Page Comparison

...

Components participating in a Bit Repository where RequireOperationAuthorization in RepositorySettings have been set to true is required to authorise any operation prior to performing them. 

To authorise an operation a component must use the certificate used to sign the request and lookup its permissions in RepositorySettings.

• The operation can be authorised if the signing certificate have a suitable OperationPermission, see the Operation Permission model section for details.
• If no suitable OperationPermission can be found the component should reject the operation. 
  • In the event that the request is not an IdentifyRequest, i.e. an OperationRequest, the component should also send an Alarm to notify of the unauthorised request. 

...

• An Operation type. There is one Operation type for each operation type (see Protocol messages), and an a catch-all named "All"
• An optional list of allowed component IDs who are allowed to perform the operationwhere the permission applies i.e. a certificate is allowed to delete a file on PillarA but not on PillarB. If the list is not present it implies that there is no restriction
• An optional list of collection IDs where the OperationPermission applies. If the list is not present it implies that there is no restictionrestriction

To be a "suitable" OperationPermission, a request should match all of the available constraints (Operation type, component ID and collection ID).

...