Integration Server 10.3 | Web Services Developer’s Guide | Web Service Authentication and Authorization | Introduction
 
Introduction
At specific points in the execution of a web service descriptor, Integration Server performs authentication and authorization to verify that the user has permission to execute the web service descriptor or one of its associated services. For the web service descriptor and its associated services, this can include checking the execute ACL assigned to the descriptor or service.
*On the consumer and provider sides, Integration Server always performs ACL checking for the web service descriptor.
*On the consumer side, Integration Server performs ACL checking for the web service connector if the connector is a top-level service (one that is invoked directly by a user). If another service invokes the web service connector, Integration Server performs ACL checking only if the Enforce execute ACL option for the web service connector is set to Always.
Integration Server performs ACL checking for handler services, if the service has permissions configured such that the Enforce execute ACL option is set to Always.
*On the provider side, Integration Server performs ACL checking for handler services, endpoint service, or any services called by the endpoint only if the service has permissions configured such that the Enforce execute ACL option is set to Always.