You can use the WBEM SDK's application programming interfaces (SDK APIs) to set access control on a namespace or on a per-user basis. These security classes are stored in the root\security namespace:
Solaris_Acl – Base class for Solaris access control lists (ACLs). This class defines the string property capability and sets its default value to r (read only).
Solaris_UserAcl – Represents the access control that a user has to the CIM objects within the specified namespace.
Solaris_NamespaceAcl – Represents the access control on a namespace.
You can set access control for individual users to the CIM objects within a namespace by creating an instance of the Solaris_UserACL class. Then use the APIs to change the access rights for that instance. Similarly, you can set access control for namespaces by first creating an instance of the Solaris_NameSpaceACL class. Then using APIs, such as the createInstance method, to set the access rights for that instance.
An effective way to combine the use of these two classes is to use the Solaris_NameSpaceACL class first to restrict access to all users to the objects in a namespace. Then, you can use the Solaris_UserACL class to grant selected users access to the namespace.
The Solaris_UserAcl class inherits the string property capability with a default value r (read only) from theSolaris_Acl class.
You can set the capability property to any one of these values for access privileges.
Access Right |
Description |
---|---|
r |
Read |
rw |
Read and Write |
w |
Write |
none |
No access |
The Solaris_UserAcl class defines the following two key properties. Only one instance of the namespace and user-name ACL pair can exist in a namespace.
Property |
Data Type |
Purpose |
---|---|---|
nspace |
string |
Identifies the namespace to which this ACL applies |
username |
string |
Identifies the user to which this ACL applies |
Create an instance of the Solaris_UserAcl class.
... /* Create a namespace object initialized with root\security (name of namespace) on the local host. */ CIMNameSpace cns = new CIMNameSpace("", "root\security"); // Connect to the root\security namespace as root. cc = new CIMClient(cns, user, user_passwd); // Get the Solaris_UserAcl class cimclass = cc.getClass(new CIMObjectPath("Solaris_UserAcl"); // Create a new instance of the Solaris_UserAcl class ci = cimclass.newInstance(); ...
Set the capability property to the desired access rights.
... /* Change the access rights (capability) to read/write for user Guest on objects in the root\molly namespace.*/ ci.setProperty("capability", new CIMValue(new String("rw")); ci.setProperty("nspace", new CIMValue(new String("root\molly")); ci.setProperty("username", new CIMValue(new String("guest")); ...
Update the instance.
... // Pass the updated instance to the CIM Object Manager cc.createInstance(new CIMObjectPath(), ci); ...
The Solaris_NamespaceAcl inherits the string property capability with a default value -r (read-only for all users) from the Solaris_Acl class. The Solaris_NamespaceAcl class defines this key property.
Property |
Data Type |
Purpose |
---|---|---|
nspace |
string |
Identifies the namespace to which this access control list applies. Only one instance of the namespace ACL can exist in a namespace. |
Create an instance of the Solaris_namespaceAcl class.
... /* Create a namespace object initialized with root\security (name of namespace) on the local host. */ CIMNameSpace cns = new CIMNameSpace("", "root\security"); // Connect to the root\security namespace as root. cc = new CIMClient(cns, user, user_passwd); // Get the Solaris_namespaceAcl class cimclass = cc.getClass(new CIMObjectPath("Solaris_namespaceAcl"); // Create a new instance of the Solaris_namespaceAcl class ci = cimclass.newInstance(); ...
Set the capability property to the desired access rights.
... /* Change the access rights (capability) to read/write to the root\molly namespace. */ ci.setProperty("capability", new CIMValue(new String("rw")); ci.setProperty("nspace", new CIMValue(new String("root\molly")); ...
Update the instance.
// Pass the updated instance to the CIM Object Manager cc.createInstance(new CIMObjectPath(), ci);