By default, only the Certificate user and users with the service provider (SP) administrator role can execute web services. This can, however, be changed.
The Access Policy for access to the web services may be changed:
Then you can login with a userid with this catalog-role in webservices.
You may also find TEC608587 helpful - "Logging in directly to a sub-domain Business Unit is not possible."
Release: CASVCT99000-12.9-Service Catalog