Table of Contents
Advertisement
32 Using the Open Provisioning Interface
Figure 9
Setting authentication headers
Authorization
After the OPI request is authenticated, you must be authorized before
performing the action. The authorization includes both domain-level
authorization and provisioning-level authorization. If either authorization
fails, a SOAP fault is sent back, indicating the reason for failure, and the
action is not performed.
Navigation
•
•
Domain-level authorization
Each administrator is assigned one or more domains for access and
control, which can be overridden by the All domain access in role
creation. For instance, the AS 5300 system might consist of three
separate domains, Widget.com, Gadget.com, and Sprocket.com. An
administrator, WidgetAdmin, can be created with only Widget.com in the
list of provisionable domains. This limits WidgetAdmin to provisioning
activities inside the Widget.com domain only, and does not permit access
to the other domains. Therefore, if a request from WidgetAdmin comes in
to modify a user outside of the Widget.com domain, it is rejected because
it failed authorization. In addition, attempts to list domain information can
only return Widget.com information.
Provisioning-level authorization
The Provisioning Manager of the AS 5300 system is broken into various
major categories (Domains, Users, Telephony Routes, and so on). The
provisioning system enables the creation of various administrator roles
Nortel Application Server 5300 Application Programming Interfaces Reference
Copyright © 2008 Nortel Networks
.
"Domain-level authorization" (page 32)
"Provisioning-level authorization" (page 32)
Nortel AS 5300
NN42040-110 01.01 Standard
11 June 2008
Advertisement
Table of Contents
