Strict security for web services

Strict security for web services requires that users meet Contextual Security requirements to access instance resources.

By default, basic authentication for web services only determines whether a user is authorized to access the instance with a SOAP connection. Once authorized, any user can access any table published as a web service.

The system property Enforce strict security on incoming SOAP requests changes this behavior and requires that users meet Contextual Security requirements to access instance resources from web services.

With this property enabled, only users that have the proper SOAP role and also meet the Access control rules conditions for a given table and operation can perform that operation from a SOAP connection.