2 Access Control
This section describes how to manage access control in Moab Web Services.
2.1 Application Accounts
Applications are the consumers of MWS. They include Moab Viewpoint and
other applications that need the resources provided by MWS. An application
account consists of four editable fields and resource specific access control settings:
|Field||Required||Default Value||Value Type||Maximum Length||Description|
|Application Name||Yes||-||String||32||The name of the application. Must start with a letter and may contain letters, digits, underscores, periods, hyphens, apostrophes, and spaces.|
|Username||Yes||-||String||32||Used for authentication. Must start with a letter and may contain letters, digits, underscores, periods, and hyphens.|
|Description||No||-||String||1000||The description of the application.|
|Enabled||-||true||Boolean||-||Controls whether the application is allowed to access MWS.|
|Access Control Settings||Yes||All Permissions||-||-||The permissions granted to the application. This is controlled by selecting specific check boxes in a grid.|
An application account also contains an auto-generated password
that is visible only when creating the account or when resetting its
password. Whenever an application sends a REST request to MWS, it needs
to pass its credentials (username and password) in a Basic Authentication
header. See the Authentication
section for more information.
The Application Name
is a human-friendly way to identify an application
account, but MWS does not use it during authentication (or at any other
time, for that matter).
field is set to true automatically when an application
account is created. To change the value of this field, see
Modifying an Application Account
Here is an example of how you might set the fields when creating an
- Application Name: Moab Viewpoint
- Username: viewpoint
- Description: This application account grants access to Moab Viewpoint for Moab Cloud Suite.
The permissions granted to an application account may be customized while creating or modifying
the account. See Creating an Application Account
Modifying an Application Account
2.1.1 Managing Application Accounts
Application accounts are used to grant access to MWS. Every application
with an application account must be granted at least one access
control permission to a resource in MWS. To manage application accounts, start with
Listing Application Accounts
2.1.2 Listing Application Accounts
To list all applications accounts, browse to the MWS home page
for example). Log in as the admin user, then
and then Application Accounts
Each column (except Password) can be sorted in ascending or descending
order by clicking on the column heading.
2.1.3 Creating an Application Account
To create an application account, go to the Application List
and click Add Application
. The Application Name
are required fields. See Application Accounts
for more information on the fields.
Access to specific resources and plugin custom web services is granted or
revoked by checking or unchecking the check boxes in the respective
resources or plugin web services access control sections.
For each resource, access may be granted to a resource for each method
supported by MWS, including GET, POST, PUT, and DELETE. See the figure below
for an example.
In this example, the application has access to all available methods for the Access
Control Lists and Accounts resources as well as to retrieve the Events resource through
the GET method, but is denied the permission to create new events through the POST method.
Access may also be granted to each plugin type's custom web service(s). When
new plugin types or plugin web services are added to MWS, applications must be
updated with the new access control settings. See below for an example.
In this example, the application has access to all the custom web services defined for the
"Test" plugin type. Note that though Unsecured Web Services are listed, access to them
cannot be denied (see Exposing Web Services
2.1.4 Displaying an Application Account
To show information about an application account, go to the
page and click the desired application name.
In addition to displaying the values for fields, grids are also displayed
which represent the application's access control permissions defined for resources and
plugin custom web services. Examples of the resources and the plugin web services
access control displays are shown below.
2.1.5 Modifying an Application Account
To modify an application account, go to the Application List
click the desired application name, and then click Edit
Creating an Application Account
information on available fields and access control settings.
2.1.6 Resetting an Application Password
To reset an application password, go to the Application List
click the Reset
link for the desired application. Alternatively, go to
the Display Application
page for the desired application and click the
2.1.7 Deleting an Application Account
To delete an application account, go to the Application List
the desired application name, and then click Delete
. A confirmation
message is shown. If the OK
button is clicked, the application account
is deleted from the system and cannot be recovered.