Documentation Center

Changes to the class User 2.5

The new User class should be used for user provisioning and retrieving information about users.

Security settings on the user

SDL LiveContent Architect uses 2 types of security:
  • The user roles specified on the user are used to limit certain actions to users owning a certain user role
  • The user groups specified on the user indicate to which user groups he/she has access. The type of access is configured on the folder by specifying which user groups have read access and which user groups have write access.

Changes in database structure and behavior

Moving users out of the user group container

In previous versions, all users were grouped in user groups. The side-effect of this was that you had to access the users via the user groups and that each user had always access to its owning user group.

Starting from SDL Trisoft 9.2.0 , users no longer belong to one user group. So, user groups are just metadata on an user specifying to which user groups the user has access. This also means that an administrator will be able to revoke access rights for every user group from any user.

Changes in naming

SDL LiveContent Architect had various legacy terminology. Starting with the Web Services 2.5, we made terminology consistent. In order to do this, the element names of some objects are changed.

The following table gives an overview of those changes:
Object typeOld element nameNew element nameDescription
FieldFISHCAPABILITIESFISHUSERROLESThe field on the user containing the user roles
Introducing a display name on the user

An user's username and (external) id are mostly unreadable identifiers. Starting from SDL Trisoft 9.2.0 , we have introduced a display name (= FISHUSERDISPLAYNAME) which can be used by user interfaces to show a more readable name for the user

Enabling central authentication
There are 2 new fields to enable Windows Authentication:
  • The FISHEXTERNALID field links the name of the external system (e.g. Windows Authentication) with a SDL LiveContent Architect user
  • The FISHUSERTYPE field indicates whether the user is an internal SDL LiveContent Architect user with a SDL LiveContent Architect Password OR an external user with an ExternalId
Introducing the option to enable/disable an user

Starting from SDL Trisoft 9.2.0 , an administrator can block an user from logging in by setting the (new) FISHUSERDISABLED field on TRUE.

Introducing the option to activate/deactivate an user

We introduced a new field FISHOBJECTACTIVE to allow an administrator to deactivate an user. The user has still full access to the SDL LiveContent Architect system, but the field can be used to reduce user lists. Normally, an administrator will deactivate an disabled user, but the 2 fields are not linked.

Enabling 'My Favorites' folder for each user

Starting from SDL Trisoft 9.2.0 , we always create a My Favorites folder during the creation of a new user.

SDL LiveContent Architect password

Concerning the SDL LiveContent Architect password there are 2 changes:
  • The SDL LiveContent Architect password is only used for internal SDL LiveContent Architect users.
  • Starting from SDL Trisoft 9.2.0 , the password is no longer trimmed when setting the password or during login.

Everything else is still the same:
  • During validation of a new SDL LiveContent Architect password, the password still needs to be valid according to the Password Complexity rules which are specified in the registry (see Login settings)
  • We still use the same proprietary encryption for the password.

Changes in methods

Starting from Web Services 2.5 you must use the new User class for user provisioning and retrieving information about user. The API methods work similar to the API calls of Output Format and Baseline:
  • The users are uniquely identified using an element name which starts with the prefix VUSER
  • The standard Metadata XML structure (with level none) can be used for retrieving or setting fields
  • The retrieve methods will return an ishobject list xml with objects of type ISHUser
    <ishobjects>
      <ishobject ishref="VUSERDDEMEYER" ishtype="ISHUser" ishuserref="362114">
        <ishfields>
          <ishfield name="USERNAME" level="none">ddemeyer</ishfield>
          <ishfield name="FISHUSERDISPLAYNAME" level="none">Dave De Meyer</ishfield>
          <ishfield name="CREATED-ON" level="none">22/06/2011 16:56:16</ishfield>  
          <ishfield name="MODIFIED-ON" level="none">24/06/2011 09:31:26</ishfield>  
          <ishfield name="FUSERGROUP" level="none">Qualtiy Assurance, Default Department, System management, Project team, Training Department, Sales Marketing, Research and Development</ishfield>
          <ishfield name="FISHEXTERNALID" level="none">GLOBAL\ddemeyer</ishfield>
          <ishfield name="FISHUSERTYPE" level="none">External</ishfield>
          <ishfield name="FISHEMAIL" level="none">ddemeyer@sdl.com</ishfield>
          <ishfield name="FISHUSERDISABLED" level="none">No</ishfield>
          <ishfield name="FISHUSERROLES" level="none">Administrator, Author, Planning, Reviewer, Translator</ishfield>
          <ishfield name="FISHUSERLANGUAGE" level="none">en</ishfield>
          <ishfield name="FISHOBJECTACTIVE" level="none" ishvaluetype="element">TRUE</ishfield>
        </ishfields>
      </ishobject>
      <ishobject ishref="VUSERGUEST" ishtype="ISHUser" ishuserref="4483">
        <ishfields>
          <ishfield name="USERNAME" level="none">Guest</ishfield>
          <ishfield name="FISHUSERDISPLAYNAME" level="none">Guest</ishfield>
          <ishfield name="CREATED-ON" level="none">22/06/2011 16:56:16</ishfield>  
          <ishfield name="MODIFIED-ON" level="none">24/06/2011 09:31:26</ishfield>  
          <ishfield name="FUSERGROUP" level="none">Default Department</ishfield>
          <ishfield name="FISHEXTERNALID" level="none"></ishfield>
          <ishfield name="FISHUSERTYPE" level="none">Internal</ishfield>
          <ishfield name="FISHEMAIL" level="none"></ishfield>
          <ishfield name="FISHUSERDISABLED" level="none">No</ishfield>
          <ishfield name="FISHUSERROLES" level="none">Author, Planning, Reviewer, Translator</ishfield>
          <ishfield name="FISHUSERLANGUAGE" level="none">en</ishfield>
          <ishfield name="FISHOBJECTACTIVE" level="none" ishvaluetype="element">TRUE</ishfield>
        </ishfields>
      </ishobject>
    </ishobjects>