CA Service Management

Dear team,

We are trying to make Web service API's available to all users using Service Catalog. We require this as part of integration with another tool.

Recently we have upgraded to 14.1 of Service Catalog.

Below are the steps suggested to make web services available to all in Service Catalog 12.7.

1) Login to the 'CA Service Catalog' application instance in EEM

2) Select 'Manage Access Policies' tab

3) Search for 'ACL_requestmanager' policy

> Enter it in the 'Name' field and click Go

4) Open the policy by clicking on it

(i.e. ACL_requestmanager for Request Manager role in catalog)

or

(i.e. ACL_catalogenduser for Catalog User role in catalog)

5) Under 'Add resource' enter ‘usm_webservice__all’ and select the plus icon

6) Save your changes.

7) Recycle the 'Catalog service'

In 14.1, the 'ACL_requestmanager' and 'ACL_catalogenduser' policy has been renamed to 'ACL_requestmanager_guinode' and 'ACL_catalogenduser_guinode'. However, we are not able to find the resource, "usm_webservice__all"

Please suggest if the name has been changed for that also or if there are any additional steps to be followed to make Web services available Request Manager and Catalog Users.

Thank you,

Divya Arunachalam

 
Good Morning Divya Arunachalam.
 
Indeed, by default, it is only the Certificate user and users with the service provider (SP) administrator role can execute web services.
And in EEM setting(s) you can change that. This is how to proceed:
 
1) Login to the 'Service Catalog' application instance in EEM
2) Select 'Manage Access Policies' tab
3) In the left-hand-tree, click 'Guinode'
4) In the right-hand-pane, open the role(click on it) in which you would like to allow the web services access
(i.e. ACL_requestmanager_Guinodes for Request Manager role in Catalog)
or
(i.e. ACL_catalogenduserr_Guinodes for Catalog User role in Catalog)
5) On the policies page, in section 'Access Policy Configuration'/'Resources' in the field 'Add resource',
enter/type 'usm_webservice__all' and hit the plus(+) icon to add the resource to the list
 
6) Hit the 'Save'-button, to save your changes.
7) Recycle the 'CA Service Catalog' service
 
Then you should be able to login with a userid-with-this-catalog-role in webservices.
 
Thanks and kind regards, Louis.

Hi Louis,

We tried the same using SOAP UI, however receiving error as "User does not have access to read web services"

Hi Divya Arunachalam.

After I tested this locally for you, it appears that you need to: "Recycle the 'CA Service Catalog' service".

And then my SOAPUI-Login works for catuser1, reqmgr1 and enduser1 roles.

Thanks and kind regards, Louis.

Hi Louis,

Thank you for your guidance.

I did recycle the "CA Service Catalog" service and "CA Service View" service after performing the changes.

After that only we received the error mentioned in screenshot above.

Also, I tried checking "usm_webservice__all" in CA folder on the server where Catalog was installed. I couldn't find any result.

Thank you,

Divya Arunachalam

Good Afternoon Divya Arunachalam.
 
Please double check you enter the correct information and settings in the EEM-UI.
As this then works for me on my local server, running SC R14.1 release.
 
1) Login to the 'Service Catalog' application instance in EEM
2) Select 'Manage Access Policies' tab
3) In the left-hand-tree, click 'Guinode'
4) In the right-hand-pane, open the role(click on it) in which you would like to allow the web services access
(i.e. ACL_requestmanager_Guinodes for Request Manager role in Catalog)
or
(i.e. ACL_catalogenduserr_Guinodes for Catalog User role in Catalog)
5) On the policies page, in section 'Access Policy Configuration'/'Resources' in the field 'Add resource',
enter/type 'usm_webservice__all' and hit the plus(+) icon to add the resource to the list
 
6) Hit the 'Save'-button, to save your changes.
7) Recycle the 'CA Service Catalog' service
 
Then you should be able to login with a userid-with-this-catalog-role through the SOAPUI>Login wsdl.
Which is what then worked for me locally.
 
What is the error you see/get in the SOAPUI?
 
Thanks in advance and kind regards, Louis.

Good Afternoon again, Divya Arunachalam.
 
Renewed tests show me the following.
Which I cannot explain since I got a session_id returned in my previous tests.
 
WSDL:
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://services.soap.usm.ca.com">
   <soapenv:Header/>
   <soapenv:Body>
      <ser:logIn soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
         <userID xsi:type="xsd:string">reqmgr1</userID>
         <password xsi:type="xsd:string">spadmin</password>
         <businessunit xsi:type="xsd:string">SM141</businessunit>
      </ser:logIn>
   </soapenv:Body>
</soapenv:Envelope>
 
Result:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <soapenv:Body>
      <soapenv:Fault>
         <faultcode>soapenv:Server.generalException</faultcode>
         <faultstring>User does not have access to read web services</faultstring>
         <detail>
            <ns1:exceptionName xmlns:ns1="com.ca.usm.soap.axisInterfaces.WebServiceException</ns1:exceptionName" rel="nofollow" target="_blank">http://xml.apache.org/axis/">com.ca.usm.soap.axisInterfaces.WebServiceException</ns1:exceptionName>
            <ns2:hostname xmlns:ns2="WINx64</ns2:hostname" rel="nofollow" target="_blank">http://xml.apache.org/axis/">WINx64</ns2:hostname>
         </detail>
      </soapenv:Fault>
   </soapenv:Body>
</soapenv:Envelope>
 
Restart CA Service Catalog service:
Result:
         <faultstring>User does not have access to read web services</faultstring>
 
Sofar I can not find an answer and/or solution for you.
 
Next step then is to open a standard Support Case for follow-up/analysis and a solution.
Unless some one else int he community has an answer/solution already available for you (and me :-) ).
 
Thanks in advance for your co-operation on this and kind regards, Louis.

Thank you Louis, I am opening a case with Support.

Appreciate your support on this.

Good Morning Divya Arunachalam.
 
With my apology to disturb you again on this, I could not stop thinking on this.
Also because I did see this working yesterday, while testing for you on this locally.
 
And this is how I got this to work now again, this morning.
1. In EEM, I added the resource 'webservice_all' (without prefix 'usm_').
2. I restarted these 3 services:
2a. CA Directory - itechpoz
2b. CA iTechnology iGateway 4.7
2c. CA Service Catalog
3. In SOAPUI, I can then login with e.g. 'catuser1'.
 
Thanks and kind regards, Louis.

Much thanks, Louis!

I added "webservice__all" resource and it worked..

We are able to get through using Catalog User and Request Manager roles.

Thank you,

Divya Arunachalam

Cool. And thanks for confirming this works. Kind regards, Louis.