EN
Данное содержимое не доступно на вашем языке, используйте версию на английском языке.

MSISCSITARGET_AuthorizedPrivilege class

Defines static copies of authorization policy rules. It is the base class for all activities which are protected by these rules. Use the MSISCSITARGET_AuthorizedSubject class to associate MSISCSITARGET_AuthorizedPrivilege with roles and identities. Define the entities to be protected by using the MSISCSITARGET_AuthorizedTarget association. Note that these classes provide a compact, static mechanism to represent authorization policies.

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.

Syntax

class MSISCSITARGET_AuthorizedPrivilege : CIM_AuthorizedPrivilege
{
  uint16  Activities[];
  string  ActivityQualifiers[];
  string  Caption;
  string  Description;
  string  ElementName;
  string  InstanceID;
  boolean PrivilegeGranted = TRUE;
  uint16  QualifierFormats[];
  boolean RepresentsAuthorizationRights = FALSE;
};

Members

The MSISCSITARGET_AuthorizedPrivilege class has these types of members:

Properties

The MSISCSITARGET_AuthorizedPrivilege class has these properties.

Activities
Data type: uint16 array
Access type: Read-only

Indicates the activities that are granted or denied. These activities apply to all entities that are specified in the ActivityQualifiers array. The Detect value indicates that the existence or presence of an entity might be determined, but does not by itself provide Read permissions to a detected entity. An example is the ability to define search permissions in directory implementations.

The possible values are.

Other (1)
Create (2)
Delete (3)
Detect (4)
Read (5)
Write (6)
Execute (7)
DMTF Reserved (8–15999)
Vendor Reserved (16000 ≤ value )

This property is inherited from the CIM_Privilege class.

ActivityQualifiers
Data type: string array
Access type: Read-only
Qualifiers: Indexed

Indicates an array of string values used to further qualify and specify the granted or denied permissions. For example, this string is used to specify a set of files for which Read/Write access is granted or denied. Or, it defines class methods for which Execute permissions are granted. Details on the semantics of the individual entries in ActivityQualifiers are provided by corresponding entries in the QualifierFormats array.

This property is inherited from the CIM_Privilege class.

Caption
Data type: string
Access type: Read-only
Qualifiers: MaxLen (64)

Indicates a short textual description of the object.

This property is inherited from the CIM_ManagedElement class.

Description
Data type: string
Access type: Read-only

Indicates a textual description of the object.

This property is inherited from the CIM_ManagedElement class.

ElementName
Data type: string
Access type: Read-only

Indicates a user-friendly name for the object. This property enables each instance to define a user-friendly name in addition to its key properties, identity data, and description information.

This property is inherited from the CIM_ManagedElement class.

InstanceID
Data type: string
Access type: Read-only
Qualifiers: Key, Override

Uniquely and opaquely identifies an instance of this class within the scope of the instantiating namespace.

Important  In order to ensure uniqueness within the Namespace, the value of InstanceID should be constructed in the following pattern:

OrgID:LocalID

OrgID must include a copyrighted, trademarked or otherwise unique name that is owned by the business entity that defines the InstanceID, or be a registered ID that is assigned by a recognized global authority. This pattern is similar to the structure of schema class names. In addition, to ensure uniqueness, the first colon in InstanceID must be between the OrgID andLocalID. Therefore the OrgID must not contain a colon (':').

LocalID is chosen by the business entity and should not be re-used to identify different underlying real-world elements.

If the preceding pattern is not used, the defining entity must assure that the resultant InstanceID is not re-used across any InstanceID properties that are produced by this provider or other providers for this namespace.

For Distributed Management Task Force (DMTF) defined instances, the pattern must be used with the OrgID set to CIM.

This property is inherited from the CIM_Privilege class.

PrivilegeGranted
Data type: boolean
Access type: Read-only

If TRUE, the permission is granted, otherwise it is denied. The default is to grant permission.

This property is inherited from the CIM_Privilege class.

QualifierFormats
Data type: uint16 array
Access type: Read-only
Qualifiers: Indexed

Defines the semantics of corresponding entries in the ActivityQualifiers array.

ValuesMeaning
Class Name
2

If the authorization target is a CIM Service or a Namespace, then the ActivityQualifiers entries can define a list of classes that the authorized subject can create or delete.

<Class.>Property
3

If the authorization target is a CIM service, namespace, or collection of instances, then the ActivityQualifiers entries can define the class properties that can be accessed or not. In this case, the class names are specified with the property names to avoid ambiguity, because a CIM service, namespace, or collection could manage multiple classes. On the other hand, if the authorization target is an individual instance, then there is no possible ambiguity and the class name can be omitted. To specify all properties, the wildcard string "*" should be used.

<Class.>Method
4

As with the preceding <Class.>Property value, if the authorization target is a CIM service, namespace, or collection of instances, then the ActivityQualifiers entries can define the class methods that can or cannot be accessed. And, as above, the string "*" can be specified to select all methods.

Object Reference
5

If the authorization target is a CIM service or namespace, then the ActivityQualifiers entries can define a list of object references, in the form of strings, that the authorized subject can access.

Namespace
6

If the authorization target is a CIM service, then the ActivityQualifiers entries can define a list of namespaces that the authorized subject can access.

URL
7

This value cannot be used to define an authorization target, but a permission could be used to deny access to specific URLs by individual identities or for specific roles.

Directory/File Name
8

If the authorization target is a file system, then the ActivityQualifiers entries can define a list of directories and files whose access is protected.

Command Line Instruction
9

If the authorization target is a CIM_ComputerSystem or CIM_Service instance, then the ActivityQualifiers entries can define a list of command line instructions that can or cannot be executed by the authorized subjects.

SCSI Command
10

The ActivityQualifiers entries can define SCSI Commands by using the format "CDB=xx[,Page=pp]". For example, the ability to select the VPD page of the Inquiry command is encoded as "CDB=12,Page=83" in the corresponding ActivityQualifiers entry. The wildcard string "*" can be used to indicate all Command Descriptor Blocks (CDBs) or Page numbers.

Packets
11

If the authorization target is an instance of the CIM_ManagedSystemElement class or a subclass, the transmission of packets is granted or denied by the permission for the target.

DMTF Reserved
12–15999

Reserved.

Vendor Reserved
16000 ≤ value

Reserved.

 

This property is inherited from the CIM_Privilege class.

RepresentsAuthorizationRights
Data type: boolean
Access type: Read-only

If TRUE, indicates that this instance represents authorization rights, that is, rights to change access permissions for targets. If FALSE, indicates that this instance represents only access permissions.

This property is inherited from the CIM_Privilege class.

Requirements

Minimum supported client

None supported

Minimum supported server

Windows Server 2012 R2

Namespace

\\.\root\cimv2\storage\iscsitarget

MOF

SmIscsiTarget.mof

DLL

WTSMISProv.dll

See also

iSCSI Target Server Reference
MSISCSITARGET_AuthorizedSubject
MSISCSITARGET_AuthorizedTarget
CIM_ManagedSystemElement

 

 

Показ:
© 2014 Microsoft