Web Service Permissions
End users can send web service requests and receive web service responses through a web service client. Permissions control the level of access that a user has to a web service.
You can assign permissions to users and groups on the following web service objects:
- •Web service
- •REST web service resource
- •SOAP web service operation
When you assign permissions on a web service object, the user or group inherits the same permissions on all objects that belong to the web service object. For example, you assign a user execute permission on a web service. The user inherits execute permission on web service operations in the web service.
You can deny permissions to users and groups on a web service operation. When you deny permissions, you configure exceptions to the permissions that users and groups might already have. For example, a user has execute permissions on a web service which has three operations. You can deny a user from running one web service operation that belongs to the web service.
Types of Web Service Permissions
An administrator assigns web service permissions to the following types of users and groups:
- •Web service consumer. A native domain user that sends a request to the web service and receives a response from the web service. The user must have execute permission on the web service.
- •Web service administrator. A user that can log into the Administrator, edit the web service properties, and grant permissions to other users.
- •Web service operator. A user that can log into the Administrator, monitor a web service, and start or stop a web service.
An administrator can assign the following permissions to users and groups:
- •Grant permission. Users can manage permissions on the web service objects using the Administrator tool or using the infacmd command line program.
- •Execute permission. Users can send web service requests and receive web service responses.
The following table describes the permissions for each SOAP web service object:
Object | Grant Permission | Execute Permission |
|---|
SOAP Web service | Grant and revoke permission on the web service and all web service operations within the web service. | Send web service requests and receive web service responses from all web service operations within the web service. |
SOAP Web service operation | Grant, revoke, and deny permission on the web service operation. | Send web service requests and receive web service responses from the web service operation. |
The following table describes the permissions for each REST web service object:
Object | Grant Permission | Execute Permission |
|---|
REST web service | Grant and revoke permission on the REST web service and all web service resources within the web service. | Send web service requests and receive web service responses from all web service resources in the REST web service. |
REST resource | Grant, revoke, and deny permission the REST web service resource. | Send web service requests and receive web service responses from the REST web service resource. |
Assigning Permissions on a Web Service
When you assign permissions on a web service object, you define the level of access a user or group has to the object.
1. On the Manage tab, select the Services and Nodes view.
2. In the Navigator, select a Data Integration Service.
3. In the contents panel, select the Applications view.
4. Select the web service object.
5. In the details panel, select the Group Permissions or User Permissions view.
6. Click the Assign Permission button.
The Assign Permissions dialog box displays all users or groups that do not have permission on the SQL data service object.
7. Enter the filter conditions to search for users and groups, and click the Filter button.
8. Select a user or group, and click Next.
9. Select Allow for each permission type that you want to assign.
10. Click Finish.
Viewing Permission Details on a Web Service
When you view permission details, you can view the origin of effective permissions.
1. On the Manage tab, select the Services and Nodes view.
2. In the Navigator, select a Data Integration Service.
3. In the contents panel, select the Applications view.
4. Select the web service object.
5. In the details panel, select the Group Permissions or User Permissions view.
6. Enter the filter conditions to search for users and groups, and click the Filter button.
7. Select a user or group and click the View Permission Details button.
The Permission Details dialog box appears. The dialog box displays direct permissions assigned to the user or group, direct permissions assigned to parent groups, and permissions inherited from parent objects. In addition, permission details display whether the user or group is assigned the Administrator role which bypasses permission checking.
8. Click Close.
9. Or, click Edit Permissions to edit direct permissions.
Editing Permissions on a Web Service
You can edit direct permissions on a web service for a user or group. When you edit permissions on a web service object, you can deny permissions on the object. You cannot revoke inherited permissions or your own permissions.
Note: If you revoke direct permission on an object, the user or group might still inherit permission from a parent group or object.
1. On the Manage tab, select the Services and Nodes view.
2. In the Navigator, select a Data Integration Service.
3. In the contents panel, select the Applications view.
4. Select the web service object.
5. In the details panel, select the Group Permissions or User Permissionsview.
6. Enter the filter conditions to search for users and groups, and click the Filter button.
7. Select a user or group and click the Edit Direct Permissions button.
The Edit Direct Permissions dialog box appears.
8. Choose to allow or revoke permissions.
- - Select Allow to assign a permission.
- - Select Deny to deny a permission on a web service object.
- - Clear Allow to revoke a single permission.
- - Select Revoke to revoke all permissions.
You can view whether the permission is directly assigned or inherited by clicking View Permission Details.
9. Click OK.