Can View BAM Control

What is BAM Control?

BAM control is used to monitor all triggered workflows details like executing instances, awaiting instances, completed instances, failed instances and aborted instances and so on.

How to Access BAM Control?

To access BAM control, click Reports from the Enterprise Console (application) menu.

Note: If you not able to see the Reports menu item in the application menu, it means the Can Consume right is set as false for the security group you belong to at the repository level.

Purpose

AVEVA Work Tasks has implemented a security right named Can View BAM Control at the repository level to control the BAM Control. This right can have either the true or false (check box) value.

Predefined Security Groups - Right Value

The default value of this right for the different predefined security groups is as follows:

If this right is set to True for a specific user, only then that user can see the BAM control. For example, users who belong to either the Administrator, Contributor or Reader security groups are able to see the BAM control.

If this right set to False for a specific user, the user is not able to see the BAM control. For example, users who belong to the Limited Access security group are not able to see the BAM control.

Note: Even though the Can View BAM Control right is set as False, the user can view the Reports menu item in the application menu (Enterprise Console). This right will not restrict the user from viewing this menu but if the user tries to access the BAM Control, the user will be prompted with a message stating that “You do not have rights to view BAM Control”.

Scenario

Scenario Name: Preventing the user from accessing the BAM Control.

Business Scenario: This scenario describes how to prevent the contributor user from accessing the BAM control.

Roles: To understand this scenario clearly, assumed that there are two users in a repository. One user belongs to the Administrator security group and the other user belongs to the Contributor security group.

1. UserA  - Has Administrator access rights.

2. UserC - Has Contributor access rights.

The following table depicts the users and their security groups:

Overview

As mentioned in Predefined Security Groups - Right Value, users who belong to either the Administrator, Contributor or Reader security groups have the rights to view the BAM control by default. So both UserA and UserC have the right to view the BAM control.

Here, UserA (Administrator) wants to prevent the UserC (Contributor) from viewing the BAM control. The same is depicted in the following table:

It means that after logging in, UserC (Contributor) is able to see the Reports menu in the application menu (Enterprise Console). This user has to be prevented from accessing the BAM Control when the user clicks the Reports menu item.

Scenario Solution:

To arrive at a solution for this scenario, perform the following steps:

3. Login as a user who belongs to the Contributor security group. Here, login as 'UserC'.

4. From the Enterprise Console menu, select Reports.

5. Before setting security, UserC can see the BAM Control.

6. To prevent the Contributor user from accessing the BAM Control, login as an Administrator user. Here, login as 'UserA'.

7. Click Repository Settings > Advanced Settings > Manage Security Groups. You will be redirected to the Security Group list.

8. Select the Contributor security group and click Edit from the ribbon bar or right-click the Contributor security group and select Edit from the context menu.

9. A pop-up window will appear with assigned security rights. Uncheck the Can View BAM Control right and click Save.

10. Click Save.

11. The Synchronization dialog box is displayed. Click Yes to synchronize the changes to the below level.

12. You will be prompted with a message stating that “Security Group has been modified successfully.” Click OK.

13. To check, login as a user who belongs to the Contributor security group i.e 'UserC'.

14. From the Enterprise Console menu, select Reports menu. The following message appears:
    You do not have rights to view the BAM control.