on 04-16-2010 11:34 AM
Hi All,
We have created and deployed a few webservices on PI. These webservices need to be accessed by B2B users over the internet. For this we have created a PI userid for each B2B user.
To restrict access of these UserID's, we created a custom role for them with the following UME actions.
i. xi_adapter_soap_helper
ii.xi_adapter_soap_message
Using this role ensures that the B2B UserId's have access to call webservices on PI. However, they do not have access to anything else, for eg:
1) No Access to ESR, ID
2) No Access to RWB
3) No Access to any transactions on SAP GUI.
However, this also means the B2B users can call ALL webservices hosted on PI. Therefore the question:
"Is there a way to restrict each UserId, to have access to a defined list of Webservices on PI, and restrict all others?"
Thanks,
Harsh
PS: We are on PI 7.1 EHP 1
Hi Harsh,
I hope you are doing well 🙂
I know it has been a few years since you wrote this question, but I am now looking to do the same thing and was wondering if you ever found a way of doing it.
I'm on SAP PO 7.5
Thank you for your time!
Greetings, Nick
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Harsh,
According to me, you can create custom role for each webservice which you should check in the code of webservice to authticate the call from the user for the respective role, by this way you should assign the corresponding roles for different services to users as per the requirement.
Regards,
Amit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Harsh,
As you mentioned that you created some custom role by which a B2B user can call webservices deployed on PI server. I am advising to create such unique role for each webservice you deploy on PI server and then in your development of your webservice find out the roles of the userid making the call to webservice.
IF role of userid EQUALS unique role required for webservice to get executed
PROCEED FURTHER
ELSE
THROW EXCEPTION "Authentication Failed"
According to me if your webservices are developed in ABAP environment then implementing above task should be simple.
Regards,
Amit
Hi Amit,
Thanks for your quick responses.
In our case these are PI webservices, based on SOAP sender channels.They are not developed on the ABAP stack.
The actions we've added to the custom role are at the UME level(not ABAP).
Looking forward to your thoughts on, how can this functionality be implemented within the PI framework(sr/esr/id/nwa etc)?
Thanks,
Harsh
Edited by: Harsh Chawla on Apr 16, 2010 5:27 PM
User | Count |
---|---|
81 | |
25 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.