Manualshelf

HP WBEM Services for HP-UX System Administrator Guide (5900-1624, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX 11i WBEM Software
31323334353637383940
User group authorization
User group authorization consists of establishing the already authenticated user is a member of
one of the configured groups in the authorizedUserGroups configuration property. If the user
is not authorized, the client request is rejected without processing it and an authorization failure
message is sent back.
A user with root permissions (uid 0) on the local system can use the cimconfig command to
set the HP WBEM Services authorizedUserGroups property to one or more user groups on
the local system.
NOTE: A user with root permissions (uid 0) on the local system always has authorization to
access CIM resources.
When the authorizedUserGroup property is set to valid group names on the system and a
user who is not a member of the configured group submits a request, the following error message
is displayed:
User <user name> is not authorized to access CIM data.
For more information on setting authorized user groups, see the manpage for the cimconfig
command.
Namespace authorization
CIM Services provides authenticated users controlled access to the entire CIM schema. It does not
check security for specific resources such as individual classes and instances.
However, you can choose to control each user’s access by requiring authorization for each user
on each namespace. A user with root permissions (uid 0) on the local system can first use the
cimconfig command to set the enableNamespaceAuthorization property of HP WBEM
Services to true, and then use the cimauth command to set each user’s access authorization
on each namespace.
NOTE: A user with root permissions on the local system (uid 0) always has full permissions
on all namespaces.
When namespace authorization is set to true, and users submit a request for a namespace that
they are not authorized on, the following error message is displayed:
Not authorized to run <requesting operation> in the namespace <requesting
namespace>.
For more information about authorization, see the manpages for the cimauth and cimconfig
commands.
Authorization permissions include Read, Write, or Read and Write. Note that Write permission
does not automatically include Read permission.
The following CIM operations require Write authorization:
CreateClass
CreateInstance
DeleteClass
DeleteInstance
DeleteQualifer
InvokeMethod
ModifyClass
ModifyInstance
SetProperty
SetQualifier
The following CIM operations require Read authorization:
40 Authentication methods in HP WBEM Services