Do not want to use admin user, can I impersonate a service account with more limited permissions?
Article ID: 258759
CA Identity Manager
Is there a way to allow for a service account to call the TEWS SOAP API?
Use case required a use a regular account with more limited permissions instead of using Admin.
Configuration which will allow you to impersonate the imadmin permissions with a regular user.
Access the IM Management Console. \Home\Environments\<your environment (ie., identityEnv)\Advanced Settings\Web Services
Check Enable Admin_ID (Allow impersonations)
Enable admin_id (allow impersonation)
Specifies whether TEWS supports impersonation.
When this option is selected, TEWS uses the admin ID found in the SOAP message sent to the web service to authenticate the request.
When this option is not selected, the ID of the user who generated the request is used to authenticate the request.
This option is ignored when using WSS authentication.