Description:

By default, only the Certificate user and users with the service provider (SP) administrator role can execute web services. This can, however, be changed.

Solution:

The Access Policy for access to the web services may be changed:

1. Login to the 'CA Service Catalog' application instance in EEM
   
   
2. Select 'Manage Access Policies' tab
   
   
3. Confirm 'Guinode' is selected and select 'Go'
   
   
4. Select the role(s) in which you would like to allow gold brick access
   
   (i.e. ACL_requestmanager_Guinodes for Request Manager role in catalog)
   
   or
   
   (i.e. ACL_catalogenduser_Guinodes for Catalog User role in catalog)
   
   
5. Under 'Add resource' enter 'webservice__all' and select the plus icon
   
   
6. Save your changes.
   
   
7. Recycle the 'catalog service'

Then you can login with a userid with this catalog-role in webservices.

You may also find TEC608587 helpful - "Logging in directly to a sub-domain Business Unit is not possible."

https://support.ca.com/irj/portal/anonymous/kbtech?docid=608587&searchID=TEC608587