Two doubts about ImpersonateUser method use in CWS 10.5

We are developping a webservice framework (CWS with java) providing access to Content Server content from different applications for several users with update capabilities (adding documents or folders). On the other side, the same users can access directly to the product through a browser with read only permissions .
As the same user should act as having different CS permissions depending on access way even they really have read only permissions inside Content Server, we thought ImpersonateUser method could help us.
We would impersonate a CS user by another one having SA privileges and enough rights to be able of adding folders/documents. Would it be possible to achieve our goal through this method? (first doubt)
And second doubt, if yes, how will standard CS audit logs reflect activity from framework? Which user will be recorded?

Find more posts tagged with

Comments

Riten_Patwa

You can use impersonation while creating documents/ folders in Content Server and using CWS where you can use the user with appropriate (add, modify) rights. It doesn’t have to be SA. You can give read only access to all other users in Content Server. By doing this though, the audit will show the user that was used in creating folder/document and not the one who originally initiated that ingestion.

Riten Patwa

From: eLink Entry: Content Web Services Forum [mailto:otdncontentwebservices971forum@elinkkc.opentext.com]
Sent: Thursday, May 15, 2014 6:12 AM
To: eLink Recipient
Subject: Two doubts about ImpersonateUser method use in CWS 10.5

Two doubts about ImpersonateUser method use in CWS 10.5

Posted byjmasip@indra.es (Masip, Jordi) On 05/15/2014 06:09 AM

[To post a comment, use the normal reply function]
Forum:	Content Web Services Forum
Content Server:	Content Server

Jordi Masip

Just to be sure. Suppose:
User A (read only access to Content Server)
User B (read only access to Content Server)
User C (read only access to Content Server)
…
User XYZ (add, modify permissions in Content Server)
We can use user A for connecting to CS through CWS but we impersonate it with XYZ one in order to be able of creating documents and folders from this environment.
Which user will be recorded in the audit log in this case? A or XYZ?
I thought it was necessary SA privilege for user XYZ in order to be able of impersonating.

Guy_Pomerleau

We are doing it and no there is no SA requirement. XYZ will do the same thing as if you were using the browser and do some action. It will do the same in CS as in CWS. If you impersonate so XYZ is doing the work on behalf of user A then since it is XYZ doing the work, it is XYZ in the audit that will appear. Also take note that you can change the owner of the object created thru CWS but you can't change the creator, it would go against the D.O.D. 15xx(I forgot the number) specifications.