Authorization During Calls to Namespaces and
Procedures
In Microsoft®
Provisioning Framework (MPF), authorization
to call a can be restricted to trustees that are members of a
discretionary access control list (DACL). DACLs can be defined
globally for all procedures in a namespace and/or by individual
procedure by configuring the namespace Security property.
For more information, see .
At the procedure level, authorization can also be governed by
two other factors:
- The procedure access type: A procedure can be public or
private, and the caller must have permission for the access type.
Public procedures are accessible to external callers, but private
procedures are only accessible to authorized callers and public
procedures. MPF uses this mechanism to concentrate validation on a
small number of public procedures. Authorization to execute private
procedures is governed by the Execute Private Procedures
property in Provisioning
Manager. For more information, see and Provisioning Engines. If
this property is disabled, the caller can only access public
procedures. For individual procedures, the Access type
property governs access; for more information, see Procedures.
- Whether the procedure has an "execute as" basic
authentication credential: This type of credential extends all
eligible callers a unified set of privileges. For more information,
see Basic
Authentication.
See Also
Access Control
Basics