Share via


Metabase Provisioning

The settings for the mobile device system resources, such as registry keys and APIs, are contained in a database referred to as the metabase. Each metabase entry corresponds to a setting and is associated with an access role that indicates which security roles are required to configure the setting. You can create or modify your provisioning XML document to change these metabase settings. You can deliver the document to a device as a WAP push message.

The following table lists the default security roles for different types of metabase entries.

 

Required Role Metabase entries for
Manager role All Configuration Service Provider settings
Mobile Operator role

-or-

Trusted Provisioning Server role

All cellular-specific settings, both voice and Short Message Service (SMS)
User Unauthenticated role One of the following screen and ring tone folder settings:
  • Home screen for Smartphone
  • Today screen for Pocket PC

Also, the corresponding registry keys

 

Note   When you use the Remote API (RAPI)to change registry and file settings, the value of the RAPI Policy determines which role is assigned to the RAPI call. This role is checked against the metabase to determine whether the change is permitted. For more information about RAPI, see Security Policy Settings.

Security roles are assigned to WAP push messages based on the message origin and how the messages are signed. Role assignment and the Unauthenticated Messages and WAP Signed Message policy settings determine whether the Windows Mobile device accepts unsigned and signed WAP push messages. For more information about security policies, see Security Policies.

You sign a WAP push message by adding a parm SEC element to the message. The value determines which security role is assigned to the message, as shown in the following table. For more information about OTA provisioning through WAP push see Provisioning OTA Through a WAP Push.

 

Value Role assignment
NETWPIN Mobile Operator role
USERNETWPIN Mobile Operator and User Authenticated roles
USERPIN User Authenticated role
USERPINMAC User Authenticated role

 

See Also

Provisioning for Windows Mobile Devices | Modifying the Security Policy Provisioning Document | Creating the Provisioning XML for Signed Binary Files | Security Roles

Send feedback on this topic to the authors.

© 2005 Microsoft Corporation. All rights reserved.