Ok, It's a bad approach, because if your requirement is to change the WSDL, after every client request, your new WSDL(with allowed operations) need to be published. Here you need to think of publishing your new WSDL, after a client request is processed. If your client is accessing the WSDL say "http://abc.com/myservice?wsdl", then on the same address it is impossible to publish the WSDL, unless the application is re-deployed or server is re-started.
However you can use the EndPoin.publish("http://abc.com/myservice?wsdl"), through code, but when the port is already in use, it will throw exception.
Best solution is to write separate the WSDLs based on the operations to be exposed. Then your client should get the secured WSDL's URI, only when the first call is success. That means the first web servce call response will also contains the other WSDL's URI based on the user role.