E-IB: How to Prevent Sending the Current User ID with Outbound Service Operations (Doc ID 654918.1)

Last updated on NOVEMBER 27, 2019

Applies to:

This document was previously published as Customer Connection Solution 201042699

*** Latest revision: 24-Dec-2015 ***

Goal

How to exclude or bypass applying user-level security (including the User ID of the sender and checking its presence and permissions on receiving side) for outbound service operations?

PeopleTools 8.48+ contains security restrictions in place for Integration Broker Service Operations at the user level.
For example, HR sends messages to FSCM and to CRM, each Node definition (PSFT_HR, PSFT_EP, PSFT_CR) has the same Default User ID and it has the same permissions in all three environments.
If in HR environment the User ID that triggers message sending exists both in HR and the target environment (either CRM or FSCM) the message gets published and subscribed without any issues.
However if the HR as publisher the sending User ID exists only in HR, or if it exists on target, but does not have sufficient permissions, the message publishing will fail with a correspondent error.
In contexts such as employee self-service every employee with an HR User ID would potentially need a matching User ID in both CRM and FSCM, which would be not practical to maintain.

How to set up the Integration Broker configuration so that the Default User ID of the node is used for message security authorizations rather than the user publishing the Service Operation?

Solution