Package com.veeva.vault.sdk.api.executeas

package com.veeva.vault.sdk.api.executeas
This package provides interfaces to execute Vault Java SDK code as a different user.

By default, all custom Vault Java SDK code executes as the Java SDK Service Account user. This user has Vault Owner level permissions. Starting in 24R3, SDK code can use the more restrictive REQUEST OWNER, which describes the user whose action triggered the code execution.

There are two ways to change the default user context:

If the annotation and block are used together, the block takes priority within its scope.

Specify User on Entry Point

When using the ExecuteAs annotation, all the code and executed services within the entry point execute as the specified user, including the context. This annotation is currently only supported for WebApi. 
 @ExecuteAs(ExecuteAsUser.REQUEST_OWNER)
 @WebApiInfo(endpointName = "get_vault_information", minimumVersion = "v24.3", apiGroup = "general__c")
  public class GetVaultInformation implements WebApi {
     @Override
      public WebApiResponse execute(WebApiContext webApiContext) {
          VaultInformationService vaultInformationService = ServiceLocator.locate(VaultInformationService.class);
          VaultInformation vaultInformation = vaultInformationService.getLocalVaultInformation();
          JsonService jsonService = ServiceLocator.locate(JsonService.class);
          JsonObject responseData = jsonService.newJsonObjectBuilder()
              .setValue("id", vaultInformation.getId())
              .setValue("dns", vaultInformation.getDns())
              .setValue("domain", vaultInformation.getDomain())
              .setValue("name", vaultInformation.getName())
              .setValue("language", vaultInformation.getLanguageCode())
              .setValue("local", vaultInformation.getLocaleCode())
              .setValue("timezone", vaultInformation.getTimeZoneName())
              .build();
          return webApiContext.newWebApiResponseBuilder()
              .withResponseStatus(WebApiResponseStatus.SUCCESS)
              .withData(responseData)
              .build();
      }
 }

Specify User for Code Block

Using ExecuteAsService changes the user execution within a block of code, but it does not change the entry point user context. 
 @ExecuteAs(ExecuteAsUser.REQUEST_OWNER)
 @WebApiInfo(endpointName = "get_vault_information", minimumVersion = "v24.3", apiGroup = "general__c")
  public class GetVaultInformation implements WebApi {
      @Override
       public WebApiResponse execute(WebApiContext webApiContext) {
          VaultInformationService vaultInformationService = ServiceLocator.locate(VaultInformationService.class);
          VaultInformation vaultInformation = vaultInformationService.getLocalVaultInformation();
          JsonService jsonService = ServiceLocator.locate(JsonService.class);
          JsonObjectBuilder responseDataBuilder = jsonService.newJsonObjectBuilder()
              .setValue("id", vaultInformation.getId())
              .setValue("dns", vaultInformation.getDns())
              .setValue("domain", vaultInformation.getDomain())
              .setValue("name", vaultInformation.getName())
              .setValue("language", vaultInformation.getLanguageCode())
              .setValue("local", vaultInformation.getLocaleCode())
              .setValue("timezone", vaultInformation.getTimeZoneName());

          //use the ExecuteAsService to escalate rights to the Java SDK Service Account
          //to retrieve information the end user may not have access to
          //NOTE: Use this with caution
          ExecuteAsService executeAsService = ServiceLocator.locate(ExecuteAsService.class);
          executeAsService.executeAsJavaSdkUser(() -> {
              QueryService queryService = ServiceLocator.locate(QueryService.class);

              QueryCountRequest queryCountRequest  = queryService
                  .newQueryCountRequestBuilder()
                  .withQueryString("SELECT id FROM customwebapi__sys")
                  .build();

              queryService.count(queryCountRequest)
              .onSuccess(queryResponse -> {
                  responseDataBuilder.setValue("total_custom_webapi", new BigDecimal(queryResponse.getTotalCount()));
                                                            })
              .onError(queryOperationError -> {
                  throw new RollbackException("QUERY_FAILURE", queryOperationError.getMessage());})
              .execute();
      });

      return webApiContext.newWebApiResponseBuilder()
          .withResponseStatus(WebApiResponseStatus.SUCCESS)
          .withData(responseDataBuilder.build())
          .build();
        }
 }
  • Class
    Description
    ExecuteAs
    Decorate a supported entry-point (for example, WebApi) to make the code execute with the permissions of the specified user.
    ExecuteAsService
    Changes the user context for a section of code.
    ExecuteAsService.CommandNoReturn
    Interface for a command that returns no data, usually represented as a lambda expression.
    ExecuteAsUser
    Contains valid types of users to choose within an ExecuteAs context.