Security Role Settings
The following table lists the security roles.
| Role | Decimal value | Description |
|---|---|---|
| SECROLE_KNOWN_PPG | 256 | Known Push Proxy Gateway role.
Messages assigned this role indicate that the device knows the address to the Push Proxy Gateway. |
| SECROLE_MANAGER | 8 | Manager role.
This role holds the highest level of authority and is assigned to the user-authenticated message by default. This role provides permissions to change all of the settings on the device. Normally, this role is assigned to the mobile operator; however, it can be a assigned to a corporation or a user who bought the device without a mobile operator subsidy. |
| SECROLE_NONE | 0 | This role specifies that a message not be signed with a role. |
| SECROLE_OEM | 2 | Original equipment manufacturer (OEM) role.
This role is assigned to the original equipment manufacturer. By default, this role does not provide permissions to configure settings using over-the-air (OTA) messages. |
| SECROLE_OPERATOR | 4 | Mobile Operator role.
This role is assigned to OTA messages that are signed by the mobile operator's network PIN (IMSI in Global System for Mobile Communications [GSM]). OTA messages include wireless application protocol (WAP) push messages, Service Loading (SL), and Service Indication (SI) messages. The permissions associated with this role are determined by the settings that the mobile operator requires access to if the operator is not the manager of the phone or device. The mobile operator can determine whether this role and the SECROLE_OPERATOR_TPS role require the same permissions. |
| SECROLE_OPERATOR_TPS | 128 | Trusted Provisioning Server role.
This role is assigned to WAP messages that come from a Push Initiator that is authenticated (SECROLE_PPG_AUTH) by a trusted Push Proxy Gateway (SECROLE_TRUSTED_PPG), and where the Uniform Resource Identifier (URI) of the Push Initiator corresponds to the URI of the Trusted Provisioning Server (TPS) on the device. The mobile operator can determine whether this role and the SECROLE_OPERATOR role require the same permissions.. |
| SECROLE_PPG_AUTH | 1024 | Push Initiator Authenticated role.
Messages assigned this role indicate that the Push Initiator is authenticated by the Push Proxy Gateway. This role implies that the device trusts the Push Proxy Gateway (SECROLE_TRUSTED_PPG). |
| SECROLE_PPG_TRUSTED | 2048 | Trusted Push Proxy Gateway role.
Messages assigned this role indicate that the content sent by the Push Initiator is trusted by the Push Proxy Gateway. This role implies that the device trusts the Push Proxy Gateway (SECROLE_TRUSTED_PPG). |
| SECROLE_TRUSTED_PPG | 512 | Device Trusted Push Proxy Gateway role.
Messages assigned this role indicate that the Push Proxy Gateway is known and trusted by the device. The address of the Push Proxy Gateway is compared with the trusted Push Proxy Gateway address stored on the device. |
| SECROLE_USER_AUTH | 16 | User Authenticated role.
This role is assigned to the following types of messages:
The permissions associated with this role are determined by the settings that the user requires access to if the user is not the manager of the device. PPC: User Authenticated role. This role is obtained through the user interface (UI), remote API (RAPI), perimeter security, WAP user-PIN-signed messages, the root store, and the SPC store. This role is assigned to the following types of messages:
The permissions associated with this role are determined by the settings that the user requires access to if he or she is not the manager of the device. |
| SECROLE_USER_UNAUTH | 64 | User Unauthenticated role.
This role is assigned to unsigned WAP push messages, and to unsigned .cab files. This role provides permissions to install a Today screen or ring tones. |
See Also
Security Policies and Roles | Application Trust Levels | Metabase Provisioning
Send feedback on this topic to the authors.
© 2005 Microsoft Corporation. All rights reserved.