Customizing Services 3-3 ■ Section 3.1.2.4, Service Type ■ Section 3.1.2.5, Subjects Notified ■ Section 3.1.2.6, Error Message Figure 3–3 The Attributes Column of the DELETE_DOC Service Definition

3.1.2.1 Service Class

The service class attribute specifies the Java class object that the service has access to. The classpath prefix intradoc.service is assumed unless a full path is given. The service class determines, in part, what actions can be performed by the service. The possible service classes are: Service Class Description ArchiveService Performs functions related to archiving. BatchService Performs functions related to batch loading. ChunkedService Performs functions related to HTTP file chunking for the upload and download of applets. DocService Performs actions on documents. Examples are checkin, checkout, document information, and subscription services. DocProfileService Performs actions on document profiles, such as adding, editing, and deleting profiles. FileService Retrieves files from the Oracle Content Server. IndexerService Performs functions related to indexing for search engine maintenance. ListBoxService Downloads lists from the Oracle Content Server. For example, lists of users, dependent choice lists, and so forth. LocaleService Performs functions specific to a users location or environment for example, used in internationalization to identify a users location and provide string files in the appropriate language. MetaService Manages metadata fields. PageHandlerService Manages Library Web pages created by Web Layout Editor. 3-4 Oracle Fusion Middleware Services Reference Guide for Oracle Universal Content Management In the example of the DELETE_DOC service, the service class is DocService: DocService 4 MSG_PAGE null documents csUnableToDeleteItemdDocName

3.1.2.2 Access Level

The service security model is similar to the document security model used throughout the Oracle Content Server system. The access level attribute assigns permission levels to the service. Any user attempting to execute the service must have at least this permission. Security access is stored as bit flags. Generally only one privilege out of READ, WRITE, DELETE, or ADMIN is assigned to a service. The access level number is the sum of the following possible bit flags: PageRequestService Retrieves an HTML page. ProjectService Manages Publisher projects. ProviderManagerService Manages providers an Application Programming Interface, or API, that establishes connection to outside entities. SchemaService Manages the server-side publishing of JavaScript files of database tables, such as option lists. SearchService Performs functions related to searching. Service Performs a general service. UserService Manages users. WorkflowService Manages workflows. WorkflowTemplateService Manages workflow templates. intradoc.admin.AdminService Performs functions through the Admin Server. Generally called internally by the Oracle Content Server itself. These services are very complicated, and failing to call them correctly can result in the loss or corruption of Oracle Content Server data. Therefore, it is strongly recommends that you do not use or modify these services. Bit Flag Permission Description 1 READ_PRIVILEGE Read permission is required for the security group referenced in the service. 2 WRITE_PRIVILEGE Write permission is required for the security group referenced in the service. 4 DELETE_PRIVILEGE Delete permission is required for the security group referenced in the service. 8 ADMIN_PRIVILEGE Admin permission is required for the security group referenced in the service. Service Class Description Customizing Services 3-5 If a service is acting on a document, the user must have READ, WRITE, DELETE, or ADMIN permission in that order for that documents security group to execute the service. For example, to subscribe to a document the user only needs READ permission for that documents security group. However, to check in a new document the user would also need WRITE permission for that documents security group. If the service does not act on a specific document such as GET_USER_INFO, CHECKIN_NEW_FORM, and so forth, the GLOBAL_PRIVILEGE bit flag should be set along with at least one more permission bit flag. The user must have that level of permission in at least one security group to execute the service SCRIPTABLE_SERVICE permission means that the service can be executed through the executeService IdocScript function. This should be restricted to read-only services, such as GET_SEARCH_RESULTS, GET_USER_INFO, and so forth. The following is a complete list of all access levels and their meanings: ■ 0: no access allowed ■ 1: Read permission required ■ 2: Write permission required ■ 3: Readwrite permission required ■ 4: Delete permission required ■ 8: Admin permission required ■ 16: Global permission required ■ 17: Global and read permission required ■ 18: Global and write permission required ■ 19: Global and readwrite permission required ■ 23: Global, readwritedelete permission required ■ 24: Global, admin permission required ■ 32: Scriptable permission required ■ 33: Scriptable and read permission required ■ 34: Scriptable and write permission required 16 GLOBAL_PRIVILEGE The service calls the global security check to determine if the current user has permission to execute the service. The check validates if the admin role is required or if the user only needs a given permission Read, Write, or Delete on at least one security group. 32 SCRIPTABLE_SERVICE Scriptable services dont require parameter input, so they can be called with the executeService function on dynamic server pages. Note: A service should never just specify the GLOBAL_PRIVILEGE bit flag alone. At least one more permission bit flag should be specified. Bit Flag Permission Description 3-6 Oracle Fusion Middleware Services Reference Guide for Oracle Universal Content Management ■ 40: Scriptable and admin permission required ■ 49: Scriptable and global, read permission required ■ 50: Scriptable, global, write permission required ■ 51: Scriptable, global, readwrite permission required ■ 56: Scriptable, global, admin permission required In the example of the DELETE_DOC service, the access level is 4, meaning that the user must have DELETE_PRIVILEGE to execute the service: DocService 4 MSG_PAGE null documents csUnableToDeleteItemdDocName As another example, the access level for the ADD_ALIAS service is 24, meaning that the user must have ADMIN_PRIVILEGE and GLOBAL_PRIVILEGE to execute the service: ADD_ALIAS UserService 24 null null aliases csUnableToAddAlias For details about user accounts and roles permissions see the Oracle Fusion Middleware System Administrators Guide for Oracle Content Server.

3.1.2.3 Template Page