Configuring ACL for Web Service Interfaces and Operations

This topic describes the procedure to set ACLs for Web service interfaces and operations.

You can configure the access control settings on Web service operations to restrict the user from invoking the Web service interface or operation. Such a restriction will control the execution rights of a user over the Web service. You can set ACL permissions for Web service interfaces and Web service operations from the Web Service Interface Explorer. Setting security permissions on Web service interface or operation enables access controls on the namespaces associated with them.
Note: These ACL settings are the run-time modifications and they override the ACLs set during design-time.

1. On the Web Service Interface Explorer, search for the Web service interface or Web service operation you intend to secure. The names of the Web service interfaces or Web service operations are displayed in the Search Results group box.
2. Right-click a Web service interface or Web service operation and select Properties. The Web Service Interface Properties - <Name of the Web Service Interface> dialog box appears. This dialog box displays the Web service interfaces and their operations in corresponding App palettes.
3. Do one of the following:

   To configure ACL on	Procedure
   Web service Interface	In the Web Service Interface App Palette, click and select Security.
   Web service Operation	In the Web Service Operation App Palette, right-click an operation and select Security.

   The Security dialog box appears, displaying a list of users and roles to which ACL has been set.

4. Click Add to set access controls for a new user or role. The Organizational Users / Roles dialog box appears, displaying a list of users or roles.
   Note: While invoking a Web service interface or operation, the ACLs configured at User level are considered (take higher priority than ACLs at Role level) instead of roles.
5. Select a user or role and click OK. The selected roles or users are populated in the Security dialog box.
   Note: To block access to a Web service, clear the Allow check box against a user or role.
6. To remove the ACLs associated with a user or role, select the required user or role and click the Remove button.
7. Click Apply.
8. Click OK.
   
   The ACL is configured for a Web service interface or Web service operation.