Question regarding using ACL's

Hi All,

I am trying to implement an execute ACL for a flow service (‘flowService123’)

I followed the procedure as stated below

  1. Created an ACL ‘XYZ’
  2. Created an user group ‘ABC’
  3. Created an user ‘myUser’ and pwd for ‘myUser’
  4. Associated ‘myUser’ to group ‘ABC’
  5. Associated group ‘ABC’ to ACL ‘XYZ’
  6. User (HTTP Client) invoked a flow service ‘flowService123’ using ‘myUser’ (I changed the excecute ACL of ‘flowService123’ to ‘XYZ’)
  7. Other ACL’s like Read, Write etc are ‘(default)’
  8. My flow service ‘flowService123’ contains
    i. pub.xmlNodeToDocument
    ii. pub.etc


My flow service ‘flowService123’ is being invoked (I checked Audit logs) but failed at step i (pub.xmlNodeToDocument)

I am I missing anything???

Thanks in adavance



What is the error? Why do you think it has something to do with the ACL of the service?



If u share u’r error log we get a better idea whether its your ACL’s or your flow service


Mark and Jeevan,

Thanks for your replies, When I tried invoking the ‘flowService123’ by setting execute ACL = ‘anonymous’ it’s working without any problem.

Thanks in advance



What is the reason you changed the default flow service ACL?

Ofcourse Anonymous ACL will work charm…


What. Is. The. Error. Message. ?

Hi All,

Thanks, I just got it working without doing any change to the above mentioned mehtod. I did posted using webMethods http client (different IS). I need to test with the actual http client…hope it will work.

Thanks & Regards

I know this is an old post, still this is the best post i could find to post to.

MARK really looking forward for a reply from you.


GOAL: I want to achieve basic authentication for my flow service which has an HTML content in its output template.

Problem: Some times i see an expected “Not authorized Page” and some times I don’t.

USE CASE: I have configured my IS with a testACL which is assigned to test testGrp which has a test_user assigned to it successfully.

The ACL has testGRP in its allowed list only and the access mode is configured to “Deny by Default” which is set on port number 8000 for HTTPS connection.

This port was configured using a self signed certificate and the application used was openSSL.

Now when i invoke the service from IE6, first i get some messages about the server certificates to be send to and verify the server self signed certificate, after clicking on “Yes” that is i accept the certificate, i see a dialog box asking me for user name and password. Up till here its all working as expected.

Now when i see the Username/password dialog box and i click on cancel button directly without providing any credentials, i see the output of my flow service (The HTML content of it defined in output template).

The testACL has been assigned to this flow service with all the possible combinations of read, write, always check acl etc. still i see the HTML PAGE.

Cause Of Problem: By doing some more R&D on this, i could figure out the problem causing this.

In my html code defined in output template of the flow service, if i remove the table tags or some more html content from the tag of the output template, i can see a “Not authorized to view” page but whn i put my formatted tables and stuff in the body tag…i can see the output of my flow service.

this behaviour is strange and i coundt find much related to it on net so guys please help me out here.


also i would like to add one more info.

On the server Security logs, i always see a “Access Denied. No permissions to invoke service Services:test on Port HTTPSListener@8000.” no matter what if i see a “Not authorized page” or not.


I have the similar issue with my html template. I set the service acl set to Anonymous and did the same in .access file (I know this is not needed for html templates and only needed for dsp pages).When it’s invoked by a url through browser it’s asking for credentials. But this is happening once in 100 times. We have RI environment.

I don’t think changing the table tags in html template will change this behavier as Shobhit saying.

Is there any who have faced this and resolved?

Any advise please.

Hi all,

I’m experiencing a problem similar to shobhit’s. We have IS 7.1.2 installed here.

I have UserA assigned to NTGroupA which belongs to ACL123. I set ‘Execute ACL’ on my flow to ACL123 and ‘Enforce Execute ACL’ to Always. When I use Basic Authentication to call the web service and pass in the proper credentials (UserA), I am able to execute my service successfully, but I always see the message ‘ [ISS.0084.9004] Access Denied’ in the server log. If I change ‘Enforce Execute ACL’ to Top-Level Service Only, no error is logged in the server logs and I am still able to execute the service successfully.

I contacted wM support and sent them my logs, but they have no idea why this happens. Has anyone come across this before? Does anyone know the cause of the message?

Thanks in advance!