Giving access to Integration Server (by not giving a role of Administrator)

My question seems, maybe, to be stupid but I’m looking for solution without success.
I’m trying to give access to a LDAP user tu execute a flow service of a package by Integration Server. So I wrote a ACL (we called it flowService1Execute ACL) and I change the properties of my flowService1 to allow ACL flowService1Execute to execute the flow service).
After that I assigned my LDAP group for this ACL in Allowed Group button (I changes local in central in drop down list and after searching my LDAP group and press GO Button I see and give the assignation for my LDAP group. I supposed it works because my MWS LDAP is correctly configured and my IS pool is correctly Binding with MWS pool).

So I gave right for this LDAP group.
But when I test connection for a LDAP user of this LDAP group, it seems I can not connect to Integration Server. Unless I assigned my LDAP group to Administrator ACL which is not I want.

Anyone can help me ?

Hi Vital,

Please check the following:
Database Pool “CentralUsers” needs to point to the MWS pool.
ACL is defined in IntegrationServer and aasigned to the “Execute ACL” property of your service.
Assign the LDAP Group to the “Allow” list in the ACL and save it.

User(s) will be able to execute the service via Designer or by directly callling a link similar to this one:

But user will not have access to the IS Admin UI pages.

If this not helping please provide the exact error message(s) as well as a more detailed description how you are trying to connect to the IntegrationServer.


In Fact I want to give him access to IS Admin without giving him Admin role

HI Vital,

please search the forums “IS Admin Read Only” or “Read Only IS Admin”.

This feature has been discussed several times meanwhile.

Additionally check in Brainstorm for the appropriate Feature Request and if there is none create a new one.


Im looking for post u suggest me to glance but it seem’s to use IS with no user and pwd and just access in read only mode.
It is not what I want. I juste want a user which exist in LDAP but which can use Integration Server only for execute one flow service

Hi Vital,

I am not sure if this is possible.

URL to be invoked:

You will have to modify the .access file under WmRoot/pub dirrectory to grant access for your custom ACL to WmRoot/service-test.dsp.
In this case your user will only have access to this single page.
Remember to backup the original file and be aware to check it after applying Fixes for IS_Core.

In this case I would prefer the variant I have outlined earlier.

But let´s see if some other members have additional ideas.