Hi Experts,
I am facing an issue setting up authorizations to restrict the usage of a Web Service only to a specific group of users.
Now, the steps i followed :
a) Create a Web Service
b) Create an Endpoint
c) In PFCG, Created a role ZROLE1, Added the Web Service Operation as an Authorization Default value( As mentioned in this ABAP Web Services - Authorizations - Security and Identity Management - SCN Wiki)
d) Added SAP user id, USER1 to ZROLE1.
Now, From external systems, lets say SOAPUI,
Whenever, i am accessing the Web Service and passing the credentials of USER1, it is accepting and everything is working fine.
But, whenever i am passing credentials of another SAP User, lets say USER2 who is not associated with that role, it is also able to access that web service.
Kindly, help me out in this. Or, if any one can suggest a better alternative to this problem.
Thanks
Sahil