wbemadmin(1M)

NAME

     wbemadmin - start Sun WBEM User Manager

SYNOPSIS

     /usr/sadm/bin/wbemadmin

DESCRIPTION

     The wbemadmin utility starts Sun WBEM User Manager, a graph-
     ical  user  interface  that  enables  you  to add and delete
     authorized WBEM users and to set  their  access  privileges.
     Use  this  application to manage access to groups of managed
     resources, such as disks  and  installed  software,  in  the
     Solaris operating environment.

     The wbemadmin utility allows you to  perform  the  following
     tasks:

     Manage user access rights
           Use the wbemadmin utility to add, delete, or modify an
           individual  user's  access  rights to a namespace on a
           WBEM-enabled system.

     Manage namespace access rights
           Use the wbemadmin utility to add,  delete,  or  modify
           access rights for all users to a namespace.

     The Sun WBEM User Manager displays a Login dialog  box.  You
     must  log  in  as  root  or  a user with write access to the
     root\security namespace to grant access rights to users.  By
     default,  Solaris  users have guest privileges, which grants
     them read access to the default namespaces.

     Managed resources are described using a standard information
     model called Common Information Model (CIM). A CIM object is
     a computer representation, or model, of a managed  resource,
     such  as  a  printer, disk drive, or CPU. CIM objects can be
     shared by any WBEM-enabled system, device,  or  application.
     CIM  objects  are grouped into meaningful collections called
     schema. One or more schemas can be stored in  directory-like
     structures called namespaces.

     All programming operations are performed within a namespace.
     Two namespaces are created by default during installation:

        o  root

        o  root\security - Contains the security classes used  by
           the  CIM Object Manager to represent access rights for
           users and namespaces.

     When a WBEM client application connects to  the  CIM  Object
     Manager in a particular namespace, all subsequent operations
     occur  within  that  namespace.  When  you  connect   to   a
     namespace,  you can access the classes and instances in that
     namespace (if they exist) and in any namespaces contained in
     that namespace.

     When a WBEM client application accesses CIM data,  the  WBEM
     system validates the user's login information on the current
     host. By default, a validated  WBEM  user  is  granted  read
     access to the Common Information Model (CIM) Schema. The CIM
     Schema describes managed objects on your system in  a  stan-
     dard  format  that all WBEM-enabled systems and applications
     can interpret.

     You can set access privileges on  individual  namespaces  or
     for  a  user-namespace  combination. When you add a user and
     select a namespace, by default  the  user  is  granted  read
     access  to  CIM objects in the selected namespace. An effec-
     tive way to combine user and namespace access rights  is  to
     first  restrict access to a namespace. Then grant individual
     users  read,  read  and  write,  or  write  access  to  that
     namespace.

     You cannot set access rights on individual managed  objects.
     However you can set access rights for all managed objects in
     a namespace as well as on a per-user basis.

     If you log in to the root account, you can set the following
     types of access to CIM objects:

        o  Read Only - Allows  read-only  access  to  CIM  Schema
           objects.   Users  with  this  privilege  can  retrieve
           instances and classes, but cannot create,  delete,  or
           modify CIM objects.

        o  Read/Write -  Allows  full  read,  write,  and  delete
           access to all CIM classes and instances.

        o  Write - Allows write and delete, but not  read  access
           to all CIM classes and instances.

        o  None - Allows no access to CIM classes and instances.

     Context help is displayed in the left side of the  wbemadmin
     dialog  boxes.  When  you click on a field, the help content
     changes to describe the selected field. No context  help  is
     available on the main User Manager window.

     The wbemadmin security administration tool updates the  fol-
     lowing Java classes in the root\security namespace:

        o  Solaris_UserAcl  -  Updated  when  access  rights  are
           granted or changed for a user.

        o  Solaris_namespaceAcl - Updated when access rights  are
           granted or changed for a namespace.

USAGE

     The wbemadmin utility is not  the  tool  for  a  distributed
     environment.   It  is  used  for local administration on the
     machine on which the CIM Object Manager is running.

EXIT STATUS

     The wbemadmin utility terminates with exit status 0.

WARNING

     The root\security namespace stores access privileges. If you
     grant  other  users  access  to the root\security namespace,
     those users can grant themselves or other  users  rights  to
     all other namespaces.

ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWwbcor                   |
    |_____________________________|_____________________________|

SEE ALSO

     mofcomp(1M), wbemlogviewer(1M), init.wbem(1M), attributes(5)
Man(1) output converted with man2html