Recently, I’ve learned more about execution contexts for process services and thought it might be important enough to post here.
Execution contexts determine which user’s account credentials are used to execute a service. Recall that a service is created for all processes that are activated, and each operation in a process is also provided by a service. So, all processes and operations have an execution context.
A few changes were implemented in LiveCycle ES Update 1 (that’s version 8.2.1) that changed the way execution contexts work for processes. For both versions, the user that invokes the process is used as the invocation context for executing the process. The difference is in what invocation context is used for executing the operations in the process.
In LiveCycle ES (that’s version 8.0.x), the context that is used for process operations depends on whether the process is long-lived or short-lived:
• In short-lived processes, the context of the user who invoked the process is used to execute each operation in the process.
• In long-lived processes, the System user (similar to a super administrator) is used to execute each operation in the process.
In LiveCycle ES Update 1, you can use Adobe Administration Console to specify a user account to use for executing process operations. Also, the behavior is the same for long-lived and short-lived processes. There are three options for configuring this feature:
• Run-As Invoker (the default): The context of the user account that invoked the process is used to invoke the operations in the process.
• Run-As system: The System user executes the operations.
• Run-as named user: A user account that you specify is used to execute the operations.
To learn more about configuring this feature, read Modifying security settings in Applications and Services Administration Help.
Note that for both releases of LiveCycle ES, render and submit services that are used with xfaForm, Document Form, and Form variables are always executed using the System user account.
Why is this important?
For some services, the user account that executes the operation affects the results. For example, in Content Services ES, the user that stores content is made the owner of the content, which affects who can later access the content. If you are using a process to store content, you need to think about what user is used to execute the Document Management service, because that user will own the stored content.