set the capability property to any one of the values for access privileges shown in the following table.

The Solaris_UserAcl class defines the key properties that are shown in the following table. Only one instance of the name space and user name ACL pair can exist in a name space.

To Set Access Control for a User

Steps

1. Create an instance of the Solaris_UserAcl class.

   ...
   /* Create a name space object initialized with root\security
   (name of name space) on the local host. */
   
   CIMNameSpace cns = new CIMNameSpace("", "root\security");
   
   // Connect to the root\security name space as root. 
   cc = new CIMClient(cns, user, user_passwd);
   
   // Get the Solaris_UserAcl class 
   cimclass = cc.getClass(new CIMObjectPath("Solaris_UserAcl");
   
   // Create a new instance of the Solaris_UserAcl
   class ci = cimclass.newInstance();
   ...

2. Set the capability property to the desired access rights.

   ...
   /* Change the access rights (capability) to read/write for user Guest
   on objects in the root\molly name space.*/
   ci.setProperty("capability", new CIMValue(new String("rw")); 
   ci.setProperty("nspace", new CIMValue(new String("root\molly")); 
   ci.setProperty("username", new CIMValue(new String("guest"));
   ...

3. Update the instance.

   ...
   // Pass the updated instance to the CIM Object Manager 
   cc.createInstance(new CIMObjectPath(), ci);
   ...  

Solaris_NamespaceAcl Class

The Solaris_NamespaceAcl extends the Solaris_Acl base class and inherits the string property capability with a default value r (read-only for all users). The Solaris_NamespaceAcl class defines this key property.

To Set Access Control for a Name Space

Steps

1. Create an instance of the Solaris_namespaceAcl class.

   ...
   /* Create a name space object initialized with root\security  
   (name of name space) on the local host. */   
   CIMNameSpace cns = new CIMNameSpace("", "root\security"); 
   
   // Connect to the root\security name space as root. 
   cc = new CIMClient(cns, user, user_passwd);
   
   // Get the Solaris_namespaceAcl class 
   cimclass = cc.getClass(new CIMObjectPath("Solaris_namespaceAcl");
   
   // Create a new instance of the Solaris_namespaceAcl 
   class ci = cimclass.newInstance();
   ...

2. Set the capability property to the desired access rights.

   ...
   /* Change the access rights (capability) to read/write 
   to the root\molly name space. */
   ci.setProperty("capability", new CIMValue(new String("rw")); 
   ci.setProperty("nspace", new CIMValue(new String("root\molly"));
   ...

3. Update the instance.

   // Pass the updated instance to the CIM Object Manager 
   cc.createInstance(new CIMObjectPath(), ci);