Security
By default web services run in the context of the user calling them or in the context of a service account running another tool. This use of Windows Authentication or Basic Authentication allows the use of the Security Roles in SoftwareCentral.
 |
When using Basic Authentication, a new web site must be configured with only Basic Authentication enabled. The username and password used must be of an AD user, who is a member of a Security Role with access to the target web site. |
A calling user must be member of a Security Role with access to the web service, computers, packages, computer templates and so on. The user can only operate on items that are assigned to the users Security Role.
If the calling user is a service account, then the service account must be member of a Security Role.
All calls to web services are logged in the SoftwareCentral log with the calling username.
To create a Security Role, see the Security roles manual.
|
If a user is a member of more than one Security Role, the first Security Role, in alphabetically order, will be used by the web service. |
To assign a web service to one or more Security Roles, go to the Web Services interface and click on the "Manage" button next to the web service you wish to configure.
In the window that opens, go to the security tab:
Select the Security Roles that are allowed to call this web service and click on the Save button.
If you enable anonymous access, you must configure a new site for SoftwareCentral with anonymous authentication. The web service can then be called from this site without a user.
|
Web Services that are accessed anonymously has access to all resources. |