Web service security is controlled by the security policies associated with the Web service’s security functional name. For more information on general web service security see the Web Service Security section of the Creating Custom Web Services chapter in the ATG Web Services Guide.

The security functional name for each Web service is included in the sections about each web services in this chapter. The standard security policy is described in the Managing Access Control chapter of the ATG Platform Programming GuideATG Platform Programming Guide. The ProfileOwnerPolicy and RelativeRoleByProfileOrgPolicy are described in the Profile-Related Security Policies section in the Web Services for Personalization and Scenarios chapter of the ATG Personalization Programming Guide. The OrderOwnerPolicy is described in the Using the Order Owner Security Policy section of this chapter.

The following table lists the recommended security policy for each security functional name.

Security Functional Name

Recommended Security Policy

catalog

Standard security policy with an ACL that lists everyone that is allowed to view the catalog. This ACL will probably include all users.

couponClaims

ProfileOwnerPolicy

getCurrentOrderId

none recommended

inventory

Standard SecurityPolicy with an ACL that lists those that are allowed to call the inventory services. This ACL will probably include all users.

inventoryAdministration

Standard SecurityPolicy with an ACL that lists all users that are allowed to manage inventory.

itemPricing

ProfileOwnerPolicy

orderCreation

Standard SecurityPolicy with ACL that lists users that are allowed to create orders.

orderCreationForUser

Standard SecurityPolicy with ACL that lists users that are allowed to create orders for other users such as administrators and customer service representatives. Another option is to use the RelativeRoleByProfileOrgPolicy to define access relative to a user’s organization.

orderLookupOperation

ProfileOwnerPolicy

orderManagement

OrderOwnerPolicy

orderPricing

OrderOwnerPolicy

profileOwnerOperation

ProfileOwnerPolicy

profileOwnerOperation

ProfileOwnerPolicy

promotionManagement

ProfileOwnerPolicy


Copyright © 1997, 2013 Oracle and/or its affiliates. All rights reserved. Legal Notices