Hi Rati
The Open API definitions do not deal with consumer authorization. The assumption is that there is authorization control applied externally (e.g. in an API gateway) so that only allowed roles can invoke an API operation. This could be made more fine-grained, to attribute level, depending on the capabilities you have in your control system.
Specifically for this example, we could imagine (perhaps) that a Service Order might be exposed to engineering staff by some internal UI, and these people might need to update the dates according to actual progress in the order. Even though the original submitter of the service order would probably not be able to update the dates.
But adding
@Ludovic Robert to comment as well.
Hope it helps
------------------------------
Jonathan Goldberg
Amdocs Management Limited
Any opinions and statements made by me on this forum are purely personal, and do not necessarily reflect the position of the TM Forum or my employer.
------------------------------
Original Message:
Sent: Sep 28, 2020 22:06
From: Rati Mehrotra
Subject: TMF 641 - clarification around expectedCompletionDate
Hi All,
641 has an attribute expectedCompletionDate and completionDate. The definition says
expectedCompletionDate
|
A date time (DateTime). Expected delivery date amended by the provider.
|
completionDate
|
A date time (DateTime). Effective delivery date amended by the provider.
|
and it is also marked as a PATCHable attribute in the document.
Wanted to understand how can consumer patch it when it is the expected date from provider. Or does PATCHable attribute mean that it can be modified by provider and consumers both ?
Thanks,
Rati
@Uma Lakshman
------------------------------
Rati Mehrotra
Telstra Corporation
------------------------------