|
|
|
|
|
Excursus: Authorization by the Web Service Roles
In Valuemation, the classical roles are often not restrictive enough for the web service deployment. On this account, the 'web service' role has been introduced for the users of web services.
Example: Definition of the 'ws.field.support' web service role
- Call the User Manager and go to the 'Roles' tab.
- Click 'Create' and fill in the role's properties.
Now the important field is 'Used in Clients'.
This setting defines in which client context a role can be used:
- Rich and Web
This is a role for Rich and Web clients. Usually it has basic permissions, which are supplemented by 'authorization with customization', e.g. Catalog conditions.
- Web Service
This is a role considered during the execution of workflows assigned to web services. It is the role to be selected in our case. Restrictive permissions, which often use 'User Variables'
- All Clients
A role for Rich, Web and Service API access. It may also be an option in our case. Permissions are sufficient for all clients.
- Rich and Web
- Click 'Apply' to complete the role creation.
|
Now let's have a look at the role itself from the authorization point of view:
- Call the Authorization Manager and go to the 'List' tab.
Here you can you can select a role and list all its existing authorizations, change some properties of authorizations and delete authorizations.
- List the defined 'ws.field.support' web service role.
As you can see, there are not many permissions defined - you only define permissions for the objects you use in your web service client.
Note that using the User Variables is typical for such web service roles as they allow a definition of very restrictive permissions.