CA Service Management

  • 1.  Web service Method's restriction

    Posted 05-24-2016 06:37 AM



    We should open our webservice access to an account to create change orders in Service desk, i have given access to the SOAP webservices but i want to restrict them to use only the method used for creating the ticket.


    Could any one suggest how to restrict the users or how to open only few methods in soap.




  • 2.  Re: Web service Method's restriction

    Posted 05-24-2016 06:39 AM

    One way of restricting this is to use the impersonate a user with much lower access. Check the webservices documentation, you should get info on the impersonate webservice method.

  • 3.  Re: Web service Method's restriction

    Broadcom Employee
    Posted 05-24-2016 12:05 PM

    Hi Sharath,


    I think you can use the soap method 'impersonate()' method to impersonate with following two parameters i.e


    SID - Integer - Identifies the session retrieved from logging in.

    username - String - (Required) Identifies the user name of the user being impersonated.




    Invoking this method is allowed only if the current web services session is started by using the PKI access authentication scheme and the access policy is defined to allow impersonation.

  • 4.  Re: Web service Method's restriction

    Posted 05-26-2016 08:03 AM

    Hi Kusma,


    How the Impersonate will help to construct the restiction on few web services like createcontact only


    could you please explain little more.



  • 5.  Re: Web service Method's restriction

    Posted 05-26-2016 11:36 AM

    First, the user you impersonate will have an Access Type.


    On the Administration tab, under Security and Role Management, Access Types, view that Access Type

    On tab 3. Roles of the Access Type you will see "REST Web Service API Role".


    On the Administration tab, under Security and Role Management, Role Management, Role List, view that Role.

    On tab 1. Additional Information, sub-tab 2. Function Access, modify the Function Access you want for that Role.

  • 6.  Re: Web service Method's restriction

    Posted 05-27-2016 08:40 AM



    You need some admin access in order to be able to use the impersonate method.

    This method is to be used by an admin that would like to perform some actions in the context of that "impersonated" user vs.applying security.


    To apply security for that contact using web services you will create a specific functional access / data partition / roles and apply this role to the corresponding or newly created access type for the web service you want to use (SOAP and/or REST).

    When the contact login to the web service with the credentials linked to this access type then your security will be applied exactly the same that in the web interface.


    For SOAP, You may also want to increase security around the authentication itself you may also use key and exchange certificate  vs. using basic authentication and will then set this contact as the proxy contact of your corresponding policy.


    All this is documented in the implementation guide and coding examples are available in the samples/sdk folder.


    Hope this help/clarify