Integration Server 10.11 | Integration Server Administrator's Guide | Controlling Access to Resources | Overview
 
Overview
When the server receives a client’s request to access a service, the server performs a number of checks to make sure the client is allowed to access the service. The server performs the following checks, in the order shown below. The client must pass all checks to access the service:
1. Does the port allow connections from this client’s IP address?
The server checks allow/deny lists of IP addresses that are allowed to connect to the server through this port. If the port is an Enterprise Gateway external port and the server is licensed for webMethods Enterprise Gateway, the server also checks the Enterprise Gateway deny list. If the IP address is allowed, the server performs the next test. Otherwise, the server rejects the request.
2. Is the requested service available from this port?
The server checks allow/deny lists of services that the server makes available for execution from this port. If the service is available from this port, the server performs the next test. Otherwise the server rejects the request. The server performs this test for requests to execute services. It does not perform this test for requests for list, read, or write access to services.
3. Is the requested service blacklisted?
The server checks the service blacklist which identifies services for which invocation is blocked for all users. If the service is on the blacklist, the server denies access to the service and rejects the request. If the service is not on the blacklist, the server performs the next test.
4. Is the requesting user allowed to access this service?
The server checks the user name associated with the request against the appropriate access control list (ACL) associated with the service.
The server checks the user name against the List, Read, Write, or Execute ACL associated with the service. If the user belongs to a group that is listed in the ACL, the server accepts the request. Otherwise the server rejects the request.
You can configure these settings using the Integration Server Administrator.
*To limit IP addresses that connect to a port see Restricting IP Addresses that Can Connect to a Port below.
*To limit the services available from a port see Restricting the Services or Web Service Descriptors Available from a Port.
*To add services to a blacklist, see Adding Services to a Blacklist
*To use access control lists to control which users can access an element see Controlling Access to Resources with ACLs.