z/OS Common Information Model User's Guide
z/OS Common Information Model User's Guide
Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Utilizing the provider based authorization model z/OS Common Information Model User's Guide SC34-2671-00 |
|
Utilizing the provider based authorization modelWhen the provider based authorization model is enabled for a provider, a provider-specific profile in SAF class WBEM restricts the access to the provider. In this case, the requesting user ID needs special authorization before it can invoke the provider. These checks are strongly recommended for providers which use a designated user ID. Each CIM operation needs, depending on its type, a different level of access to the security profile. For example, in order to access CIM operations that change the states of objects, WRITE access to the SAF profile defined for a provider is required. Schema manipulation is only available to users with CONTROL access to SAF profile CIMSERV in class WBEM. You can define provider based authorization by relating a SAF profile in class WBEM to a single provider library. The specific SAF requirements of the provider should be documented. Unless instructed to do so, there is no need to take any configuration action for this. To correlate a provider and a SAF profile, define a security access profile. The OpenPegasus CIM class PG_Provider contains a string type attribute named SecurityAccessProfile. Providers that register with an instance of class PG_Provider containing the SecurityAccessProfile property, must specify their SAF profile with this property in order to define it to the system. In addition, requesting users must have the according level of authorization for the named profile. If you want to have an existing provider exploit this feature,
The existence of a specified security profile is not checked during provider registration, but during runtime, when a request is received for the according provider. More information:
|
 Copyright IBM Corporation 1990, 2014 |
