on 05-25-2016 6:05 AM
Hi All,
We are providing a Web Service from SAP to be consumed by external applications. Now, we are using a Service Account(SAP User ID and Pwd) for authentication which means that only those credentials will be used to access WSDL and consume the Web Service.
Now, When we are registering the Web Service via SOAMANAGER, we are providing the appropriate User ID and Pwd(Service Account). But,after setting the constraint, the WSDL accepts any valid SAP User ID/Pwd. How to restrict the usage of Web Service internally using UserID and Pwd combination.
I also set the logon data on SICF but its not working.
Thanks
Sahil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Raghu,
I need to set the authentication for only a single valid user id and pwd. I don't want all the users to access the web service.
We have created a specific user only for authentication purposes but i am not able to fix it to that particular user. If i give my id then also it is getting accepted.
Thanks
Sourav
Hello Sahil,
Got it.
Check the below roles and assign to the user who wish to access the WS, Remove it from the other USER IDs.
https://help.sap.com/saphelp_nwce72/helpdata/en/48/5a8d7f5ae007dbe10000000a42189b/content.htm
Hi Raghu,
Thank You very much for the link. It will really help once we have NWCE Setup.
Currently, we only have NW ECC.( Which means SOAMANAGER, SICF etc.)
This time, I will try to be more clear with the issue.
The scenario is:
User A creates a Web Service1.
User B and C should only access the web service1.
Both the Users are valid SAP users.
Now, to solve the issue we created a User XYZ with Password and role SAP_WEBSERVICE_CONSUMER and thought that we will pass the credentials of user XYZ to B and C which will help them access the web service1.
Now, the problem is user M with the same role is also able to access the service.
If we remove the role from User M it won't be able to access other Web Services( Apart from Web Service1)
How, can we ensure that the respective Web Service can only be accessed via:
a) User XYZ user id
b) User XYZ pwd
c) Role: SAP_WEBSERVICE_CONSUMER
Hope, it clarifies the requirement. If you have a better solution to the above issue, it will be even more helpful.
Thanks
Sahil
Hi Raghu,
Thank You very much for the direction.
I found a link, can you kindly advise if this is the correct way to go.
ABAP Web Services - Authorizations - Security and Identity Management - SCN Wiki
Thanks
Sahil
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.