Hi All!
We have recently installed fix IS_9.7_Core_Fix18 and found out that some invocations suddenly stop working (Access denied to WSD).
Here is an example:
Client calls WS on IS using SOAP, then serivces are executed:
external client → WSD → service A → service B → service C → connectorX (generated from another WSD) → WSDX .
On calling connectorX (wchich internally calls WSDX) we got access denied. I looked into fix note and found that:
"PIE-34925 (IS_9.7_Core_Fix7)
When executing a web service connector, Integration Server does
not check the Execute ACL of the parent consumer web service
descriptor.
When executing a web service connector contained in a consumer
web service descriptor that has a Pre-8.2 compatibility mode
value of false, Integration Server did not check the Execute
ACL of the consumer web service descriptor. The documented
behavior is to always verify the Execute ACL for a web service
descriptor, but it was not being done.
Now, when executing a web service connector, Integration Server
checks the Execute ACL of the parent consumer web service
descriptor.
Note: If you do not want Integration Server to check the Execute
ACL of the consumer web service descriptor when executing a web
service connector, set the Execute ACL property of the parent
web service descriptor to anonymous."
The bold part explains a workaround. The issue is this workaround forces us to make changes in every descriptor on IS.
Also changing ALC to Anonymous gives permissions to this descriptor which is not desirable. Can someone please provide solution to this problem?
Seems “When top-level service only” is missing in descriptor “Permissions” options, similar like in the service permissions.