Modifying security settings for a service

In Administration Console, click Services > Applications and Services > Service Management.

On the Service Management page, click the service to configure.

Click the Security tab.

In the Require Callers To Authenticate list, select either Yes or No to specify whether the service can be invoked with or without credentials.

If you select Yes, the caller of the service must be authenticated and the user principal for that caller must be authorized to invoke the service; otherwise, the invocation attempt will be refused.

If you select No, the caller of the service may or may not be authenticated. The invocation of the service will always succeed because there is no authorization check.

For services that contain one or more operations flagged for anonymous access, select or deselect Anonymous Access Allowed. When anonymous access is enabled, any user within the system can invoke operations on the service. If anonymous access is disabled, users must be granted permission to call the service and invoke operations. Users are granted these permissions either directly or as being part of a group that has such permissions.

For some services, the user account that executes the operation affects the results. For example, in Content Services (Deprecated), the user that stores content is made the owner of the content, which affects who can later access the content. If you are using a process to store content, think about what user is used to execute the Document Management service, because that user will own the stored content.

To specify the run-time identity used by a service to execute operations, select Specify Run As, select an option from the associated list, and then click Save. Choose from the following options:

Invoker: Uses the same identity as the user who invoked the service.

System: Uses the System user to run the service with full privileges.

Named User: Enables you to run the service as a specific user. When you select this option, click Select User to display the Select Principal page, where you can search for and select the user.

If you do not select Specify Run As, the default behavior is used.

Click Add Principal to specify the permissions that users and groups have for this service.

The Select Principal screen displays the users and groups that are configured in User Management. If the user or group you want is not displayed, use the search function to find it. Click a user or group name.

On the Add Permissions screen, select the permissions to assign to the user or group for this service:

• INVOKE_PERM: To invoke all operations on the service

• MODIFY_CONFIG_PERM: To modify the configuration of a service

• SUPERVISOR_PERM: To view process instance data for a service that is created from a process

• START_STOP_PERM: To start and stop a service

• ADD_REMOVE_ENDPOINTS_PERM: To add, remove, and modify endpoints for a service

• CREATE_VERSION_PERM: To create a new version of the service

• DELETE_VERSION_PERM: To delete a version of the service

• MODIFY_VERSION_PERM: To modify a version of the service

• READ_PERM: To view the service

• PROCESS_OWNER_PERM: For use in a future version of LiveCycle. Do not use this permission.

• SERVICE_MANAGER_PERM: For use in a future version of LiveCycle. Do not use this permission.

• SERVICE_AGENT_PERM: For use in a future version of LiveCycle. Do not use this permission.

Click Add.

On the Service Management page, select the service to configure.

Click the Security tab, select the security profile to remove, and click Remove.