Description:
By default, only the Certificate user and users with the service provider (SP) administrator role can execute web services. This can, however, be changed.
Solution:
The Access Policy for access to the web services may be changed:
Then you can login with a userid with this catalog-role in webservices.
You may also find TEC608587 helpful - "Logging in directly to a sub-domain Business Unit is not possible."
https://support.ca.com/irj/portal/anonymous/kbtech?docid=608587&searchID=TEC608587