Metabase Provisioning
The settings for the mobile device system resources, such as registry keys and APIs, are contained in a database referred to as the metabase. Each metabase entry corresponds to a setting and is associated with an access role that indicates which security roles are required to configure the setting. You can create or modify your provisioning XML document to change these metabase settings. You can deliver the document to a device as a WAP push message.
The following table lists the default security roles for different types of metabase entries.
| Required Role | Metabase entries for |
|---|---|
| Manager role | All Configuration Service Provider settings |
| Mobile Operator role
-or- Trusted Provisioning Server role |
All cellular-specific settings, both voice and Short Message Service (SMS) |
| User Unauthenticated role | One of the following screen and ring tone folder settings:
Also, the corresponding registry keys |
Note When you use the Remote API (RAPI)to change registry and file settings, the value of the RAPI Policy determines which role is assigned to the RAPI call. This role is checked against the metabase to determine whether the change is permitted. For more information about RAPI, see Security Policy Settings.
Security roles are assigned to WAP push messages based on the message origin and how the messages are signed. Role assignment and the Unauthenticated Messages and WAP Signed Message policy settings determine whether the Windows Mobile device accepts unsigned and signed WAP push messages. For more information about security policies, see Security Policies.
You sign a WAP push message by adding a parm SEC element to the message. The value determines which security role is assigned to the message, as shown in the following table. For more information about OTA provisioning through WAP push see Provisioning OTA Through a WAP Push.
| Value | Role assignment |
|---|---|
| NETWPIN | Mobile Operator role |
| USERNETWPIN | Mobile Operator and User Authenticated roles |
| USERPIN | User Authenticated role |
| USERPINMAC | User Authenticated role |
See Also
Provisioning for Windows Mobile Devices | Modifying the Security Policy Provisioning Document | Creating the Provisioning XML for Signed Binary Files | Security Roles
Send feedback on this topic to the authors.
© 2005 Microsoft Corporation. All rights reserved.