Controlling Access to Resources

You can control access to resources in the repository by setting user permissions on resources.

An access control list (ACL) can be created for a given resource by specifying the permissions and the users for that resource. System level permissions are available, and a user granted such permissions will have rights to everything in the repository. If a given user has system level permissions, access will be granted to the specified resource. If the user does not have system level permissions, the ACL will be inspected in order to determine whether to grant access to that user.

You can programmatically control access to resources by using the Repository service Java API or web service API.

Note: For more information about the Repository service, see Services Reference for LiveCycle.

Summary of steps

To control access to resources, follow these steps:

  1. Include project files.

  2. Create a Repository service client.

  3. Specify the URI of the resource to be used in the ACL.

  4. Retrieve the ACL for the resource.

  5. Retrieve the list of users having access to the resource.

  6. Create the new access control list.

  7. Specify the users to be included in the new ACL.

  8. Specify the permissions to be included in the new ACL.

  9. Write the new ACL for the resource.

Include project files

Include the necessary files in your development project. If you are creating a client application using Java, include the necessary JAR files. If you are using web services, include the proxy files.

Create the service client

Before you can programmatically read a resource, you must establish a connection and provide credentials. This is accomplished by creating a service client.

Specify the URI of the resource to be used in the ACL

Specify the string containing the resource’s URI. A resource URI is always required when reading or writing access control lists.

Retrieve the ACL for the resource

Invoke the Repository service method to read the access control list for the resource, specifying the resource URI.

Retrieve the list of users having access to the resource

Invoke the access control list method to retrieve the users who have access to the resource.

Create the new ACL

Invoke the ACL constructor to create a new list.

Specify the users to be included in the new ACL

Store the UUIDs for the users to be used in the new ACL.

Specify the permissions to be included in the new ACL

Create a list containing the permission strings for the resource and add that list to the ACLs.

Write the new ACL for the resource

Invoke the Repository service method to write the ACL for the resource, specifying the URI and the newly created access control list.

Configuring access control lists using the Java API

Configuring access control lists using the web service API

Configuring access control lists using the Java API

To programmatically configure access control lists using the Repository service Java API, perform the following tasks:

  1. Include project files

    Include client JAR files in your Java project’s class path. For information about the location of these files, see Including LiveCycle Java library files.

  2. Create the service client

    Create a ResourceRepositoryClient object by using its constructor and passing a ServiceClientFactory object that contains connection properties.

  3. Specify the URI of the resource to be used in the ACL

    Specify the URI of the resource. In this case, because the resource is the folder testFolder, its URI is /testFolder. The URI is stored as a java.lang.String object.

  4. Retrieve the ACL for the resource

    Invoke the ResourceRepositoryClient object’s readAccessControlList method and pass the URI of the resource as a parameter. The method returns a com.adobe.repository.infomodel.bean.AccessControlList object.

  5. Retrieve the list of users having access to the resource

    Invoke the AccessControlList object’s getUsersWithPermissions method, which returns a java.util.List containing strings that represent the user identifiers. In this example, the list of users is printed to the screen.

  6. Create the new ACL

    Invoke the default constructor for the AccessControlList class to create a new AccessControlList object to be used.

  7. Specify the users to be included in the new ACL

    Determine which user identifiers to be used in the access control list. In this example, the first user in the list previously retrieved will be used.

  8. Specify the permissions to be included in the new ACL

    Create a java.util.ArrayList that will be used to store the list of permissions and add the preferred permissions to the list, which are available as static constants in the AccessControlEntry class. In this example, traversal and read permissions are specified for a folder; therefore, the values AccessControlEntry.READ_METADATA_USER_PERM and AccessControlEntry.READ_CONTENT_USER_PERM are added to the list.

    Invoke the newly created AccessControlList object’s setPermissionsForUser method and specify the following parameters:

    • The identifier of the user who will have the permissions

    • The list of permissions

    For more information, see the LiveCycle API Reference.

  9. Write the new ACL for the resource

    Invoke the ResourceRepositoryClient object’s writeAccessControlList method and pass in the following parameters:

    • The URI of the resource.

    • The access control list.

    • A boolean value used to determine whether to propagate the permissions to all collection-contained resources if the resource is a collection (com.adobe.repository.infomodel.bean.ResourceCollection). In this example, the value true is specified.

    For more information, see the LiveCycle API Reference and Repository Service API Quick Starts.

Configuring access control lists using the web service API

To programmatically configure access control lists using the Repository service web service API, perform the following tasks:

  1. Include project files

  2. Create the service client

    Using the Microsoft .NET client assembly, create a RepositoryServiceService object by invoking its default constructor. Set its Credentials property using a System.Net.NetworkCredential object containing the user name and password.

  3. Specify the URI of the resource to be used in the ACL

    Specify a string containing the URI of the resource. In this case, because the resource is the folder testFolder, its URI is "/testFolder". When using a language compliant with the Microsoft .NET Framework (for example, C#), store the URI in a System.String object.

  4. Retrieve the ACL for the resource

    Invoke the RepositoryServiceService object’s readAccessControlList method and pass the URI of the resource as a parameter. The method returns an AccessControlList object. Pass null for the second parameter.

  5. Retrieve the list of users having access to the resource

    Retrieve the AccessControlList object’s usersWithPermissions field, which is an object array containing strings representing the user identifiers. In this example, the list of users is printed to the screen.

  6. Create the new ACL

    Invoke the default constructor for the AccessControlList class to create a new AccessControlList object to be used.

  7. Specify the users to be included in the new ACL

    Determine which user identifiers to be used in the access control list. In this example, the first user in the list previously retrieved will be used.

  8. Specify the permissions to be included in the new ACL

    Create an object array that will be used to store the list of permissions, and add the preferred permissions to the array, which must be specified as strings. In this example, traversal and read permissions are specified for a folder; therefore, the values "Traverse" and "Read" are added to the list.

    Invoke the default constructor for the AccessControlEntry class to create a new object needed for storing the permissions, and assign the permissions object to the AccessControlEntry object’s permissions field.

    Create an object array, store the AccessControlEntry object in it, and assign the array to the AccessControlList object’s entries field.

    Create an object array, store the user identifier in it, and assign the array to the AccessControlList object’s usersWithPermissions field.

  9. Write the new ACL for the resource

    Invoke the RepositoryServiceService object’s writeAccessControlList method and pass in the following parameters:

    • The URI of the resource.

    • The access control list.

    • A boolean value used to determine whether to propagate the permissions to all path-contained resources if the resource is a collection (com.adobe.repository.infomodel.bean.ResourceCollection). In this example, the value true is specified.

    • A boolean value used to determine whether the propagate value was specified. In this example, a value of true is specified.

    • Pass null for the remaining parameter.

For more information, see Repository Service API Quick Starts.

// Ethnio survey code removed