If a user has View permission on a service and Create Assets permission within their own organization, he or she can virtualize the particular web service. However, the user will not be permitted to configure the processing steps for the service that is virtualized unless he or she also has the Manage Runtime Policies permission for their organization. Only users with Manage Runtime Policies permission can configure these steps. Consider identifying a small group of users who will be responsible for configuring the processing steps for a service, and give this group a role that includes the Manage Runtime Policies permission. Because these users might configure virtualized services that other users have created, they will also need Modify permission on the actual virtualized services. To ensure that these users have access to the virtualized services that they need to configure, consider creating a design/change-time policy that automatically gives this group of users Modify permission on a service when it is virtualized.