Expand my Community achievements bar.

July 31st AEM Gems Webinar: Elevate your AEM development to master the integration of private GitHub repositories within AEM Cloud Manager.

Apply rights on process

Avatar

Former Community Member

Hi everyone,

I've created a process in LiveCycle, which is accessible from the workspace.

Is there a way to make this process accessible only for one group that I've created ?

To sum up, I want to filter the access to this process to this only group.

Regards

Thomas

11 Replies

Avatar

Former Community Member

Hi Again,

Thats possible check out the options in Admin UI.

Home > Services > Applications and Services > Service Management

Configure Your Process under Security Tab Use options 1- Require callers to authenticate and 2-Specify Run As

In Role Management Category assign Service Invoke to the Group that want to access this process.

Regards --

Chalukya.

process_properties.jpg

Avatar

Former Community Member

Hi again,

The problem is that I have other processes on the same server that needs to be accessible for all users. So all my LDAP sync users have the service invoke role.

Is there a way to assign a specific process only to a specific LC group ?

Regards,

Thomas

Avatar

Former Community Member

Hey Thomas,

I think we cannot assign a specific process only to a specific LC group.

You can have a decision service in the begining of that process which identifies the user who invoked the process based on that you can execute the furthur steps or just exit.

Will this Help --

Chalukya.

Avatar

Former Community Member

Not really, what I want is that only members of this group can view (and access) this process through the workbench.

So you think there is no way to do so ?

Avatar

Former Community Member

May be no Thomas, lets wait for a correct answer !!

Avatar

Level 3

You can do that by performing the follwoing:

Click on add principal and add that specific group which should have access to this particular process.

Hope that helps

Avatar

Former Community Member

Hi Vikas,

I already tried that, the thing is I have many options that I don't really understand here when selecting a group :

INVOKE_PERMAllows Invocation of all operations on the Service
MODIFY_CONFIG_PERMModify the configuration of the Service
SUPERVISOR_PERMView process instance data for the Service that has been created from a Process
START_STOP_PERMStart or Stop the Service.
ADD_REMOVE_ENDPOINTS_PERMAdd, remove and modify end points for the Service
CREATE_VERSION_PERMCreate a new version of the Service
DELETE_VERSION_PERMDelete a version of the Service
MODIFY_VERSION_PERMModify a version of the Service
READ_PERMRead or view the Service

What I understand from this is that those options add optional rights to this group.

That doesn't mean that other users who are not in this group won't be able to see this process, am I right ?

Avatar

Former Community Member

Hmm ...

Does that mean that I have to delete the role "Service Invoker" to all my users, and change the READ_PERM of all my other processes ?

Avatar

Former Community Member

Yep, that's it !

I need for all entities to set the role "Workspace User" but not the "invoke service role".

For all of my other processes, I assigned the role (add principal) "read_perm" to all entities.

For this single process, I assigned the role (add principal) "read_perm" to this group only.

That works !

Unfortunatly they can still see the category, but not the processes inside !

Avatar

Level 3

You cannot prevent  users from viewing the categories.