Controlling Access

Some access to views and information on data, activity instances or process instances in views is restricted to users having a specific authorization set. This also concerns available actions in the views like delegation, termination etc. The authorizations can be set in the Infinity Process Platform modeler or via API. For details on how to set these authorizations and on their effects, please refer to chapters Declarative Security of the Infinity Process Platform Documentation - Developer Handbook. Declarative Security of the Developers Handbook and Declarative Security Usage in Infinity Process Platform Services API in the Infinity Process Platform Documentation - Developer Programming Guide Declarative Security Usage in Infinity Process Platform Services API in the Programming Guide accordingly.

Controlling Access to the Administration Perspective

To switch on or off Administration Perspective access for the Infinity Process Platform Portal completely, do the following

  1. unpack the ipp-administration-perspective.jar file of your Web application. Depending on your Web application, it is located either:
  2. modify the content of the admin-portalUi-context.xml file, residing in the META-INF/spring folder. At the beginning change the following requiredRoles attribute:
    <!-- Administration provided extension of portal perspective -->
        <ippui:perspective id="ippAdminPerspective" messageBundles="admin-portal-messages" requiredRoles="Administrator">

Per default, the access control is restricted to the Administrator only.

Controlling Access to the Control Center Perspective

To switch on or off Control Center Perspective access for the Infinity Process Platform Portal completely,

  1. Unpack the ipp-business-control-center.jar file of your Web application. Depending on your Web application, it is located either:
  2. Modify the content of the businessControlCenterUi-context.xml file, residing in the META-INF/spring folder. At the beginning enter the following requiredRoles attribute:
    <!-- Control Center provided extension of portal perspective -->
        <ippui:perspective id="ippBccPerspective" messageBundles="business-control-center-messages" requiredRoles="BccUser">

Controlling Workflow Data Access via Declarative Security

You can restrict the access to workflow data via declarative security settings in the Modeling perspective and the Eclipse modeler. Please refer to Infinity Process Platform Online documentation chapters Setting Authorization in Model Element Property Pages in the Eclipse Modeling Guide Setting Authorization in Model Element Property Pages of the Eclipse Modeling Guide and Setting Authorization in Model Element Properties of the Business Process Modeling Handbook respectively for details.

Restriction to the access in the Control Center perspective views can be set for the following inspections and operations on workflow data:

Inspecting Process Instance Data

To determine who has the authorization to inspect data about a process instance, change the authorization setting for Read Process Instance Data in the property page of the according process.

In the example below, the properties of a process determine that the roles Salesmanager and Administrator have the grant to inspect process instance data of this process in the Control Center views.

Setting Authorization
Figure: Setting Authorization for Reading Process Instance Data

Inspecting Activity Instance Data

To determine who has the authorization to inspect data about an activity instance, change the authorization setting for permission Read Activity Instance Data in the property page of the according activity.

In the example below, the properties of an activity determine that the activity owner (the person who should be working on it) and the role Salesmanager have the grant to inspect activity instance data of this activity in the Control Center views.

Setting Authorization
Figure: Setting Authorization for Reading Activity Instance Data

Aborting Activity Instances

To determine who has the authorization to abort an activity instance, change the authorization setting for permission Abort Activity Instances in the property page of the according activity.

In the example below, the properties of an activity determine that the activity owner and the role Controller have the grant to abort instances of this activity in the Control Center views.

Setting Authorization
Figure: Setting Authorization for Aborting Activity Instances

Please note that the abort icon is only enabled in case the property Allows Abort by Participant is selected for the according activity. Please refer to sections Specifying Activities of the Eclipse Modeling Guide and Working with Activities of the Business Process Modeling Handbook Specifying Activities of the Eclipse Modeling Guide and Working with Activities of the Business Process Modeling Handbook respectively for details on this activity property.

Delegating Activities to Other Users

To determine who has the authorization to delegate an activity instance to another user or department, change the authorization setting for permission Delegation to other users and Delegation to other departments respectively in the property page of the according activity.

In the example below, the properties of an activity determine that the roles Salesmanager and Administrator have the grant to delegate instances of this activity in the according Infinity Process Platform Portal views to other users.

Setting Authorization
Figure: Setting Authorization for Delegating to Other Users