BO4 - Tomcat security + ensuring business objects functionality

Hi,

We have BO4.2 SP05 on a development platform along with the bundled Tomcat (8.5.13) and use the BOE/BI, BOE/BILaunchpad and /BOE/CMC applications for webi reporting, also use IDT/UDT and some dashboards.

From security perspective we've been asked if number of interfaces available could be limited.

For instance ca see lots of services listed at http://<servername>/dswsbobje/services/listServices

What is the best way of achieving this but ensuring access to the above applications and business objects enterprise platform and above applications isn't affected adversely.

Had a look in the web.xml file in dswsbobje to see if some configurable parameters such as services.visible which could set to false but would still allow functionality but nothing obvious.

Thanks