Authorization

Authorization is the process of ensuring that the caller invokes services that the caller is allowed to execute, according to the caller’s SICS user profile.

When receiving a service call request, SICS API Server verifies whether the SICS user identified by the “User ID” (present in the Authentication Token) has Access Rights to execute the service, according to the (existing) security set-up defined via the SICS System Administration utility.

See also SICS API Server - Installation Guide, on how to set up your own authorization policy.

Thus, all web services are subjected to Usecase Authorization.

This security feature also supports the SICS’s “Domain Restrictions”: When SICS API Server executes a service that reuses an on-line function (Business Process) for which a Domain Restriction has been defined, SICS API Server performs the same domain restriction check that the SICS Workstation would have performed.

Exceptions #

The following services are not subject to usecase authorization/domain restrictions:

Service	Description
Chained Operations	In a chained operation, security checks are applied as the operations are processed one by one in a sequence. If a chained operation fails to a pass usecase security and/or domain restriction, the whole group of chained operation is rejected with an error message. Since each operation (each service call) is protected by usecase authorization and domain restrictions, it is not necessary to apply the same on chainedOperations.
isAvailable	No security check
Resend Requests	If the incoming SOAP request is a valid ‘resend’ request and the indicated message was not already processed, then the incoming request will be processed again. However, if the log record’s `userIdForLogging` field is present (not nil/NULL), the system will first verify that this value matches the `userForAuthorization`. In the event of a mismatch, a SOAPFault is returned. This means that you should always use `userIdForLogging` when using Authentication Token to ensure proper authorization.