Solaris WBEM Developer's Guide

Setting Access Control

You can set access control on a per-user basis or name space basis. The following access control classes are stored in the root\security name space:

You can set access control for individual users to CIM objects within a name space. Create an instance of the Solaris_UserACL class and then change the access rights for that instance. Similarly, you can set access control for a name space by creating an instance of the Solaris_NameSpaceACL class and then using the createInstance method to set the access rights for that instance.

Combine the use of these two classes by using the Solaris_NameSpaceACL class to first restrict access for all users to the objects in a name space. Then, you can use the Solaris_UserACL class to grant selected users access to the name space.

Solaris_UserAcl Class

The Solaris_UserAcl class extends the Solaris_Acl base class, from which it inherits the string property capability with a default value of r (read only). You can set the capability property to any one of the values for access privileges shown in the following table.

Access Right 

Description 

r

Read 

rw

Read and Write 

w

Write 

none 

No access 

The Solaris_UserAcl class defines the key properties that are shown in the following table. Only one instance of the name space and user name ACL pair can exist in a name space.

Property 

Data Type 

Purpose 

nspace

string

Identifies the name space to which the ACL applies

username

string

Identifies the user to which the ACL applies

ProcedureTo Set Access Control for a User

Steps
  1. Create an instance of the Solaris_UserAcl class.

    ...
    /* Create a name space object initialized with root\security
    (name of name space) on the local host. */
    
    CIMNameSpace cns = new CIMNameSpace("", "root\security");
    
    // Connect to the root\security name space as root. 
    cc = new CIMClient(cns, user, user_passwd);
    
    // Get the Solaris_UserAcl class 
    cimclass = cc.getClass(new CIMObjectPath("Solaris_UserAcl");
    
    // Create a new instance of the Solaris_UserAcl
    class ci = cimclass.newInstance();
    ...
  2. Set the capability property to the desired access rights.

    ...
    /* Change the access rights (capability) to read/write for user Guest
    on objects in the root\molly name space.*/
    ci.setProperty("capability", new CIMValue(new String("rw")); 
    ci.setProperty("nspace", new CIMValue(new String("root\molly")); 
    ci.setProperty("username", new CIMValue(new String("guest"));
    ...
  3. Update the instance.

    ...
    // Pass the updated instance to the CIM Object Manager 
    cc.createInstance(new CIMObjectPath(), ci);
    ...  

Solaris_NamespaceAcl Class

The Solaris_NamespaceAcl extends the Solaris_Acl base class and inherits the string property capability with a default value r (read-only for all users). The Solaris_NamespaceAcl class defines this key property.

Property 

Data Type 

Purpose 

nspace

string

Identifies the name space to which the access control list applies. Only one instance of the name space ACL can exist in a name space.

ProcedureTo Set Access Control for a Name Space

Steps
  1. Create an instance of the Solaris_namespaceAcl class.

    ...
    /* Create a name space object initialized with root\security  
    (name of name space) on the local host. */   
    CIMNameSpace cns = new CIMNameSpace("", "root\security"); 
    
    // Connect to the root\security name space as root. 
    cc = new CIMClient(cns, user, user_passwd);
    
    // Get the Solaris_namespaceAcl class 
    cimclass = cc.getClass(new CIMObjectPath("Solaris_namespaceAcl");
    
    // Create a new instance of the Solaris_namespaceAcl 
    class ci = cimclass.newInstance();
    ...
  2. Set the capability property to the desired access rights.

    ...
    /* Change the access rights (capability) to read/write 
    to the root\molly name space. */
    ci.setProperty("capability", new CIMValue(new String("rw")); 
    ci.setProperty("nspace", new CIMValue(new String("root\molly"));
    ...
  3. Update the instance.

    // Pass the updated instance to the CIM Object Manager 
    cc.createInstance(new CIMObjectPath(), ci);