|
|
|
|
|
Web Service Authorization
Creating a web client, creating web clients service and adding the authorized user, which is described in the previous topics, can be summarized as a part of an authentication process. However, the web service to be used starts a workflow and this workflow uses the Valuemation authorization elements such as roles and permissions.
Typically Web Services are either defined to use only roles which are defined as 'web service' roles or they are secured by customization. For example, the workflow script selects tickets using a condition on the "requested by" person matching the assigned person of the current user. It means the actual caller of the web service gets his requested tickets only.
See also the 'Authorization by the Web Service Roles' topic.
If a web service client is used by a customer application running in a secured environment, then the administrator can consider the redefinition of the setting of the web service defined to use 'web service' roles. Otherwise the administrator has to ensure that the users accessing the client have appropriate 'web service' roles.
See also the 'Web Service Roles in the Client Context' topic.