Table 6. Category API org.systinet.uddi.client.category.v3.CategoryApi Description operation action Allows to call the set_category operation. ApiUserPermission is not sufficient to call the operation. set_category Allows to call the add_category operation. ApiUserPermission is not sufficient to call the operation. add_category Allows to call the move_category operation. ApiUserPermission is not sufficient to call the operation. move_category Allows to call the delete_category operation. ApiUserPermission is not sufficient to call the operation. delete_category Not used. find_category Not used. get_category Not used. get_rootCategory Not used. get_rootPath Table 7. Custody API org.systinet.uddi.client.custody.v3.UDDI_CustodyTransfer_PortType Description operation action Allows to call the get_transferToken operation on foreign entities. get_transferToken Allows to call the discard_transferToken operation on foreign tokens. discard_transferToken Table 8. Group API org.systinet.uddi.group.GroupApi Description operation action Allows to find foreign private groups. find_group Allows to get foreign private groups. get_group Allows to saveupdate foreign groups. save_group Allows to delete foreign groups. delete_group Not used. where_amI Not used. find_user Not used. add_user Not used. remove_user Page 370

6.5. ApiManagerPermission Reference

Table 9. Inquiry V1 API org.systinet.uddi.client.v1.InquireSoap Description operation action Allows to find all bindingTemplates despite ACL rights. find_binding Allows to find all businessEntities despite ACL rights. find_business Allows to find all services despite ACL rights. find_services Allows to find all tModels despite ACL rights. find_tModel Allows to get any bindingTemplate despite ACL rights. get_bindingDetail Allows to get any businessEntity despite ACL rights. get_businessDetail Not used. get_businessDetailExt Allows to get any businessService despite ACL rights. get_serviceDetail Allows to get any tModel despite ACL rights. get_tModelDetail Table 10. Inquiry V2 API org.systinet.uddi.client.v2.Inquire Description operation action Allows to find all bindingTemplates despite ACL rights. find_binding Allows to find all businessEntities despite ACL rights. find_business Allows to find all related businessEntities despite ACL rights. find_relatedBusinesses Allows to find all services despite ACL rights. find_services Allows to find all tModels despite ACL rights. find_tModel Allows to get any bindingTemplate despite ACL rights. get_bindingDetail Allows to get any businessEntity despite ACL rights. get_businessDetail Not used. get_businessDetailExt Allows to get any businessService despite ACL rights. get_serviceDetail Allows to get any tModel despite ACL rights. get_tModelDetail Table 11. Inquiry V3 API org.systinet.uddi.client.v3.UDDI_Inquiry_PortType Description operation action Allows to find all bindingTemplates despite ACL rights. find_binding Allows to find all businessEntities despite ACL rights. find_business Allows to find all related businessEntities despite ACL rights. find_relatedBusinesses Allows to find all services despite ACL rights. find_services Allows to find all tModels despite ACL rights. find_tModel Allows to get any bindingTemplate despite ACL rights. get_bindingDetail Allows to get any businessEntity despite ACL rights. get_businessDetail Not used. get_operationalInfo Allows to get any businessService despite ACL rights. get_serviceDetail Allows to get any tModel despite ACL rights. get_tModelDetail Page 371

6.5. ApiManagerPermission Reference

Table 12. Permission API org.systinet.uddi.permission.PermissionApi Description operation action Allows to call the get_permission operation on foreign accounts and groups. get_permission Allows to call the set_permission operation. ApiUserPermission is not sufficient to call the operation. set_permission Allows to call the who_hasPermission operation. ApiUserPermission is not sufficient to call the operation. who_hasPermission Allows to call the find_principal operation. ApiUserPermission is not sufficient to call the operation. find_principal Table 13. Publishing V1 API org.systinet.uddi.client.v1.PublishSoap Description operation action Allows deletion of any bindingTemplate despite ACL rights. delete_binding Allows deletion of any businessEntity despite ACL rights delete_business Allows deletion of any businessService despite ACL rights delete_service Allows deletion of any tModel despite ACL rights delete_tModel Allows to update any bindingTemplate or create new bindingTemplate in any businessService despite ACL rights. Skips bindings limit checking. save_binding Allows to update any businessEntity despite ACL rights. Skips businesses limit checking. save_business Allows to update any businessService or create new businessService in any businessEntity despite ACL rights. Skips services limit checking. save_service Allows to update any tModel despite ACL rights. Skips tModels limit checking. save_tModel Not used. get_authToken Not used. discard_authToken Not used. get_registeredInfo Not used. validate_categorization Page 372

6.5. ApiManagerPermission Reference

Table 14. Publishing V2 API org.systinet.uddi.client.v2.Publish Description operation action Allows deletion of any bindingTemplate despite ACL rights. delete_binding Allows deletion of any businessEntity despite ACL rights delete_business Allows deletion of any businessService despite ACL rights delete_service Allows deletion of any tModel despite ACL rights delete_tModel Allows to update any bindingTemplate or create new bindingTemplate in any businessService despite ACL rights. Skips bindings limit checking. save_binding Allows to update any businessEntity despite ACL rights. Skips businesses limit checking. save_business Allows to update any businessService or create new businessService in any businessEntity despite ACL rights. Skips services limit checking. save_service Allows to update any tModel despite ACL rights. Skips tModels limit checking. save_tModel Skips assertions limit checking in add_publisherAssertions operation. add_publisherAssertions Skips assertions limit checking in set_publisherAssertions operation. set_publisherAssertions Not used. delete_publisherAssertions Not used. get_publisherAssertions Not used. get_assertionStatusReport Not used. get_authToken Not used. discard_authToken Not used. get_registeredInfo Table 15. Publishing V3 API org.systinet.uddi.client.v3.UDDI_Publication_PortType Description operation action Allows deletion of any bindingTemplate despite ACL rights. delete_binding Allows deletion of any businessEntity despite ACL rights delete_business Allows deletion of any businessService despite ACL rights delete_service Allows deletion of any tModel despite ACL rights delete_tModel Allows to update any bindingTemplate or create new bindingTemplate in any businessService despite ACL rights. Skips bindings limit checking. save_binding Allows to update any businessEntity despite ACL rights. Skips businesses limit checking. save_business Allows to update any businessService or create new businessService in any businessEntity despite ACL rights. Skips services limit checking. save_service Allows to update any tModel despite ACL rights. Skips tModels limit checking. save_tModel Skips assertions limit checking in add_publisherAssertions operation. add_publisherAssertions Skips assertions limit checking in set_publisherAssertions operation. set_publisherAssertions Not used. delete_publisherAssertions Not used. get_publisherAssertions Not used. get_assertionStatusReport Not used. get_registeredInfo Page 373

