Session and Authorization

A successful validation returns a SID that is associated with the validated username, whether it is the user name supplied for login or the proxy contact specified in a policy. Because of this process, each CA SDM user is assigned security rights that you may want enforced in your web service application.
casm1401
A successful validation returns a SID that is associated with the validated username, whether it is the user name supplied for login or the proxy contact specified in a policy. Because of this process, each CA SDM user is assigned security rights that you may want enforced in your web service application.
For example, a specific user may have a Data Partition restricting which Requests the user can view. When using a SID for the user to get Request information, the CA SDM system ensures the data partition is enforced.
Function Group security is also applied. For example, a user may not have access to the Call Manager function group. Invoking any web services methods, such as viewing or creating Requests, is denied because access is denied to the Call Manager function group.
When your application is finished doing work for a user, call the Logout() method to invalidate the SID.
Each SID expires after a period of inactivity. That is, a SID expires if the interval between method calls is greater than a certain timeout value. The timeout interval is set in Options Manager and is specified by the following CA SDM option:
'webservice_session_timeout'
If this value is set to zero (0), a SID never times out. If this option is missing or not set, the default is one hour. If a Web Service method is called with an expired SID, a Fault is returned with an error code of UDS_SESSION_TIMEOUT the first time it is referenced, and UDS_BAD_SESSION each time thereafter.
To keep a SID active, call any web service method before the time out is reached. To keep the SID active without working the server, call serverStatus().