As you work with SirsiDynix Symphony Web Services, it will be helpful to understand these terms.
session
In Web Services, a session is a collection of cached data associated to a session user by means of a session token. Data includes the user’s privilege level, library, user access, accountability, or other values passed with requests to the Symphony server that may affect session-sensitive operations.
session user
A session user is the user associated with a session token. To obtain the sessionToken element, you use the Security service loginUser operation. The logged in user is the session user.
The session user is the subject or actor in the request, and can be different than a user that is the object of a request. For example, the session user for a lookupUserInfo request may be a staff user looking up information about another user in the ILS.
session token
A session token is a universally unique token received at login and used to identify an authenticated user and any related session values on the Web Services server. The session token is sent with session-sensitive operations to identify the user and associated privileges. This token is sent in the sessionToken property of the SdHeader for SOAP requests. For REST requests, it is sent as a URL parameter with the key of “sessionToken=” or it is sent as a custom HTTP header keyed with “x-sirs-sessionToken”.
session-sensitive operation
Any operation where some aspect of session data affects what data is retrieved or how data is processed. For example, some privileged requests require an authenticated user in order to determine that sufficient privileges exist to complete the operation. The operation will fail otherwise.
self-service operation
A privileged request where the session user is also the object of the request, lookupMyAccountInfo in the Patron service, for example. All of the My operations in the Patron service are self-service operations.
privileged request
Any request that requires authentication (that is, it requires a session token). If the sessionToken property is absent, or if the session user does not have adequate privileges, the request will fail.
authenticated request
Any request that is sent with a sessionToken to specify something other than the default session environment.
Sending a sessionToken in an unprivileged request can affect the results depending on the operation. For example, if you include a sessionToken for an accountable user with a searchCatalog request, the response will include titles and items that would otherwise be restricted due to accountability.
unprivileged request
Any request that does not require authentication (that is, it does not require a sessionToken be sent in the header). Without a sessionToken, any ILS environment or session settings are derived from default settings specified on the Web Services server.
accountability operator
The optional Accountability module in the Symphony ILS allows libraries to restrict access to users and materials based on security clearance and need-to-know privileges. Only an accountability operator (a user with a User Access Policy with Accountability Operator enabled) can view or modify accountability data for accountable users or materials.
accountable user
A user with an accountability record (clearance, need to know, and so on).
Related topics
© 2009-2012 SirsiDynix