I am working on a SharePoint webpart &h AF development project and trying to figure out how does the AF connection credential work.
So there is a service account "A" which has Admin permission to all the elements, and there is another account "B" used for user login to the portal, who only has Read to the elements.
When user logins the page, the code first tried to connect to AF with A's credential --> AF.PISystem.connect(A), and I can tell the AFElement.PIsystem.CurrentUserName is "A"; but when doing SetSecurityString() or Add new elements then, I got an exception "User doesn't have right permission to administer element". What seems to me is even though it connects to AF by using the specific account, but it still uses the impersonated SharePoint Login user's credential to execute functoins.
In the case above, if the account "B" has Admin permission to the element, it will run just fine.
However, I thought it should use the specified account to run all the executions, instead of using the user login credential (impersonate) or the web app pool account.
Any thoughts? Thank you