Security Class Reference Classes
Systems Management Server (SMS) 2.0 provides improved security that takes advantage of Microsoft® Windows® integrated security and lets you define permissions at the class and instance level for users and groups. SMS users are completely isolated from the database. The SMS Provider controls all interaction with the database. The only exceptions to this is the dbo account used for Microsoft® SQL Server™ administration that is available for direct queries of the database.
By using the fully-qualified domain user name, Windows integrated security validates the user's access to the database. To perform the requested action, the user must have at least read permissions to the secured object, or be a member of a group that has at least read permissions for the secured object.
Users automatically inherit the permissions from the groups to which they belong. For example, a user explicitly assigned read permissions for package objects can only read package objects. However, the user inherits the modify and delete permissions if he or she belonged to a group with those permissions for package objects.
SMS contains both secured and unsecured objects. You do not need permissions to access unsecured objects. A user, or the group to which the user belongs, must have permission to access secured class and instance data. A user can have permission to all instances within a class or to individual instances within a class. The same is true for groups. For example, you can specify that members of the Domain Users group can edit all packages. On the other hand, you might specify that users can edit just the packages that they create.
Notes Discovery and inventory data (objects derived from SMS_Resource and SMS_Group) are secured through their membership in a collection.
The site control classes are secured through the SMS_SiteControlFile object.
You may not change the default security classes installed with SMS. However, you can create additional secured objects.
For additional overview information regarding SMS security, see the SMS Administrator's Guide.
The following is a table of security class reference classes.
| Class | Description |
|---|---|
| SMS_SecuredObject | Describes six different types of objects in the SMS system that can be secured. Identifies the permissions you can set for each secured object. |
| SMS_UserClassPermissionNames | Lists all the users and the permissions granted to each user for the secured classes. |
| SMS_UserClassPermissions | Use to add, modify, and delete permissions granted to a user for a particular class. |
| SMS_UserInstancePermissionNames | Lists all the users and the permissions granted to each user for specific instances of the secured classes. |
| SMS_UserInstancePermissions | Use to add, modify, and delete permissions granted to a user for specific instance of a secured class. |