I am going to customize a third party software and I am going to add a Web services wrapper for its API and expose the methods via web services. The purpose is to use the software package's provided XML service API to do the same database operations to avoid direct connecting database.
With previous direct connecting the databse, the security issue is easy to resolve, because different user account have different permission levels and users can be granted access to the tables accordingly.
For the future xml web services wrapper, the problem is the provided XML service API has just one username/password to do all level of operations which might not be secure or appropriate. Is there any simple way to use the database user permissions to enhance the web service security? Any related suggestion/links/articles are really appreciated. Thanks a lot.