| Top of Security | Index | Table of Contents | Feedback | |
This form is used to add or remove security grants to/from Web Service Methods for a specific Security Role for a selected Callista web service, and override authentication security/access settings at the system-wide level, if they exist.
This form is accessed in context of a Security Role via the WS Method Grants button in the 'Maintain Person Function Grants' (SECF0063) form.
Web Service Method grants specified at the Role security level via this form override Web Service Method grants specified at the system-wide (GENF4720 and SECF0100) level. (See Field Descriptions, below, for more information.)
Alternatively, web method access can be added and removed for individual users (i.e. at the Person level), via SECF0097. In this case it will override access granted at the Role or system-wide level for the specified web service method(s).
Once an end-user is granted access to a specific web service method via their Role (or at the Person level) they are able to run the method from either inside or outside the Callista Web Logic Server. It is up to the discretion of the institution as to whom to grant security access to run specific Callista web service methods (for example, administrators, students, external agents, etc.).
For more information, see the Web Services Online Help and 'Web Services Security' technical information in the Callista Product Centre - wiki.callista.com.au/display/CPC.
This form is accessed in context of a Security Role via the WS Method Grants button in the 'Maintain Security Role Function Grants' (SECF0063) form.
This block displays the context Security Role (from SECF0063) for which access to one or more web service methods will be granted.
Note: Access granted to web service methods for a Security Role in this form are overridden by access granted at the Person level, if specified, in SECF0097.
| Field: | Description: |
| Security Role | The Security Role to whom access will be granted to one or more web service methods. This is the Security Role specified in the parent form, SECF0063. This is a read-only field. Table value: SYS_SECURITY_ROLE.SECURITY_ROLE |
| Creation Date | The date the Security Role was created, as specified in the parent form, SECF0063. This is a read-only field. Table value: SYS_SECURITY_ROLE.CREATION_DT |
| Description | The description of the Security Role as specified in the parent form, SECF0063. This is a read-only field. Table value: SYS_SECURITY_ROLE.DESCRIPTION |
| Override block: | The fields in this block are used to override end user authentication granted at the system-wide security level (SECF0100 and GENF4720) for end users with the context Role security level. These setting may be overridden by the same settings at the Person level if specified in SECF0097. If you leave the following override fields blank, then override values specified at the Person level (in SECF0097); or if not specified at the Person level, then at the system-wide level (in the SECF0100 and GENF4720) will apply, including default values. |
| Accept WS End User | This field is used to override the default indicator 'Accept Web Services End Username' in the HTTP Header field setting configured in GENF4720 (i.e. Y or N). Entering a value in this field (i.e. at the Person security level) will override a value specified in the Accept WS End User field at the Role level in SECF0099. Select one of the following values from the pop list:
SYS_SECURITY_ROLE.OVRD_ACCEPT_WS_EU |
| WS End User Identifier | This field is used to override the default Web Service End User Mapping defined at the system-wide level in SECF0100 that is used to map the Web Service End Username to a Person ID existing within Callista SMS.
To identify the end-user username to be mapped to a Callista Person identifier when accessing a web service method, a 'web service end user identifier' (i.e. 'WS End User Identifier') must be selected in SECF0100. However, this system-wide setting can be overridden at the Role level via this field in this form (SECF0099), or at the Person level via SECF0097. (Note: The Person level overrides both the Role and system-wide settings. If no value is specified at the Person level then the Role setting overrides the system-wide setting.) The following values can be selected from the pop list:
Table value: SYS_SECURITY_ROLE.OVRD_WS_EU_IDENTIFIER |
| WS End User Alternate Person ID | This field is used to override the default 'WS End User Alternate Person ID Type' configured at the system-wide level in SECF0100 which is used to link LDAP end users with a Callista SMS end user when the end user attempts to run the web service method. A value is only required if the 'WS End User Identifier' field (see above) is set to 'Alternate Person ID' in this form. A value specified in this field is overridden at the Person level (in SECF0097) if a value is specified in the 'WS End User Alternate Person ID Type' field in SECF0097. Select the required Alternate Person ID Type from the list of values. These values are sourced from the ENRF01BO form (i.e. the PERSON_ID_TYPE table). Table value: SYS_SECURITY_ROLE.OVRD_WS_API_ID_TYPE |
Displays a list of all Callista web services to which the context Security Role can be granted access (in the Role Web Service Method block, below).
Note: It is not possible to grant a Role access to methods belonging to closed web services.
You can perform a query in this block to restrict the list of web services, for example, to a certain type of web service, or to all open web services.
| Field: | Description: |
| Web Service | Displays the name of the web service to which you can grant a Role access to run one or more methods belonging to the web service. Read-only field. Table value: S_WEB_SERVICE.S_WEB_SERVICE_NAME |
| Web Service Description | Displays the description of the web service. Read-only field. Table value: S_WEB_SERVICE.DESCRIPTION |
| Closed | Indicates if the web service is closed or not. You cannot grant a Role access to methods belonging to a closed web service. Read-only. (This value is set at the Table level.) Table value: S_WEB_SERVICE.CLOSED_IND |
This block displays a list of all methods for a web service selected in the Person Web Services block, above.
You can perform a query in this block to restrict the list of methods to certain types of methods or only methods to which access has already been granted, etc.
| Field: | Description: |
| Select or Deselect All (check box) |
Select this check box to grant the Role access to all methods for the selected web service. The Access Granted check box is then automatically selected for all methods belonging to the web service. If you deselect this check box for a selected web service, Role access grants are automatically removed from all methods belonging to the web service. In this case, the Access Granted check box is automatically deselected and the 'Override System WS Access Logging Level' field value is set to null (i.e. no value), for all methods. Alternatively, you can grant the Role access to methods (or remove access) individually, per method, via the following fields (see below). Table value: (non-database field) |
| Web Service Method | The name of the web service method. Table value: ROLE_WS_METH_GRANT_V.S_WEB_SERVICE_METHOD_NAME |
| Web Service Method Description | The description of the web service method. Table value: ROLE_WS_METH_GRANT_V.DESCRIPTION |
| Closed (check box) |
Indicates if the web service method is closed or not. You cannot grant a Role access to closed methods. Read-only. (This value is set at the Table level.) Table value: ROLE_WS_METH_GRANT_V.CLOSED_IND |
| Override System WS Access Logging Level | This field is used to override the 'WS Access Logging Level' value configured at the system-wide level in GENF4720 (which enables activity logging to be captured for the web service). This field is only enabled if the Access Granted check box (see below) is selected, and the web service method is not closed. Available values are:
A value set at the Person level in the 'Override System Web Service Access Log' field in SECF0097, will override a value specified for this field in this form (SECF0099). If this field is left blank (i.e. no value is selected) and no value is specified at the Person level (in SECF0097), then the WS_ACCESS_LOGGING_LEVEL value in GENF4720 applies. (That is, a value at the Person security level overrides a value at the Role security level, and a value at the Role level overrides the system-wide (GENF4720) setting.) Table value: ROLE_WS_METH_GRANT_V.OVRD_S_WS_ACCESS_LOG_LVL |
| Access Granted (check box) |
Select this check box to grant the Person access to run the web service method. To remove existing grants, deselect this check box. In this case, the 'Override System WS Access Logging Level' field value is automatically set to null (i.e. no value). If the web service method is closed, it is no longer accessible by an end user. Table value: ROLE_WS_METH_GRANT_V.GRANTED |
Last modified on 12 August, 2015 1:48 PM
History Information
| Release Version | Project | Change to Document |
| 17.1 | 2010 - API Improvements (Security) | New page |