Authorization, Navigation, Domain-level authorization – Nortel Networks AS 5300 User Manual

32

Using the Open Provisioning Interface

Figure 9
Setting authentication headers

Authorization

After the OPI request is authenticated, you must be authorized before
performing the action. The authorization includes both domain-level
authorization and provisioning-level authorization. If either authorization
fails, a SOAP fault is sent back, indicating the reason for failure, and the
action is not performed.

Navigation

•

"Domain-level authorization" (page 32)

•

"Provisioning-level authorization" (page 32)

Domain-level authorization

Each administrator is assigned one or more domains for access and
control, which can be overridden by the All domain access in role
creation. For instance, the AS 5300 system might consist of three
separate domains, Widget.com, Gadget.com, and Sprocket.com. An
administrator, WidgetAdmin, can be created with only Widget.com in the
list of provisionable domains. This limits WidgetAdmin to provisioning
activities inside the Widget.com domain only, and does not permit access
to the other domains. Therefore, if a request from WidgetAdmin comes in
to modify a user outside of the Widget.com domain, it is rejected because
it failed authorization. In addition, attempts to list domain information can
only return Widget.com information.

Provisioning-level authorization

The Provisioning Manager of the AS 5300 system is broken into various
major categories (Domains, Users, Telephony Routes, and so on). The
provisioning system enables the creation of various administrator roles

Nortel AS 5300

Nortel Application Server 5300 Application Programming Interfaces Reference

NN42040-110

01.01

Standard

11 June 2008

Copyright © 2008 Nortel Networks

.