摘要 |
A two-level authorization of role and/or account based requested service operation may be performed in a system managed via Distributed DMTF, based on the CIM data model. The first level of authorization may be based on service-level availability of requested service operation based on determination of all available service operations in the managed system. Within the RBA profile, the CIM_RoleBasedAuthorizationService class and/or the CIM_RoleBasedManagementCapabilities class may enable performing service-level authorization. Similarly, within the SIM profile, the CIM_AccountManagementService class and/or the CIM_AccountManagementCapabilities class may enable performing service-level authorization. The second level authorization may be based on instance-level availability of requested service operation based on determination of available service operations via specific role and/or account instances wherein the CIM_EnabledLogicalElementCapabilities class may enable authorizing available service operations via instances of CIM_Role and/or CIM_Account classes. Instances of CIM_Role and/or CIM_Account classes may also advertise instance-specific service operations via associated instances of CIM_EnabledLogicalElementCapabilities class.
|