2 Replies Latest reply on Feb 28, 2008 1:22 AM by (Forestier_Jean-Pierre)

    Prb while programaticaly applying an RM policy

      Trying to programaticaly apply a policy using LCES web services call, I bump on the following SOAP exception :

      com.adobe.edc.sdk.SDKException: Failed to retrieve policy [PS:72238891-845b-4094-88a2-881f532a63ae] -- Invalid policy(error code bin: 1284, hex: 0x504)

      The execution context is LCES 8.0.1 SP1b under JBoss with MS Sql Server 2005 database.
      Prior to launching the program, we performed the following steps using the LCES adminui web interface under super administrator account :
      - Created a domain D
      - Created a user U in domain D and assigned him the following roles : 'service user', 'LCRM administrator', 'LCRM End User', 'LCRM Policy Set Administrator', 'LCRM Manage Invited and Local Users', 'LCRM Super Administrator'. No specific group membership has been granted to user U.
      - Created a user R in domain D and assigned her the following role : 'LCRM End User'. No specific group membership has been granted to user R.
      - Created a new global policy set PS and added domain D during step 2 (visible users and domains). No group or users were defined uring step 3 and 4.

      Now, if we take a look at the database, the policy set is registered in the EDCPOLICYSETENTITY table and is not hidden. Looking at the EDCPOLICYSETPRINCIPALENT table, we find the policy set type to be 3 and the principal id to be that of D, as registered in the EDCPRINCIPALDOMAINENTITY table. So far so good. Now we start our program which performs the following steps :

      - Under U credentials, register a new policy P in the PS policy set. This step is successful. Using the LCES adminui web interface, we go to Policies list for policy set PS and find our new policy P. Details pane for policy P states the policy ID to be 72238891-845b-4094-88a2-881f532a63ae (same as the one in the error message above).
      - Next the program attempts to apply the policy to a PDF document and we encounter the error message stated above.

      If we trace LCES server requests to the database, we can observe a failed attempt to retrieve policy set PS in table EDCPOLICYSETPRINCIPALENT. The failure occurs because, LCES search is based on the policy set id AND the associated principal id being one of : user U, GROUP_DOMAINPRINCIPALS for built-in domain EDC_SPECIAL, GROUP_ALLPRINCIPALS, all_authenticated_users, or GROUP_DOMAINPRINCIPALS for domain D. However, as stated above, policy set PS is registered in table EDCPOLICYSETPRINCIPALENT with principal id of domain D.

      1°) Is the failed search in table EDCPOLICYSETPRINCIPALENT responsible for the error message we encounter ? If not, what investigation do you suggest ?
      2°) If yes, did we forgot some step after creating policy set PS, so that the missed step(s) would lead to at least one row being created in table EDCPOLICYSETPRINCIPALENT that would fulfill the search condition ?
        • 1. Re: Prb while programaticaly applying an RM policy
          Jasmin Charbonneau Level 4
          When you created the policy set (PS) you left step 3 and 4 blank.

          Step 4 concerns document publishers, which is basically the list of users that are allowed to add a policy from that policy set.

          If the list is empty, then nobody is allowed to add a policy from that policy set to any documents.

          • 2. Re: Prb while programaticaly applying an RM policy
            Level 1
            Thank you for your reply Jasmin. In the mean time we figured this out and fixed the problem by updating step 3 and 4 of the policy the same way you suggest it in your answer.

            We also wondered for a while about the 5th and 6th parameters of the applyPolicy web method, namely the pubDomain and pubUserName. The LiveCycle ES Java API Reference documentation for the DocumentationManager interface clearly states both or none of them must be set. Sadly, the documentation doesn't highlight another important requirement : the credentials used to invoke the API / web service must be one of a user bound to a role that has been given the 'Identity Impersonation Control' access right. Failing to comply with this additional requirement triggers the following exception when invoking the web service :

            com.adobe.edc.sdk.SDKException: Context not authorized with permission : Identity Impersonation Control -- Authentication failed(error code bin: 513, hex: 0x201)