You can control access to the SOAP server in the following two ways.
If the Security: Validate User option is not enabled, the SOAP server honors all requests regardless of the sender. If the Security: Validate User option on the hub monitoring server is enabled, the SOAP server honors requests only from users defined to the operating system or security authorization facility of the host of the monitoring server.
If you specify a specific type of access for any users, the SOAP server honors requests only from those users, regardless of whether Security: Validate User is enabled.
For information on configuring the security on the SOAP server, see Appendix A. IBM® Tivoli® Monitoring Web Services for the SOAP server in the IBM Tivoli Monitoring Administrator's Guide.