HP WBEM Services for HP-UX and Linux System Administrator's Guide
Security Considerations
Namespace Authorization
Chapter 666
Namespace Authorization
CIM Services gives authenticated users controlled access to the entire
CIM schema. It does not check security for specific resources, like
individual classes and instances.
However, you can choose to control each user’s access by requiring
authorization for each user on each namespace. A user with root
permission (uid 0) on the local system can use the cimconfig command
to set the HP WBEM Services enableNamespaceAuthorization property
to true, then use the cimauth command to set each user’s access
authorization on each namespace.
NOTE A user with root permission on the local system (uid 0) always has all
permissions on all namespaces.
When namespace authorization is set to true, and a user submits a
request for a namespace that he isn’t authorized on, this user error is
displayed: “Not authorized to run
<requesting operation>
in the
namespace
<requesting namespace>
.”
For more information about authorization, see the man pages for the
cimauth and cimconfig commands.
Authorizations are: Read, Write, or Read and Write. (Notice that Write
does not automatically include Read.)
The following CIM operations require Write authorization:
CreateClass
CreateInstance
DeleteClass
DeleteInstance
DeleteQualifer
InvokeMethod
ModifyClass
ModifyInstance
SetProperty
SetQualifier
The following CIM operations require Read authorization:
EnumerateClasses