Do not want to use admin user, can I impersonate a service account with more limited permissions?
search cancel

Do not want to use admin user, can I impersonate a service account with more limited permissions?

book

Article ID: 258759

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

Is there a way to allow for a service account to call the TEWS SOAP API? 

Environment

Release :

14.4.2

Cause

Use case required a use a regular account with more limited permissions instead of using Admin.

Resolution

Configuration which will allow you to impersonate the imadmin permissions with a regular user.

Access the IM Management Console. \Home\Environments\<your environment (ie., identityEnv)\Advanced Settings\Web Services

Check Enable Admin_ID (Allow impersonations)

Enable admin_id (allow impersonation)

Specifies whether TEWS supports impersonation.

When this option is selected, TEWS uses the admin ID found in the SOAP message sent to the web service to authenticate the request.

When this option is not selected, the ID of the user who generated the request is used to authenticate the request.

This option is ignored when using WSS authentication.

Additional Information

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identi[…]anagement-console-help/web-services-properties-screen.html

Powered by Wolken Software