Expand my Community achievements bar.

Granting permissions to many users

Avatar

Level 7
Level 7
6/3/11 7:08:30 AM

Our organization has 5000 users and I need to grant Workspace access to 236. I think giving access through the adminui would be extremely tedious. Is there a way to perform a batch process with the users listed?

Aditya

Views

2.8K

Replies

7
Sign in to like this content

Total Likes

Translate
Translate
7 Replies

Avatar

Former Community Member
6/3/11 7:43:54 AM

You can use the Authorizarion API to assign a particular role to a list of users.

AuthorizationManager.assignRole(String roleId, String[] principalOids);

For more information you may want to look at the API reference,

http://livedocs.adobe.com/livecycle/es/sdkHelp/programmer/javadoc/index.html

Views

834

Replies

0

Total Likes

Translate
Translate

Avatar

Former Community Member
6/3/11 7:46:31 AM

Also, if the 236 users share some common property, then you can use PrincipalSearchFilter to fecth 'the list of principalOIDs' of those 236 out of 5000 users and pass the same to assignRole(...).

Views

834

Replies

0

Total Likes

Translate
Translate

Avatar

Level 7
Level 7
6/8/11 1:07:12 PM

Amit - This makes sense. Where would I run the API?

Aditya

Views

1.1K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
7/4/11 1:17:32 AM

You can create an Active Directory Group and assign role to that group. Is this not possible?

Nith

Views

811

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 7
Level 7
7/13/11 2:01:14 PM

Nith - It gets complicated. Is there another simpler way?

Aditya

Views

1.1K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
7/13/11 9:56:15 PM

I believe there are only three ways to do this.

1. Manual role assignment to individuals     (not prefered)

2. Assigning role to an AD group    

3. Writing a client program to invoke LC API and assign role programatically

Second method is easier to perform, users can be dynamically added/removed from AD groups, No need to reassign roles to new users, Can nest groups, etc.

Third option is appropriate; however, it's difficult to write a program based on LC SDK and you will have to run it each time when users added/removed. Perhaps, if the new user changes are few, you can do them manually.

Nith

Views

811

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Former Community Member
7/13/11 10:40:37 PM

okay there are two more ways that I think will aid you in automatically assigning the role to a batch of users,

1. To your question where should you write the code, as Nith said you can use LC SDK. But there is another  way to use UserManager APIs.

    Create a process and pass a bean shell script to it which consists of the code that I had mentioned.

    I have created a cookbook recipie for the same, please go through it and you'll find it easier than coding via strongly typed client from LC SDK.

    http://cookbooks.adobe.com/post_Accessing_User_Manager_API_through_BeanShell_Scrip-17405.html

2. Now if you are on Livecycle version ES, then there are no other ways to solve your problem apart from what Nith and I have suggested till.

3. If you are using LiveCycle ES2/2.5, then there is another solution.

    We introduced a feature called dynamic group in ES2.

    This group doesn't contain static members as children, but when you try to access it's child members, it dynamically fetches them using a predefined criteria that matches the users in LC.

   So, create a Dynamic group and specify a criteria which is common to all the 236 users, e.g. User's email, User's commonname 'starting with X' or 'ending with Y' or 'contains Z'.

   Then assign the Workspace role to this particular dynamic group.

Views

924

Replies

0

Total Likes

Translate
Translate