test

Oracle Waveset 8.1.1 Deployment Guide

Using Authorization Types

Authorization Type (AuthType) objects are members of the Configuration:AuthorizationTypes objects. An AuthType object can be assigned directly by an authType attribute member of a persistent object or indirectly through an AdminGroup (described below).

Configuration:AuthorizationTypes Object

The Configuration:AuthorizationTypes object defines valid authorization types. Each authorization type is declared in an <AuthType> element:

<AuthType name=’SPML’ extends=’Configuration’/>

The AuthTypes element contains a list of AuthType elements. Each AuthType has, at minimum, a name attribute and typically an extends attribute. The value of the extends attribute must be the name of another authorization type or repository type.

You can add or remove authorization types by modifying this object. You can modify the Configuration:AuthorizationTypes only by editing its XML representation.

AuthType Element

This element requires the name property. The example below displays the correct syntax for an <AuthType> element. The following example shows how to add a custom task to move multiple users into a new organization.


<Configuration name=’AuthorizationTypes’>
   <Extension>
      <AuthTypes>
         <AuthType name=’Move User’ extends=’TaskDefinition,TaskInstance,TaskTemplate’/>
      </AuthTypes>
   </Extension>
</Configuration>

The AuthType element supports the following attributes.

Table 2–1 AuthType Attributes

AuthType Object Attributes 

Description 

name

Identifies the authorization type. 

extends

Specifies the name of one or more authorization types or repository types that become the supertype of this type. Rights granted by the supertype are inherited. 

displayName

Provides an alternate display name for this type, typically a message catalog key. 

auditKey

Identifies the audit log key to be used for audit records associated with objects of this type. If none is specified, the audit key of the base type is used. 

allowedRights

Provides a comma delimited list of right names. This defines the rights that can be used with this authorization type in a permission definition. If not specified, all rights are allowed.