wbemadmin(1M) System Administration Commands wbemadmin(1M)NAMEwbemadmin - start Sun WBEM User Manager
SYNOPSIS
/usr/sadm/bin/wbemadmin
DESCRIPTION
The wbemadmin utility starts Sun WBEM User Manager, a graphical user
interface that enables you to add and delete authorized WBEM users and
to set their access privileges. Use this application to manage access
to groups of managed resources, such as disks and installed software,
in the Solaris operating environment.
The wbemadmin utility allows you to perform the following tasks:
Manage user access rights Use the wbemadmin utility to add,
delete, or modify an individual user's
access rights to a namespace on a WBEM-
enabled system.
Manage namespace access rights Use the wbemadmin utility to add,
delete, or modify access rights for all
users to a namespace.
The Sun WBEM User Manager displays a Login dialog box. You must log in
as root or a user with write access to the root\security namespace to
grant access rights to users. By default, Solaris users have guest
privileges, which grants them read access to the default namespaces.
Managed resources are described using a standard information model
called Common Information Model (CIM). A CIM object is a computer rep‐
resentation, or model, of a managed resource, such as a printer, disk
drive, or CPU. CIM objects can be shared by any WBEM-enabled system,
device, or application. CIM objects are grouped into meaningful col‐
lections called schema. One or more schemas can be stored in directory-
like structures called namespaces.
All programming operations are performed within a namespace. Two names‐
paces are created by default during installation:
· root
· root\security — Contains the security classes used by the CIM
Object Manager to represent access rights for users and names‐
paces.
When a WBEM client application connects to the CIM Object Manager in a
particular namespace, all subsequent operations occur within that
namespace. When you connect to a namespace, you can access the classes
and instances in that namespace (if they exist) and in any namespaces
contained in that namespace.
When a WBEM client application accesses CIM data, the WBEM system vali‐
dates the user's login information on the current host. By default, a
validated WBEM user is granted read access to the Common Information
Model (CIM) Schema. The CIM Schema describes managed objects on your
system in a standard format that all WBEM-enabled systems and applica‐
tions can interpret.
You can set access privileges on individual namespaces or for a user-
namespace combination. When you add a user and select a namespace, by
default the user is granted read access to CIM objects in the selected
namespace. An effective way to combine user and namespace access rights
is to first restrict access to a namespace. Then grant individual users
read, read and write, or write access to that namespace.
You cannot set access rights on individual managed objects. However you
can set access rights for all managed objects in a namespace as well as
on a per-user basis.
If you log in to the root account, you can set the following types of
access to CIM objects:
· Read Only — Allows read-only access to CIM Schema objects. Users
with this privilege can retrieve instances and classes, but cannot
create, delete, or modify CIM objects.
· Read/Write — Allows full read, write, and delete access to all CIM
classes and instances.
· Write — Allows write and delete, but not read access to all CIM
classes and instances.
· None — Allows no access to CIM classes and instances.
Context help is displayed in the left side of the wbemadmin dialog
boxes. When you click on a field, the help content changes to describe
the selected field. No context help is available on the main User Man‐
ager window.
The wbemadmin security administration tool updates the following Java
classes in the root\security namespace:
· Solaris_UserAcl — Updated when access rights are granted or
changed for a user.
· Solaris_namespaceAcl — Updated when access rights are granted or
changed for a namespace.
USAGE
The wbemadmin utility is not the tool for a distributed environment.
It is used for local administration on the machine on which the CIM
Object Manager is running.
EXIT STATUS
The wbemadmin utility terminates with exit status 0.
WARNING
The root\security namespace stores access privileges. If you grant
other users access to the root\security namespace, those users can
grant themselves or other users rights to all other namespaces.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWwbcor │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOmofcomp(1M), wbemlogviewer(1M), init.wbem(1M), attributes(5)SunOS 5.10 7 Oct 1999 wbemadmin(1M)