wbemadmin(1M)
NAME
wbemadmin - start Sun WBEM User Manager
SYNOPSIS
/usr/sadm/bin/wbemadmin
DESCRIPTION
The wbemadmin utility starts Sun WBEM User Manager, a graph-
ical user interface that enables you to add and delete
authorized WBEM users and to set their access privileges.
Use this application to manage access to groups of managed
resources, such as disks and installed software, in the
Solaris operating environment.
The wbemadmin utility allows you to perform the following
tasks:
Manage user access rights
Use the wbemadmin utility to add, delete, or modify an
individual user's access rights to a namespace on a
WBEM-enabled system.
Manage namespace access rights
Use the wbemadmin utility to add, delete, or modify
access rights for all users to a namespace.
The Sun WBEM User Manager displays a Login dialog box. You
must log in as root or a user with write access to the
root\security namespace to grant access rights to users. By
default, Solaris users have guest privileges, which grants
them read access to the default namespaces.
Managed resources are described using a standard information
model called Common Information Model (CIM). A CIM object is
a computer representation, or model, of a managed resource,
such as a printer, disk drive, or CPU. CIM objects can be
shared by any WBEM-enabled system, device, or application.
CIM objects are grouped into meaningful collections called
schema. One or more schemas can be stored in directory-like
structures called namespaces.
All programming operations are performed within a namespace.
Two namespaces are created by default during installation:
o root
o root\security - Contains the security classes used by
the CIM Object Manager to represent access rights for
users and namespaces.
When a WBEM client application connects to the CIM Object
Manager in a particular namespace, all subsequent operations
occur within that namespace. When you connect to a
namespace, you can access the classes and instances in that
namespace (if they exist) and in any namespaces contained in
that namespace.
When a WBEM client application accesses CIM data, the WBEM
system validates the user's login information on the current
host. By default, a validated WBEM user is granted read
access to the Common Information Model (CIM) Schema. The CIM
Schema describes managed objects on your system in a stan-
dard format that all WBEM-enabled systems and applications
can interpret.
You can set access privileges on individual namespaces or
for a user-namespace combination. When you add a user and
select a namespace, by default the user is granted read
access to CIM objects in the selected namespace. An effec-
tive way to combine user and namespace access rights is to
first restrict access to a namespace. Then grant individual
users read, read and write, or write access to that
namespace.
You cannot set access rights on individual managed objects.
However you can set access rights for all managed objects in
a namespace as well as on a per-user basis.
If you log in to the root account, you can set the following
types of access to CIM objects:
o Read Only - Allows read-only access to CIM Schema
objects. Users with this privilege can retrieve
instances and classes, but cannot create, delete, or
modify CIM objects.
o Read/Write - Allows full read, write, and delete
access to all CIM classes and instances.
o Write - Allows write and delete, but not read access
to all CIM classes and instances.
o None - Allows no access to CIM classes and instances.
Context help is displayed in the left side of the wbemadmin
dialog boxes. When you click on a field, the help content
changes to describe the selected field. No context help is
available on the main User Manager window.
The wbemadmin security administration tool updates the fol-
lowing Java classes in the root\security namespace:
o Solaris_UserAcl - Updated when access rights are
granted or changed for a user.
o Solaris_namespaceAcl - Updated when access rights are
granted or changed for a namespace.
USAGE
The wbemadmin utility is not the tool for a distributed
environment. It is used for local administration on the
machine on which the CIM Object Manager is running.
EXIT STATUS
The wbemadmin utility terminates with exit status 0.
WARNING
The root\security namespace stores access privileges. If you
grant other users access to the root\security namespace,
those users can grant themselves or other users rights to
all other namespaces.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWwbcor |
|_____________________________|_____________________________|
SEE ALSO
mofcomp(1M), wbemlogviewer(1M), init.wbem(1M), attributes(5)
Man(1) output converted with
man2html