You can set access control on a per-user basis or namespace basis. The following access control classes are stored in the root\security namespace:
Solaris_Acl – Base class for Solaris access control lists (ACLs). This class defines the string property capability and sets its default value to r (read only).
Solaris_UserAcl – Represents a user's access control to the CIM objects within the specified namespace.
Solaris_NamespaceAcl – Represents the access control on a namespace.
You can set access control for individual users to CIM objects within a namespace. Create an instance of the Solaris_UserACL class and then change the access rights for that instance. Similarly, you can set access control for a namespace by creating an instance of the Solaris_NameSpaceACL class and then using the createInstance method to set the access rights for that instance.
Combine the use of these two classes by using the Solaris_NameSpaceACL class to first restrict access for all users to the objects in a namespace. Then, you can use the Solaris_UserACL class to grant selected users access to the namespace.
The Solaris_UserAcl class extends the Solaris_Acl base class, from which it inherits the string property capability with a default value of r (read only). You can set the capability property to any one of the values for access privileges shown in the following table.
Access Right |
Description |
---|---|
r |
Read |
rw |
Read and Write |
w |
Write |
none |
No access |
The Solaris_UserAcl class defines the key properties that are shown in the following table. Only one instance of the namespace and user name ACL pair can exist in a namespace.
Property |
Data Type |
Purpose |
---|---|---|
nspace |
string |
Identifies the namespace to which the ACL applies |
username |
string |
Identifies the user to which the ACL applies |
Create an instance of the Solaris_UserAcl class.
... /* Create a namespace object initialized with root\security (name of namespace) on the local host. */ CIMNameSpace cns = new CIMNameSpace("", "root\security"); // Connect to the root\security namespace as root. cc = new CIMClient(cns, user, user_passwd); // Get the Solaris_UserAcl class cimclass = cc.getClass(new CIMObjectPath("Solaris_UserAcl"); // Create a new instance of the Solaris_UserAcl class ci = cimclass.newInstance(); ...
Set the capability property to the desired access rights.
... /* Change the access rights (capability) to read/write for user Guest on objects in the root\molly namespace.*/ ci.setProperty("capability", new CIMValue(new String("rw")); ci.setProperty("nspace", new CIMValue(new String("root\molly")); ci.setProperty("username", new CIMValue(new String("guest")); ...
... // Pass the updated instance to the CIM Object Manager cc.createInstance(new CIMObjectPath(), ci); ...
The Solaris_NamespaceAcl extends the Solaris_Acl base class and inherits the string property capability with a default value r (read-only for all users). The Solaris_NamespaceAcl class defines this key property.
Property |
Data Type |
Purpose |
---|---|---|
nspace |
string |
Identifies the namespace to which the access control list applies. Only one instance of the namespace ACL can exist in a namespace. |
Create an instance of the Solaris_namespaceAcl class.
... /* Create a namespace object initialized with root\security (name of namespace) on the local host. */ CIMNameSpace cns = new CIMNameSpace("", "root\security"); // Connect to the root\security namespace as root. cc = new CIMClient(cns, user, user_passwd); // Get the Solaris_namespaceAcl class cimclass = cc.getClass(new CIMObjectPath("Solaris_namespaceAcl"); // Create a new instance of the Solaris_namespaceAcl class ci = cimclass.newInstance(); ...
Set the capability property to the desired access rights.
... /* Change the access rights (capability) to read/write to the root\molly namespace. */ ci.setProperty("capability", new CIMValue(new String("rw")); ci.setProperty("nspace", new CIMValue(new String("root\molly")); ...
Update the instance.
// Pass the updated instance to the CIM Object Manager cc.createInstance(new CIMObjectPath(), ci);