Authorization During Calls to Namespaces and Procedures
In Microsoft® Provisioning Framework (MPF), authorization to call a namespace can be restricted to trustees that are members of a discretionary access control list (DACL). DACLs can be defined globally for all procedures in a namespace and/or by individual procedure by configuring the namespace Security property. For more information, see Namespaces.
At the procedure level, authorization can also be governed by two other factors:
- The procedure access type: A procedure can be public or private, and the caller must have permission for the access type. Public procedures are accessible to external callers, but private procedures are only accessible to authorized callers and public procedures. MPF uses this mechanism to concentrate validation on a small number of public procedures. Authorization to execute private procedures is governed by the Execute Private Procedures property in Provisioning Manager. For more information, see Authorization During Request Submittal and Provisioning Engines. If this property is disabled, the caller can only access public procedures. For individual procedures, the Access type property governs access; for more information, see Procedures.
- Whether the procedure has an "execute as" basic authentication credential: This type of credential extends all eligible callers a unified set of privileges. For more information, see Basic Authentication.
Access Control Basics
Top of Page
© 1999-2002 Microsoft Corporation. All rights reserved.