Setting Access Control on Web Service Interface and Web Service Operations |
|
Before you begin this task:
- You must have generated Web service interface and the Web service operations.
- You must have created roles and published them to the organization.
In your application, you may want to restrict the accessibility of some Web service interfaces or Web service operations to certain roles. You can either restrict or grant access to the Web service interface and Web service operations while developing the application. TheSecurityfeature helps you set access control on a Web service interface or Web service operation at design time, where you can quickly determine the accessibility options that suit your application's design.
Access control takes into consideration the hierarchy between Web service interface and Web service operations. This information is passed on to the Access Control Engine that imposes the defined access control. Access control set on a Web service interface extends to all the Web service operations under it. On the contrary, access control set on Web service operation is specific to it and does not apply to the Web service interface. Thus, you can restrict a role from executing a particular Web service operation while allowing them permissions to the entire Web service interface.
- Select one of the following to set access control:
- In Workspace Documents (Explorer), open <solution> > <project> > , right-click (Web service interface) and select Define Runtime Security.
- In Workspace Documents (Explorer), open <solution> > <project> > > , right-click (Web service operation) and select Define Runtime Security. The Security Descriptor window appears, displaying the name of the Web service interface or the Web service operation on its titlebar.
- In the Identities pane, click . The Select Role dialog box appears, displaying the roles that you created.
- Select the role for which you want to set access control. The selected role appears in the Identities pane.
- Select the role, and in the ACL pane select the Grant Permission checkbox against Execute. If the Execute check box is not selected, the role will not have access to that Web service operation. It means, users possessing that role will not be able to perform a task driven by that Web service operation.
- Click . Access control set on that Web service interface or Web service operation is associated with a role.
You have successfully set access control on the Web service interface and Web service operations.
After you complete this task:
- After you set access control on a Web service interface or Web service operation, publish it to run time. To do that, you need to have the role of an Administrator or have administrative privileges.
- To know how to view the access controls set for a particular role/user, see topic Viewing Access Permissions Granted for a Role.