System Administration Commands wbemadmin(1M)
NAME
wbemadmin - start Sun WBEM User Manager
SYNOPSIS
/usr/sadm/bin/wbemadmin
DESCRIPTION
The wbemadmin utility starts Sun WBEM User Manager, a graph-
ical user interface that enables you to add and delete authorized WBEM users and to set their access privileges. Use this application to manage access to groups of managed resources, such as disks and installed software, in the Solaris operating environment.The wbemadmin utility allows you to perform the following
tasks: Manage user access rightsUse the wbemadmin utility to add, delete, or modify an
individual user's access rights to a namespace on aWBEM-enabled system.
Manage namespace access rightsUse the wbemadmin utility to add, delete, or modify
access rights for all users to a namespace. The Sun WBEM User Manager displays a Login dialog box. You must log in as root or a user with write access to the root\security namespace to grant access rights to users. By default, Solaris users have guest privileges, which grants them read access to the default namespaces. Managed resources are described using a standard information model called Common Information Model (CIM). A CIM object is a computer representation, or model, of a managed resource, such as a printer, disk drive, or CPU. CIM objects can beshared by any WBEM-enabled system, device, or application.
CIM objects are grouped into meaningful collections calledschema. One or more schemas can be stored in directory-like
structures called namespaces. All programming operations are performed within a namespace. Two namespaces are created by default during installation:SunOS 5.11 Last change: 7 Oct 1999 1
System Administration Commands wbemadmin(1M)
o rooto root\security - Contains the security classes used
by the CIM Object Manager to represent access rights for users and namespaces. When a WBEM client application connects to the CIM Object Manager in a particular namespace, all subsequent operations occur within that namespace. When you connect to a namespace, you can access the classes and instances in that namespace (if they exist) and in any namespaces contained in that namespace. When a WBEM client application accesses CIM data, the WBEM system validates the user's login information on the current host. By default, a validated WBEM user is granted read access to the Common Information Model (CIM) Schema. The CIMSchema describes managed objects on your system in a stan-
dard format that all WBEM-enabled systems and applications
can interpret. You can set access privileges on individual namespaces orfor a user-namespace combination. When you add a user and
select a namespace, by default the user is granted readaccess to CIM objects in the selected namespace. An effec-
tive way to combine user and namespace access rights is to first restrict access to a namespace. Then grant individual users read, read and write, or write access to that namespace. You cannot set access rights on individual managed objects. However you can set access rights for all managed objects ina namespace as well as on a per-user basis.
If you log in to the root account, you can set the following types of access to CIM objects:o Read Only - Allows read-only access to CIM Schema
objects. Users with this privilege can retrieve instances and classes, but cannot create, delete, or modify CIM objects.o Read/Write - Allows full read, write, and delete
access to all CIM classes and instances.o Write - Allows write and delete, but not read
access to all CIM classes and instances.SunOS 5.11 Last change: 7 Oct 1999 2
System Administration Commands wbemadmin(1M)
o None - Allows no access to CIM classes and
instances.Context help is displayed in the left side of the wbemadmin
dialog boxes. When you click on a field, the help content changes to describe the selected field. No context help is available on the main User Manager window.The wbemadmin security administration tool updates the fol-
lowing Java classes in the root\security namespace:o Solaris_UserAcl - Updated when access rights are
granted or changed for a user.o Solaris_namespaceAcl - Updated when access rights
are granted or changed for a namespace.USAGE
The wbemadmin utility is not the tool for a distributed
environment. It is used for local administration on the machine on which the CIM Object Manager is running. EXIT STATUSThe wbemadmin utility terminates with exit status 0.
WARNING The root\security namespace stores access privileges. If you grant other users access to the root\security namespace, those users can grant themselves or other users rights to all other namespaces.ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWwbco ||_____________________________|_____________________________|
SEE ALSO
mofcomp(1M), wbemlogviewer(1M), init.wbem(1M), attributes(5)SunOS 5.11 Last change: 7 Oct 1999 3