Integration Server 10.3 | Integration Server Administrator's Guide | Controlling Access to Resources | Controlling Access to Resources with ACLs | When Does the Server Perform ACL Checking?
 
When Does the Server Perform ACL Checking?
The Integration Server checks ACLs when:
*A client or a DSP invokes a service that resides on the Integration Server. A client can be a browser user, another Integration Server, an IS client (using the IS client API), or a custom HTTP client.
*You are using Designer to access (list, create, update, see the source of, delete, or change the ACL assignments of) an element.
*You are using the IS\x11 Administrator and you try to list or change the ACL assignment of an element.
By default, the Integration Server performs ACL checking against externally invoked services only. Externally invoked services are those that are directly invoked by a client or DSP. You can, however, configure a service to have its ACL checked even if it is internally invoked, that is, invoked by another service running on the Integration Server.
To direct the server to check the execute ACL for a service even when the service is invoked internally, use Designer to set the Enforce Execute ACL property to Always. See webMethods Service Development Help for more information.