cancel
Showing results for 
Search instead for 
Did you mean: 

Setting Role Based Authorization for Operation Specific Web Services in PFCG

Former Member
0 Kudos

Hi Experts,

I am facing an issue setting up authorizations to restrict the usage of a Web Service only to a specific group of users.

Now, the steps i followed :

a) Create a Web Service

b) Create an Endpoint

c) In PFCG, Created a role ZROLE1, Added the Web Service Operation as an Authorization Default value( As mentioned in this ABAP Web Services - Authorizations - Security and Identity Management - SCN Wiki)

d) Added SAP user id, USER1 to ZROLE1.

Now, From external systems, lets say SOAPUI,

Whenever, i am accessing the Web Service and passing the credentials of USER1, it is accepting and everything is working fine.

But, whenever i am passing credentials of another SAP User, lets say USER2 who is not associated with that role, it is also able to access that web service.

Kindly, help me out in this. Or, if any one can suggest a better alternative to this problem.

Thanks

Sahil

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member198833
Active Participant
0 Kudos

Hi Sahil,

Please read the following documentation: Defining Operation-Specific Security Authorizations for Web Services - Security Guide Web Services (...

Be aware that users with role SAP_BC_WEBSERVICE_CONSUMER have permission to call all Web services.

Regards,

Felipe