| Top of Security | Index | Table of Contents | Feedback | |
This form is used to add or remove security grants to/from Web Service Methods for a specific end-user for a selected Callista web service, and override authentication security/access settings at the Role and/or system-wide levels if they exist.
This form is accessed in context of a Person ID via the WS Method Grants button in the 'Maintain Person Function Grants' (SECF0062) form.
Web Service Method grants specified at the Person security level via this form override Web Service Method grants specified at the Role (SECF0099) and system-wide (GENF4720 and SECF0100) levels. (See Field Descriptions, below, for more information.)
Once an end-user is granted access to a specific web service method they are able to run the method from either inside or outside the Callista Web Logic Server. It is up to the discretion of the institution as to whom to grant security access to run specific Callista web service methods (for example, administrators, students, external agents, etc.).
For more information, see the Web Services Online Help and the 'Web Services Security' technical information in the Callista Product Centre - wiki.callista.com.au/display/CPC.
This form is accessed in context of a Person ID via the WS Method Grants button in the 'Maintain Person Function Grants' (SECF0062) form.
This block displays Person details of the end user to whom access to one or more web service methods will be granted.
| Field: | Description: |
| Person ID | The Person ID of the end user to whom access will be granted to one or more web service methods. This is the Person ID specified in the parent form, SECF0062. This is a read-only field. Table value: PERSON.PERSON_ID |
| Oracle Username | The Oracle username of the end user. This is a read-only field. Table value: PERSON.ORACLEUSERNAME |
| Auto Enable (check box) |
Indicates whether or not security privileges have been granted to the user (in SECF0062). Read-only. Table value: PERSON.AUTO_ENABLE_IND |
| Override block: | The fields in this block are used to override authentication granted to the end user of the web service at the Role (SECF0099) and system-wide (SECF0100 and GENF4720) security levels. If you leave these override fields blank, the override values specified at the Role level (in SECF0099); or if not specified at the Role level, then at the system-wide level (in the SECF0100 and GENF4720) will apply, including default values. |
| Accept WS End User | This field is used to override the default indicator 'Accept Web Services End Username' in the HTTP Header field setting configured in GENF4720 (i.e. Y or N). Entering a value in this field (i.e. at the Person security level) will override a value specified in the Accept WS End User field at the Role level in SECF0099. Select one of the following values from the pop-list:
PERSON.OVRD_ACCEPT_WS_EU |
| WS End User Identifier | This field is used to override the default Web Service End User Mapping defined at the system-wide level in SECF0100, that is used to map the Web Service End Username to a Person ID existing within Callista SMS.
To identify the end-user username to be mapped to a Callista Person identifier when accessing a web service method, a 'WS End User Identifier' value (i.e. 'web service end user identifier') must be selected at the system-wide level in SECF0100. However, this system-wide setting can be overridden at the Person level via this field in this form (SECF0097), or at the Role (SECF0099) level. (Note: The Person level overrides both the Role (SECF0099) and system-wide (SECF0100) settings. If no value has been specified at the Person level then the Role setting overrides the system-wide setting.) The following values can be selected from the pop-list:
Table value: PERSON.OVRD_WS_EU_IDENTIFIER |
| WS End User Alternate Person ID Type | This field is used to override the default 'WS End User Alternate Person ID Type' configured in SECF0100 which is used to link LDAP end users with a Callista SMS end user when the end user attempts to run the web service method. A value is only required in this field if the 'WS End User Identifier' field (see above) is set to 'Alternate Person ID' in this form. Select the required Alternate Person ID Type from the list of values. These values are sourced from the ENRF01BO form (i.e. the PERSON_ID_TYPE table). A value specified in this field overrides a 'WS End User Alternate Person ID Type' value configured at the Role level in SECF0099, if a value has been specified in that form. Table value: PERSON.OVRD_WS_API_ID_TYPE |
Displays a list of all Callista web services to whose methods an end user can be granted access.
It is not possible to grant a Person access to methods belonging to closed web services.
You can perform a query in this block to restrict the list of web services, for example, to a certain type of web service, or to all open web services.
| Field: | Description: |
| Web Service | Displays the name of the web service to which you can grant an end user access to run one or more methods belonging to the web service. Read-only field. Table value: S_WEB_SERVICE.S_WEB_SERVICE_NAME |
| Web Service Description | Displays the description of the web service. Read-only field. Table value: S_WEB_SERVICE.DESCRIPTION |
| Closed | Indicates if the web service is closed or not. You cannot grant end users access to methods belonging to a closed web service. Read-only field. (The value is set at the Table level.) Table value: S_WEB_SERVICE.CLOSED_IND |
This block displays a list of all methods for a web service selected in the Person Web Services block, above.
You can perform a query in this block to restrict the list of methods, for example, to methods to which access has been granted, or to all open web services.
| Field: | Description: |
| Select or Deselect All (check box) |
Select this check box to grant the Person access to all methods for the selected web service. The Access Granted check box is then automatically selected for all methods belonging to the web service. If you deselect this check box for a selected web service, Person access grants are automatically removed from all methods belonging to the web service. In this case, the Access Granted check box is automatically deselected and the 'Override System WS Access Logging Level' field value is set to null (i.e. no value), for all methods. Alternatively, you can grant the Person access to methods (or remove access) individually, per method, via the following fields (see below). Table value: (non-database field) |
| Web Service Method | The name of the web service method. Table value: PERSON_WS_METH_GRANT_V.S_WEB_SERVICE_METHOD_NAME |
| Web Service Method Description | The description of the web service method. Table value: PERSON_WS_METH_GRANT_V.DESCRIPTION |
| Closed (check box) |
Indicates if the web service method is closed or not. You cannot grant end users access to closed web service methods. Read-only field. (The value is set at the Table level.) Table value: PERSON_WS_METH_GRANT_V.CLOSED_IND |
| Override System WS Access Logging Level | This field is used to override the 'WS Access Logging Level' value configured at the system-wide level in GENF4720 (which enables activity logging to be captured for the web service). This field is only enabled if the Access Granted check box (see below) is selected, and the web service method is not closed. Available values are:
A value entered in this field overrides a value specified for this field at the Role level (in SECF0099), and/or the WS_ACCESS_LOGGING_LEVEL value set at the system-wide level in GENF4720. (i.e. Person overrides Role, and Role overrides the system-wide (GENF4720) setting.) If this field is left blank (i.e. no value is selected) then the equivalent value specified at the Role level (in SECF0099), if specified, will apply. If no value is specified at the Person level (in this form) or the Role level (SECF0099), then the WS_ACCSES_LOGGING_LEVEL value in GENF4720 applies. Table value: PERSON_WS_METH_GRANT_V.OVRD_S_WS_ACCESS_LOG_LVL |
| Access Granted (check box) |
Select this check box to grant the Person access to run the web service method. To remove existing grants (i.e. where the check box is selected), deselect the check box. In this case, the 'Override System WS Access Logging Level' field value is automatically set to null (i.e. no value). If the web service method is closed, it is no longer accessible by an end user. Table value: PERSON_WS_METH_GRANT_V.GRANTED |
Last modified on 12 August, 2015 1:46 PM
History Information
| Release Version | Project | Change to Document |
| 17.1 | 2010 - API Improvements (Security) | New page |