6.5. ApiManagerPermission Reference

Table 16. Replication V3 API org.systinet.uddi.replication.v3.ReplicationApi Description operation action Allows to call the replicate operation. ApiUserPermission is not sufficient to call the operation. replicate Table 17. Statistics API org.systinet.uddi.statistics.StatisticsApi Description operation action Allows to call the get_accessStatistics operation. ApiUserPermission is not sufficient to call the operation. get_accessStatistics Allows to call the reset_accessStatistics operation. ApiUserPermission is not sufficient to call the operation. reset_accessStatistics Allows to call the get_structureStatistics operation. ApiUserPermission is not sufficient to call the operation. get_structureStatistics T a b l e 1 8 . S u b s c r i p t i o n V 3 A P I org.systinet.uddi.client.subscription.v3.UDDI_Subscription_PortType Description operation action Allows to delete any subscription despite the caller is not a subscription owner. delete_subscription Allows to update any subscription despite the caller is not a subscription owner. Skips subscription limit checking. save_subscription Allows to get result of any subscription despite the caller is not a subscription owner. get_subscriptionResults Allows to get any subscription despite the caller is not a subscription owner. get_subscriptions Table 19. Taxonomy API com.systinet.uddi.taxonomy.v3.TaxonomyApi Description operation action Allows to obtain all categories in the taxonomy. get_taxonomy Not used. find_taxonomy Allows to call the save_taxonomy operation. ApiUserPermission is not sufficient to call the operation. save_taxonomy Allows to call the delete_taxonomy operation. ApiUserPermission is not sufficient to call the operation. delete_taxonomy Allows to call the download_taxonomy operation. ApiUserPermission is not sufficient to call the operation. download_taxonomy Allows to call the upload_taxonomy operation. ApiUserPermission is not sufficient to call the operation. upload_taxonomy

7. Approval Process Principles

In this section, we will focus on approval process from the administrators point of view. We assume you are familiar with basic principles of approval process described in the Users Guide, Section 1.5, Approval Process in Oracle Service Registry . Approval process includes two types of registries: a publication registry and a discovery registry . The publication registry is used for testing and verification of the accuracy of data. Users publish data to the publication registry. The discovery Page 374

7. Approval Process Principles

registry houses approved data. It has no publishing API, but supports other Oracle Service Registry APIs including inquiry, subscriptions, accounts, and so on. In actual fact, the administrator can publish data to the discovery registry, but this is an exception. Note Both publication and discovery registries must be running so that user accounts may be synchronized. When the discovery registry is down, it is not possible to register a new user account on the publication registry. The accounts on publication and discovery registry are nearly the same. Accounts created on the publication registry and also all their changes are replicated to the discovery registry. But accounts can exist on the discovery registry that do not exist on publishing registry. The discovery registry contains right read-only data and can therefore be accessible for more users. It is possible to create accounts with inquiry and subscription privileges on the discovery registry that do not exist on the publishing registry. Note again that there is no Publish API on the discovery registry except for administrator; the only way to publish data to the discovery registry is via the approval process. Put another way: all accounts on the publication registry exist on the discovery registry, but not all accounts on discovery registry exist on publication registry. When promotion is requested, automatic context checking is performed to ensure the consistency of data. For example, if a business service is contained in the keys for saving in the approval request and its business entity is missing on both the discovery registry and in the request, then the request for approval fails. The automatic context checker checks the integrity of data. If an entity is contained in keys for saving, then the parent entity must already exist on the discovery registry or be contained in keys for saving to the discovery registry. For detailed information, please see Users Guide, Section Context Checking .

7.1. Approval Process Roles

As noted above, the approval process registry has several roles associated with it: • Section 7.1.1, Requestor • Section 7.1.2, Approver • Section 7.1.3, autoApprover • Section 7.1.4, Administrator

7.1.1. Requestor

The requestor is a user on the publication registry who can ask for approval of data for promotion. Every user can ask for approval, but to be a requestor requires an administrator-assigned approval contact. If a user does not have at least one assigned approval contact, an exception is thrown when this user asks for approval. There is no way for such a user to promote data to the discovery registry. By assigning approval contacts, the administrator determines whether to give users the opportunity to publish data to the discovery registry. During the creation of users via the Oracle Service Registry console or via API, the default approver, administrator, is assigned for all newly created users on the publication registry. The default approval contact for all users is administrator , though this does not apply to users defined in an external repository LDAP. Note that demo data does not come with assigned approval contact. For example, the user demo_john does not have an assigned approver, thus the administrator must assign this user an approval contact in order for him to make a request. For more information on the requestors role, see the section Section 1.5.1, Requestors Actions . Page 375

7.1.1. Requestor