Managing Roles and Permissions

This topic describes how you can use the Authorization Manager Service API (Java) to programmatically assign, remove, and determine roles and permissions.

In LiveCycle, a role is a group of permissions for accessing one or more system-level resources. These permissions are created through User Management and are enforced by the service components. For example, an Administrator could assign the role of "Policy Set Author" to a group of users. Rights Management would then permit the users of that group with that role to create policy sets through Administration Console.

There are two types of roles: default roles and custom roles. Default roles (system roles) are already resident in LiveCycle. It is assumed that default roles may not be deleted or modified by the administrator, and are thus immutable. Custom roles created by the administrator, who may subsequently modify or delete them, are thus mutable.

Roles make it easier to manage permissions. When a role is assigned to a principal, a set of permissions is automatically assigned to that principal, and all the specific access-related decisions for the principal are based on that overall set of assigned permissions.

Summary of steps

To manage roles and permissions, perform the following steps:

  1. Include project files.

  2. Create an AuthorizationManagerService client.

  3. Invoke the appropriate role or permission operations.

Include project files

Include necessary files in your development project. If you are creating a client application using Java, then include the necessary JAR files. If you are using web services, then make sure that you include the proxy files.

Create an AuthorizationManagerService client

Before you can programmatically perform a User Management AuthorizationManagerService operation, you must create an AuthorizationManagerService client. With the Java API this is accomplished by creating an AuthorizationManagerServiceClient object.

Invoke the appropriate role or permission operations

Once you have created the service client, you can then invoke the role or permission operations. The service client allows you to assign, remove, and determine roles and permissions.

See also

Managing roles and permissions using the Java API

Managing roles and permissions using the web service API

Including LiveCycle Java library files

Setting connection properties

User Manager API Quick Starts

Managing roles and permissions using the Java API

To manage roles and permissions using the Authorization Manager Service API (Java), perform the following tasks:

  1. Include project files.

    Include client JAR files, such as adobe-usermanager-client.jar, in your Java project’s class path.

  2. Create an AuthorizationManagerService client.

    Create an AuthorizationManagerServiceClient object by using its constructor and passing a ServiceClientFactory object that contains connection properties.

  3. Invoke the appropriate role or permission operations.

    To assign a role to a principal, invoke the AuthorizationManagerServiceClient object’s assignRole method and pass the following values:

    • A java.lang.String object that contains the role identifier

    • An array of java.lang.String objects containing the principal identifiers.

    To remove a role from a principal, invoke the AuthorizationManagerServiceClient object’s unassignRole method and pass the following values:

    • A java.lang.String object that contains the role identifier.

    • An array of java.lang.String objects containing the principal identifiers.

See also

Summary of steps

Quick Start (EJB mode): Managing roles and permissions using the Java API

Quick Start (SOAP mode): Managing roles and permissions using the Java API

Including LiveCycle Java library files

Setting connection properties

Managing roles and permissions using the web service API

Manage roles and permissions by using the Authorization Manager Service API (web service):

  1. Include project files.

    Create a Microsoft .NET project that uses MTOM. Ensure that you use the following WSDL definition: http://localhost:8080/soap/services/AuthorizationManagerService?WSDL&lc_version=9.0.1.

    Note: Replace localhost with the IP address of the server hosting LiveCycle.

  2. Create an AuthorizationManagerService client.

    • Create an AuthorizationManagerServiceClient object by using its default constructor.

    • Create an AuthorizationManagerServiceClient.Endpoint.Address object by using the System.ServiceModel.EndpointAddress constructor. Pass a string value that specifies the WSDL to the LiveCycle service (for example, http://localhost:8080/soap/services/AuthorizationManagerService?blob=mtom.) You do not need to use the lc_version attribute. This attribute is used when you create a service reference.

    • Create a System.ServiceModel.BasicHttpBinding object by getting the value of the AuthorizationManagerServiceClient.Endpoint.Binding field. Cast the return value to BasicHttpBinding.

    • Set the System.ServiceModel.BasicHttpBinding object’s MessageEncoding field to WSMessageEncoding.Mtom. This value ensures that MTOM is used.

    • Enable basic HTTP authentication by performing the following tasks:

      • Assign the LiveCycle user name to the field AuthorizationManagerServiceClient.ClientCredentials.UserName.UserName.

      • Assign the corresponding password value to the field AuthorizationManagerServiceClient.ClientCredentials.UserName.Password.

      • Assign the constant value HttpClientCredentialType.Basic to the field BasicHttpBindingSecurity.Transport.ClientCredentialType.

      • Assign the constant value BasicHttpSecurityMode.TransportCredentialOnly to the field BasicHttpBindingSecurity.Security.Mode.

  3. Invoke the appropriate role or permission operations.

    To assign a role to a principal, invoke the AuthorizationManagerServiceClient object’s assignRole method and pass the following values:

    • A string object that contains the role identifier

    • A MyArrayOf_xsd_string object that contains the principal identifiers.

    To remove a role from a principal, invoke the AuthorizationManagerServiceService object’s unassignRole method and pass the following values:

    • A string object that contains the role identifier.

    • An array of string objects containing the principal identifiers.

See also

Summary of steps

Quick Start (MTOM): Managing roles and permissions using the web service API

Invoking LiveCycle using MTOM

// Ethnio survey code removed