![](/images/new-backgrounds/1149384/14938463x1.webp)
32Using the Open Provisioning Interface
Figure 9
Setting authentication headers
Authorization
After the OPI request is authenticated, you must be authorized before performing the action. The authorization includes both
Navigation
•
•
Domain-level authorization
Each administrator is assigned one or more domains for access and control, which can be overridden by the All domain access in role creation. For instance, the AS 5300 system might consist of three separate domains, Widget.com, Gadget.com, and Sprocket.com. An administrator, WidgetAdmin, can be created with only Widget.com in the list of provisionable domains. This limits WidgetAdmin to provisioning activities inside the Widget.com domain only, and does not permit access to the other domains. Therefore, if a request from WidgetAdmin comes in to modify a user outside of the Widget.com domain, it is rejected because it failed authorization. In addition, attempts to list domain information can only return Widget.com information.
Provisioning-level authorization
The Provisioning Manager of the AS 5300 system is broken into various major categories (Domains, Users, Telephony Routes, and so on). The provisioning system enables the creation of various administrator roles
Nortel AS 5300
Nortel Application Server 5300 Application Programming Interfaces Reference
11 June 2008
Copyright © 2008 Nortel Networks