The way to use the connector should NOT require us to set Roles on portal_web_services objects.
Documents on portal_web_services contains passwords to third-party software so, that should be not accessible by the user (even with proper roles).
I set a minimal set of proxy roles and re-work to use path rather them object to not require roles everywhere.