In Microsoft Provisioning Framework (MPF), authorization to call a namespace can be restricted to trustees that are members of a discretionary access control list (DACL). By configuring the Security property of a namespace, you can implement DACLs globally for all procedures in that namespace. You can also configure DACLs separately for individual procedures by configuring the Security property of each procedure.
At the procedure level, authorization is also governed by two other factors:
A procedure can be public or private, and the caller must have permission for the access type. Public procedures are accessible to external callers, but private procedures are only accessible to authorized callers and public procedures. MPF uses this mechanism to concentrate validation on a small number of public procedures. You can configure the access type for procedures by setting the Access type property of each procedure
Authorization to execute private procedures is governed by the Execute Private Procedures property in Provisioning Manager. If this permission is set to deny access, the caller can only access public procedures.
This type of credential extends specific permission to all eligible callers of that procedure. For more information, see Basic authentication.