My Oracle Support Banner

Users Are Not Restricted To Access A Particular Service (Doc ID 2640140.1)

Last updated on AUGUST 02, 2023

Applies to:

Oracle API Gateway - Version and later
Information in this document applies to any platform.


Even after adding one user to one group and restricting the service to that group, it is allowing all users in the local store to access the service.

The policy is being accessed successfully but to all users instead of to one user

1. Create a group.
2. Add the user to that group
3. Add Check Group Membership filter as a Start and connect it to WS-Security Username Token filter with a success path and connect this filter to the Service Handler
4. Deploy
5. Access the service from SoapUI using the OAG virtualized URL.
6. All the users can access the service. The expected behavior is that only the user belonging to the group should be able to access the service.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.