How do I control access to services?
WebMethods provides an easy way to apply security settings to your services. This FAQ looks at how service execution can be secured.
In this example we are assuming there are 3 users, user1, user2 and user3 who need privileges to execute a service. These users are external partners and should not have any other privileges on the system.
- Create a group for the new users.
- Place the users in the new group.
Next, you will want to give permissions for these users to execute services as well as retaining permission for the default groups such as Developers and Administrators.
- On the Integration Server Administration console, click on ACLs under Security.
- Click on the link to Add and Remove ACLs.
- Give your ACL a name, add it.
- On the access control lists screen, bring up your ACL and choose the groups allowed by your ACL. This should be the group you created for the new users and Developers & Administrators at the very least. This ACL will define Allow permissions for all users covered in the groups listed under Allow.
- Finally, in developer change the service Execute ACL property to the ACL you just created.
- Test user1 account, you will see that they can invoke the service but they won't be able to log into Administrator, Developer or any of the other tools.
- Test that Administrator and Developers can execute the service too.