Dear Team,
I have problem with ACL in IS. I wrote some services in IS (S1, S2, S3), I want to share them with some consumers (C1, C2, C3), with each consumer I create for them one user.
And I want to make control like this:
C1 only access S1, S2
C2 only access S2, S3
C3 only access S1
So how can I control their accession without create each group for each service ?
Any comment is appreciated!
Hi,
you need to setup as follows:
create 3 Groups (G1, G2, G3), one for each Service (S1 thru S3).
Assign the groups to the matching ACLs and save.
Assign the users to the groups for the services they should be able to call…
In detail:
ACLs with groups:
ACL S1 with Group G1
ACL S2 with Group G2
ACL S3 with Group G3
Group G1 contains user C1 and C3
Group G2 contains user C1 and C2
Group G3 contains user C2
Regards,
Holger
Thanks Holger,
But creating each group for each service I think it’s not good way.
How about if I create each ACL for each service and then assign user/group of consumer to that ACL ?
Have any way to create ACL automatically when creating WSD ?
Hello,
Yes, I would create an ACL for each service or coherent group of services and then add groups of users.
You may choose to place the users on several groups for functional, security or other reasons…
It helps if you create an excel sheet with a matrix of consumers and services, map the required groups and try to find some common patterns.
In the IS you cannot have groups within groups but if are using Central User Management, you have some extra degrees of flexibility you might choose to experiment with.
Hi,
I agree with Gerardo.
That is exaclty the way how we are assigning our external WS consumers to our IS.
Regards,
Holger
Hi,
here is diagram how acls, roles, groups, users are related to each other.
On the left side is the MWS part and on the right side is the IS part.
Regards,
Holger
Thanks all.
These informations really help me resolve this issue.
