Allow Access to Specified Services (Deny All Others)
When a port is configured to deny by default, Integration Server denies access to most services and provider web service descriptors. Integration Server allows access to the services and provider web service descriptors that you specify.
You can enter services, folders, or provider web service descriptors one at a time. Additionally, you can specify service URIs that are not part of the Integration Server namespace. As an alternative to specifying individual services or folders, you can allow all services and provider web service descriptors associated with a specific Execute ACL. For example, to create a custom Administrator port, you can expose all services or provider web service descriptors protected by the Administrators ACL.
Important: When performing the following procedure, do not log into the server through the port you want to change. The procedure involves temporarily denying access to all services through the port. If you log on through the port you want to change and then deny access to all services through it, you will be locked out of the server. Instead, log on through a different existing port or create a new port to log on through.
To allow access to specified services, folders, and provider web service descriptors
1. Open the Integration Server Administrator if it is not already open.
2. In the Security menu in the Navigation panel, click Ports.
3. Locate the port in the Port List and click the Allow or Deny link in the Access Mode column.
4. Click Set Access Mode to Deny by Default. Integration Server changes the access mode for the port.
5. Click Add Folders and Services to Allow List.
6. To enter the names of services, folders, or provider web service descriptors, on the left side of the screen, under Enter one service or folder per line, type the fully qualified name of the service, folder or provider web service descriptor for which you want to allow access. Press ENTER after each entry.
Note: If you specify a folder, Integration Server allows access to all of the services and provider web service descriptors in the folder.
7. To specify services or provider web service descriptors by selecting from a list of elements associated with an ACL, under Select a set of folders and services on the right side of the screen, do the following:
a. In the Select an ACL list, select the ACL used as the execute ACL for the elements for which you want to allow access.
Integration Server Administrator displays and selects all of the elements that use the selected ACL as the execute ACL.
b. To add all of the selected items to the allow list on the left side of the screen, click Append Selected.
Integration Server appends the selected entries to the existing list.
c. If you do not want to add all of the items to the allow list, deselect the ones you do not want. To deselect multiple items, press the CTRL key while deselecting. To add the remaining items to the list of allowed services for the port, click Append Selected.
Integration Server appends the selected entries to the existing list.
8. Repeat the above steps until you have built the list of services, folders, and provider web service descriptors you want to make available from this port.
9. Click Save Additions.
10. Click Return to Ports to return to the Security > Ports > Edit Access Mode screen.