This section describes how to use roles to limit access to Web services and to methods/operations within a Web service.
When you add a role to a Web service or Web service operation, only the allowed users, groups, or digital IDs have access to that resource.
Adding a role to a Web service
Expand the Web service collection.
Expand the Web service.
Right-click Roles and then select Add role.
Select a role from the list of defined roles that meets the security needs of the Web service and click OK. EAServer comes with predefined roles. For example, the “everybody” role allows unlimited access to authenticated users.
Adding a role to a Web service operation
You can further restrict access to a Web service by assigning roles at the Web service operation/method level. For example, you could add the “everybody” role to the Web service, which allows unrestricted access to the Web service, but assign a more restrictive role to those operations that require additional restrictions.
Expand the Web service collection.
Expand the Web service.
Expand the Operations icon.
Expand the operation to which you are adding a role.
Right-click Roles and then select Add role.
Select a role from the list of defined roles that meets the security needs of the Web service operation and click OK.
If you do not assign a role to a Web service or operation, you do not need to provide a user name or password to invoke them. If you do assign a role to the Web service or the operation, you need to provide a valid user name and password for a user within the assigned role.
