Access Rules (Security)
Are the roles as defined in WordPress.
A user can belong to multiple User Groups
An Actor is a participant in a process. An Actor can be defined in the BPMN model as a Lane, however, you can refine Actors definitions in the Designer.
In our example there are three Actors: Claimant (person starting the process), Approver (the Manager who approves the claim) and Reviewer (the person conducting the financial review); as you see on “As Actor” column below.
Allow members of the User Group ‘Employee’ to ‘Perform’ the Event ‘Start Claim’; i.e. Start the Process. And this user will be labelled ‘Claimant’. He/she can’t change that access (delegate it to another).
Allow the user that is the ‘Claimant’ for the Case, to view all activities for that Case.
For System wide capabilities refer to System commands
|View||Read only, Include notification||
|Assign||Assign Task to a worker||
|Monitor||Monitor activities||System Wide|
Complex Access Rules
[Allow|Restrict] [User Expression] to [Privilege] on [Object type] for [scope]
|Allow||All||View||Process: Got Mail||All|
(new role Owner)
|Process: Order Pizza||Owner|
|..||Owner (as defined above)||View||Process|
|User works in the Store|
|..||Pizzeria manager||Assign||Process||User works in the Store|
|Head Office Staff||Perform||Re-Assign Store|
|Allow or Restrict||user group||Privilege||
|All or condition|
Two more concepts are introduced above:
Owner and Store, there are process variables defined as part of the process and are used to point to the User (as in the case of owner) or an attribute of the User (as in the case store)
Here is more complex example
|1||Allow||Group: Writer||Perform-Authoer||Edit Article||In their expertise||Author|
|2||Allow||Group: Research||Perform-Researcher||Edit Article||Researcher|
|3||Allow||Group: Senior Writer||Perform-Reviewer||Review article||
In their expertise
And Not the writer
|4||Allow||Role: Author||Perform-Auther||Make Corrections|
- Rule 1: We allow any user that is a member of the group “Writer” to start a new Article (within their expertise), the user that start the process is now has the role “Author”
- Rule 2: We designated a second Role “Researcher” for the same task
- Rule 3: Any Senior Writer can perform “Review Article” (within their expertise) but it he/she can not be “Author”.
- Rule 4: Only the user with the role “Author”, i.e. same user start started the process, can perform the task “Make Corrections”