Understanding Routings and Security
As delivered, any external system can invoke the PeopleSoft PT_WORKLIST web service. “Any-to-Local” routings are delivered with both service operations so that once an external system discovers the web service, the third-party system can readily invoke the operations. Likewise, as delivered, external systems do not need to worry about authentication or security restrictions for invoking the web service. If you want to limit which systems or users can create worklist entries in your PeopleSoft application through a web service, you must either apply security or use a more restrictive routing, or do both.