Update web-services.md with restriction profile support #45
Description
Context
SPE 9.0 adds a profile attribute to service configuration (#1426 in Console repo). The existing web-services.md page needs updating to reflect this.
Changes Needed
Service Configuration Section
Update the XML examples to show the new profile attribute:
<services>
<remoting enabled="false" profile="unrestricted" />
<!-- other services -->
</services>Remoting Service Section
- Document the
profileattribute and its effect on language mode/command restrictions - Explain that the profile applies to all requests through that service unless overridden by JWT scope or API Key
- Update the "Securing Remoting Service" config examples to include profile assignment:
<remoting>
<patch:attribute name="enabled">true</patch:attribute>
<patch:attribute name="profile">read-only</patch:attribute>
<patch:attribute name="requireSecureConnection">true</patch:attribute>
</remoting>New Configuration Examples
Add a "Secured Remoting" example showing profile + HTTPS + authorization together:
<remoting>
<patch:attribute name="enabled">true</patch:attribute>
<patch:attribute name="profile">read-only</patch:attribute>
<patch:attribute name="requireSecureConnection">true</patch:attribute>
<authorization>
<add Permission="Allow" IdentityType="Role" Identity="sitecore\PowerShell Extensions Remoting" />
</authorization>
</remoting>Profile Resolution Note
Add a note explaining profile resolution order:
- JWT scope claim (highest precedence)
- API Key profile
- Service-level profile attribute
- Default
unrestricted
Cross-References
- Link to new restriction-profiles.md page
- Link to new api-keys.md page
Related
- Depends on Console repo feature/clm branch (#1426)
- Depends on: Add Restriction Profiles page (security/restriction-profiles.md) #41 (restriction profiles page)