cancel
Showing results for 
Search instead for 
Did you mean: 

Restricting Access to Defined List of Webservices on PI

HarshC
Active Participant
0 Kudos

Hi All,

We have created and deployed a few webservices on PI. These webservices need to be accessed by B2B users over the internet. For this we have created a PI userid for each B2B user.

To restrict access of these UserID's, we created a custom role for them with the following UME actions.

i. xi_adapter_soap_helper

ii.xi_adapter_soap_message

Using this role ensures that the B2B UserId's have access to call webservices on PI. However, they do not have access to anything else, for eg:

1) No Access to ESR, ID

2) No Access to RWB

3) No Access to any transactions on SAP GUI.

However, this also means the B2B users can call ALL webservices hosted on PI. Therefore the question:

"Is there a way to restrict each UserId, to have access to a defined list of Webservices on PI, and restrict all others?"

Thanks,

Harsh

PS: We are on PI 7.1 EHP 1

Accepted Solutions (0)

Answers (2)

Answers (2)

0 Kudos

Hi Harsh,

I hope you are doing well 🙂

I know it has been a few years since you wrote this question, but I am now looking to do the same thing and was wondering if you ever found a way of doing it.

I'm on SAP PO 7.5

Thank you for your time!

Greetings, Nick

Former Member
0 Kudos

Harsh,

According to me, you can create custom role for each webservice which you should check in the code of webservice to authticate the call from the user for the respective role, by this way you should assign the corresponding roles for different services to users as per the requirement.

Regards,

Amit

HarshC
Active Participant
0 Kudos

Hi Amit,

Can you share some document on how do we go about implementing this?

Thanks,

Harsh

Former Member
0 Kudos

Harsh,

As you mentioned that you created some custom role by which a B2B user can call webservices deployed on PI server. I am advising to create such unique role for each webservice you deploy on PI server and then in your development of your webservice find out the roles of the userid making the call to webservice.

IF role of userid EQUALS unique role required for webservice to get executed

PROCEED FURTHER

ELSE 

THROW EXCEPTION "Authentication Failed"

According to me if your webservices are developed in ABAP environment then implementing above task should be simple.

Regards,

Amit

HarshC
Active Participant
0 Kudos

Hi Amit,

Thanks for your quick responses.

In our case these are PI webservices, based on SOAP sender channels.They are not developed on the ABAP stack.

The actions we've added to the custom role are at the UME level(not ABAP).

Looking forward to your thoughts on, how can this functionality be implemented within the PI framework(sr/esr/id/nwa etc)?

Thanks,

Harsh

Edited by: Harsh Chawla on Apr 16, 2010 5:27 PM