The service capabilities reflect optional functionality of a service. The information is static and does not change during device operation. The following capabilities are available: The maximum number of entries returned by a single Get<Entity>List or Get<Entity> request. The device shall never return more than this number of entities in a single response. Indicates the maximum number of access profiles supported by the device. Indicates the maximum number of access policies per access profile supported by the device. Indicates whether or not several access policies can refer to the same access point in an access profile. The access policy is an association of an access point and a schedule. It defines when an access point can be accessed using an access profile which contains this access policy. If an access profile contains several access policies specifying different schedules for the same access point will result in a union of the schedules. Reference to the schedule used by the access policy Reference to the entity used by the rule engine, the entity type may be specified by the optional EntityType field explained below but is typically an access point. Optional entity type; if missing, an access point type as defined by the ONVIF Access Control service should be assumed. This can also be represented by the QName value “tac:AccessPoint” where tac is the namespace of Access Control Service Specification. This field is provided for future extensions; it will allow an access policy being extended to cover entity types other than access points as well. The AccessProfileInfo structure contains basic information about an access profile. The device shall provide the following fields for each AccessProfileInfo. A user readable name. It shall be up to 64 characters. User readable description for the access profile. It shall be up to 1024 characters. The access profile structure contains information about the collection of access policies. The device shall include all properties of the AccessProfileInfo structure and also a list of access policies. A list of access policy structures, where each access policy defines during which schedule an access point can be accessed. The capability response message contains the requested access rules service capabilities using a hierarchical XML capability structure. Tokens of AccessProfileInfo items to get. List of AccessProfileInfo items. Maximum number of entries to return. If not specified, less than one or higher than what the device supports, the number of items is determined by the device. Start returning entries from this start reference. If not specified, entries shall start from the beginning of the dataset. StartReference to use in next call to get the following items. If absent, no more items to get. List of AccessProfileInfo items. Tokens of AccessProfile items to get. List of Access Profile items. Maximum number of entries to return. If not specified, less than one or higher than what the device supports, the number of items is determined by the device. Start returning entries from this start reference. If not specified, entries shall start from the beginning of the dataset. StartReference to use in next call to get the following items. If absent, no more items to get. List of Access Profile items. The AccessProfile to create. The Token of created AccessProfile. The details of Access Profile The token of the access profile to delete. This operation returns the capabilities of the access rules service. This operation requests a list of AccessProfileInfo items matching the given tokens. The device shall ignore tokens it cannot resolve and shall return an empty list if there are no items matching specified tokens. The device shall not return a fault in this case. If the number of requested items is greater than MaxLimit, a TooManyItems fault shall be returned. This operation requests a list of all of AccessProfileInfo items provided by the device. A call to this method shall return a StartReference when not all data is returned and more data is available. The reference shall be valid for retrieving the next set of data. Please refer Access Control Service Specification for more details. The number of items returned shall not be greater than Limit parameter. This operation returns the specified access profile item matching the given tokens. The device shall ignore tokens it cannot resolve and shall return an empty list if there are no items matching specified tokens. The device shall not return a fault in this case. This operation requests a list of all of access profile items provided by the device. A call to this method shall return a StartReference when not all data is returned and more data is available. The reference shall be valid for retrieving the next set of data. Please refer Access Control Service Specification for more details. The number of items returned shall not be greater the Limit parameter. This operation creates the specified access profile. The token field of the access profile shall be empty, the service shall allocate a token for the access profile. The allocated token shall be returned in the response. If the client sends any value in the token field, the device shall return InvalidArgVal as generic fault code. In an access profile, if several access policies specifying different schedules for the same access point will result in a union of the schedule. This operation will modify the access profile for the specified access profile token. If several access policies specifying different schedules for the same access point will result in a union of the schedule. If the device could not store the access profile information then a fault will be generated. This operation will delete the specified access profile. If it is associated with one or more entities some devices may not be able to delete the access profile, and consequently a ReferenceInUse fault shall be generated. If the access profile is deleted, all access policies associated to the access profile will also be deleted.