When the SOAP/AM Server executes a Web service method on behalf of a client, it sends an interprocess message to one of your Pathway or Guardian application servers. By default, it does this under the identity of the user that created (started) the SOAP/AM Server process (sometimes known as the "CAID" or creator accessor id).

Since the SOAP/AM Server is a Guardian process, the identity under which a Web service is executed may be important if Safeguard or Pathway security settings restrict access to the server process that supports the Web service.

Guardian User Impersonation is a feature that allows the server to internally switch (its "PAID" or process accessor id) to the user identity of a given Guardian user prior to sending an interprocess message This feature allows you to run the server under any user identity but still enforce user-based access privileges to servers. Using the SOAP/AM Control Panel, you set the impersonated user identity on the Virtual File System (VFS) folder that contains the Web service definition (.sdf) file. By setting an identity on the root folder, you can establish a default identity for all Web services.

In order to use the Guardian User Impersonation feature, you must:...

•Run the Privileged SOAP/AM Server

•Set User Impersonation Folder Properties