1. Library Control Interface (SCI) Reference Guide
  2. Secure Development Guide
  3. Authorization by Role

Authorization by Role

All inbound SCI methods require authorization. Only certain roles can execute some methods.

The roles are abbreviated as:

  • S1 (service), S2 (advanced service), S3 (escalation)
  • C1 (operator), C2 (user), C3 (admin)
  • I (installer)
  • All (viewer, all service roles, all customer roles, and installer)

The services (S) and customer (C) roles have increasing privileges. The method descriptions in Library Inbound Methods list the lowest role that can execute the method. Higher privileged roles can also execute the command. For example, a method labeled "C2,S2" can be executed by C2 (user), C3 (admin), S2 (advanced service), or S3 (escalation).

A customer-created SCI program can only use the customer roles of Viewer, Operator, User, or Administrator. Developers should examine the method they intend to use and choose the lowest of the four available roles. Then library Administrator can create a library user with that role for the client program and then provide the id and password to the client program. For information on creating a library user through the GUI, see Add, Modify, or Delete a User in the SL4000 Library Guide.

Outbound SCI is one of several forms of “notification" provided by the library. Use the GUI to configure the outbound SCI clients (see Configure Outbound SCI Notifications in the SL4000 Library Guide). If the outbound SCI server will perform authentication, you must select HTTPS and provide an id and password. You cannot use authentication credentials if you select HTTP.