Remove elevated roles from Web Services Only users

Why is this an issue?

A profile set to Web service access only may share data with third parties, so high-privilege roles like admin and security admin, as well as any roles with elevated access, should be avoided.

Best practices

Make sure to remove admin, security_admin and any role with elevated access from the Web service access only; granting elevated access to such users may compromise security. To remove these roles, follow the steps:

1. Type sys_user_has_role.list on the Filter Navigator
2. Search for the name of the Web service only user you want to update
3. On the Roles tab, click Edit and remove the admin and/or security_admin and click Save.