How requests are processed
By default, the User Management Interface software processes every MedML element in a call independently and every change is applied immediately after the element is processed. If an element contains an error, only the changes before that element are applied. For example, if you attempt to add five users and you specify a disallowed character for the third user name, the first two users are added, and then processing stops at the third element. For information about how to change the processing mode, see Changing the processing mode.
Requests are subject to the following constraints:
- Processing time—The maximum allowed time for a single request is five minutes. Processing that exceeds the maximum time results in an error.
- Size of requests—Requests must be smaller than 5 MB.
- Case-sensitivity—The User Management Interface software requires the same case-sensitivity rule as the InForm application. Object references by name are case-sensitive. Objects whose names contain different cases (for example, "cra" and "CRA") are different objects.
- Sequence of operations—The caller is responsible for sequencing operations as required for semantic correctness (for example, users must exist before you can add them to a rights group).
Before the request is processed, the following operations are performed:
- The server logs the request (operation and user name only) to the event log for historical analysis.
- If you use a load balanced deployment method, the study name parameter is validated against the study name in the URL. If the two do not match, an error is returned.
For more information, see Load balanced deployment.
- The user name and password are extracted from the SOAP header and are validated against the InForm database. Only requests with valid credentials for active accounts are accepted and processed.
Multiple repeat requests with invalid passwords will disable the account and require administrative action according to existing InForm business logic. The allowed number of failed log-on attempts is set in the InForm application on the System Configuration page.
- Parameters are validated. If the request contains invalid content, an error is returned. For example, schema validation and InForm character restrictions are enforced.
The API uses a subset of the InForm MedML schema to describe provisioning data.