User rule to acess XI Web Services

Hello Everybody

I've built some Web Services with XI (actually, I've exposed some RFCs as Web Services through SOAP Sender Adapter).

Since SOAP Inbound Channel requires authentication, I should create a user that client applications will use to authenticat against it, shoudn't I ??? What rule should this user have?

After I use this user to SOAP Inbound Channel authentication, can I still ask a different user/password for each Web Service?

thanks

Julio