Hello,
We will expose several OOB RSA Webservices to 3rd path applications. As you know each ws requires a token to be retrieved by "loginUser" web service in the first place.
We do not want to give default admin credentials to the requestor. What should the correct approach be? Can we create a new "technical" user and give him web service request privileges? If so, what is the correct privilege to assign?
The loginUser web service is expecting the username and password for a collected user or the AveksaAdmin account. I have seen some solution where a service account is defined with no privileges to serve this purpose as well.
The OnBehalf of feature mentioned earlier in this thread can then be used to make change requests on behalf of other users. Other operations however like collectIdentities are going to rely on the logged in user's privileges to determine if the web service operation is allowed. The token plays a key role in ensuring you cant just do anything in the world once logged in.