Access Profiles
---------------

A logged in user is associated with an Access Profile
that specifies access permissions to operations and models.

A user's Access Profile may not apply to models that are included
or referenced in for example GUI Rules, Wizards or models that
provide choices.

For example, when API calls are made to models that contain choices, 
such as:

::

   GET api/data/DataSync/add/?schema_rules=&schema=&format=json


then any model GET calls that are carried out to provide the list
of choices are shown with a generated ``auth_token`` that is required
to provide access to these GET calls. This can be seen in the
returned schema, for example, for the ``target`` call to show the 
choices available for ``sync_order`` in ``data/DataSync`` 
(``[hierarchy]`` is substituted with the GET caller hierarchy ID.):


::

   sync_order: {
   target: "/api/data/ModelTypeList/choices/?hierarchy=[hierarchy]&
    field=name&format=json&
    auth_token=[auth_token]"
   title: "Synchronization Order"
   description: "The selected 'ordered' model type list that was created 
   as a model instance of the Model Type List. This list dictates the 
   order in which models will be synchronized. See: Model Type List."
   format: "uri"
   choices: [ ]
   target_attr: "name"
   target_model_type: "data/ModelTypeList"
   type: "string"


This ``auth_token`` parameter is required to provide authorization to access the 
``data/ModelTypeList``, which may not be available in a user's Access Profile.


.. |VOSS Automate| replace:: VOSS Automate
.. |Unified CM| replace:: Unified CM