Security for web services covers several areas: authentication answers the question who is calling the web service, while authorization answers the question is the caller allowed to call the web service operation. After successful authentication of a web service call, the SOAP runtime checks the authorization of a caller. Only if this check is successful, the request is processed. Otherwise the request is rejected.
Authorizations for web services are granted on an operation level. So assume your service provides two methods: a getData and a storeData method. There are two groups of callers. One group shall be allowed to call the getData operation, while the other group is allowed to call getData and setData. The solution is to set up two different roles and assign role Z_ROLE1 to the operation getData and the role Z_ROLE2 to the operations getData and setData.
h2. Preconditions
1) When using this function, the user must not already have a role assigning S_SERVICE (WS,*) to him; Usually the SAP role SAP_BC_WEBSERVICE_CONSUMER would do that.
2) The web service is called externally, i.e. by a tool such as WSNavigator or XML Spy.
h2. Authorization object
h2. Assigning permission for a ws-operation to a role
When creating a role using transaction PFCG, select the web service operations included in this role by selecting button Other, select Authorization Default Values for Servicesand select the entry with the operation for this service.
h3. !https://weblogs.sdn.sap.com/weblogs/images/36108/pfcg_1.png|height=359|style=float: left;|alt=Create Role|width=395|src=https://weblogs.sdn.sap.com/weblogs/images/36108/pfcg_1.png!Step 1: Create a role in transaction PFCG
h2. * *
* *
**
h2. * *
* *
* *
**
**
**
Step 2: Select "Authorization default value for services"
*Step 3: Select web service and operation name*
**
h2. * **Further Information *
[http://help.sap.com/saphelp_nw70/helpdata/en/2b/07074155bcf26fe10000000a1550b0/frameset.htm | http://help.sap.com/saphelp_nw70/helpdata/en/2b/07074155bcf26fe10000000a1550b0/frameset.htm]