Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Work Tasks

TABLE OF CONTENTS

Workflowscope_Any

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJul 25, 2023
  • 5 minute read

What is Workflowscope_Any?

In BAM control, apart from the Global Reports, the logged in user can see the reports of the workflows that the logged in user triggered and owns.

Example: Consider that user "Tim" is not the owner of the "workflow1" and has not triggered "workflow1". But we want "Tim" to view "workflow1" details in the BAM Report.

How to Access Others Workflows?

To access others' workflow reports, the logged in user must have the right to view others workflows i.e. the Workflowscope_Any right value must be true at the item level.

Note: If you are not able to see the Reports menu item in the application menu, it means the Can Consume right is set as false for whatever security group you belong to at the repository level.

Purpose

AVEVA Work Tasks implemented a security right named Workflowscope_Any at "ListSpecificForListItemLevel" to control others owned or triggered workflows. This right can have either the True or False (check box) value.

Predefined Security Groups - Right Value

The default value of this right for the different predefined security groups is as follows:

Security Group Name

Right Name

Right Value

Administrator

Workflowscope_Any

True

Contributor

Workflowscope_Any

False

Reader

Workflowscope_Any

False

Limited Access

Workflowscope_Any

False

If this right is set to True for a specific workflow for a user (who is not the owner or has not triggered any instances of the workflow), then that user is able to see the report of the workflow in the BAM Report after logging in.

For example, the users who belong to the administrator security group are able to see others owned or triggered workflows in the BAM Report by default.

If this right is set to False for specific workflow for a user (who is not the owner or has not triggered any instances of the workflow), then that user cannot see the report of the workflow in the BAM Report after logging in.

For example, users who belong to either the contributor, reader or limited access security group are not able to see others owned or triggered workflows in the BAM Report by default.

Note: Even though the Workflowscope_Any right is set as False, the user is able to view the Reports menu item in the application menu (Enterprise Console).

Scenario

Scenario Name: Privileging the user to view others owned workflows in the BAM control.

Business Scenario: This scenario describes how to privilege the Reader user to view the workflows owned by the contributor user in the BAM control.

Roles: To understand this scenario clearly, assumed that there are three users in a repository. The first user belongs to the Administrator security group, the second user belongs to the Reader security group, and the third user belongs to the Contributor security group.

  1. admin - Has Administrator access rights.

  2. UserR - Has Reader access rights.

  3. UserC - Has Contributor access rights.

The following table depicts the users and their security groups:

User Name

Security Group

admin

Administrator

UserR

Reader

UserC

Contributor

Overview

As mentioned in the Predefined Security Groups - Right Value, the users who belong to the Administrator security group have the rights to view others owned and triggered workflows in the BAM control by default. So 'admin' has the right to view others owned and triggered workflows in the BAM control.

As mentioned in Predefined Security Groups - Right Value, the users who belong to either the Contributor, Reader or Limited Access security group do not have the right to view others owned and triggered workflow in the BAM control by default. So both UserR (Reader security group) and UserC (Contributor security group) cannot view others owned or triggered workflows in the BAM control.

Assume that a workflow 'GenericWF' is created by UserC (Contributor security group) and triggered by UserC.

The Admin user can see the 'GenericWF' details in the BAM Report by default. As mentioned in Predefined Security Groups - Right Value, users who belong to the Administrator security group have the right to view others owned and triggered workflows in the BAM control by default.

UserC (Contributor) can see the 'GenericWF' details in the BAM Report by default because UserC is the owner of that workflow and triggered it. Users who belong to the Contributor security group have the right to view the owned workflows (Workflowscope_OwnedWorkflow) and initiated workflows (Workflowscope_InitiatedWorkflow).

UserR (Reader) is not able to see the 'GenericWF' details in the BAM Report by default. As mentioned in Predefined Security Groups - Right Value, users who belong to either the Contributor, Reader or Limited access security groups do not have the rights to view others owned and triggered workflows in the BAM Report by default.

User Name

Report Menu Item

Workflowscope_Any

admin

Yes

Yes

UserC

Yes

Yes

UserR

Yes

Yes

It means after logging in, UserR (Reader) will be able to see the Reports item in the application menu (Enterprise Console). On clicking Reports, UserR will be redirected to the BAM page and will be able to see others owned workflow in the BAM Report.

Scenario Solution

To achieve the same, perform the following steps:

  1. Login as an Administrator user. Here, login as 'admin'. Before the security settings, the 'admin' user can see the 'GenericWF' details in the BAM Report.

  2. Login as a Contributor user. Here, login as 'UserC'. Before the security settings, the Contributor user see the 'GenericWF' details in the BAM Report.

  3. Login as a Reader user. Here login as 'UserR'. Before the security settings, the Reader user cannot view the 'GenericWF' details in the BAM Report. The screen given below will be displayed as UserR (Reader) does not have the right to view Global Reports and there are no workflows owned and triggered by UserR.

  4. As 'admin' wants to privilege 'UserR' to view the GenericWF in the BAM Report, login as 'admin'.

  5. From the Enterprise Console menu, select Workflows. You will be redirected to the Workflows list page.

  6. As the 'admin' user wants to give the privilege to 'UserR' to view 'GenericWF' details in the BAM control, right-click 'GenericWF' and select Security Settings from the context menu.

  7. You will be redirected to the ListItem security settings page. Click the Advanced Settings tab.

  8. Click Enable List Item Specific Security.

  9. Select the Security Group Customization option in the Enable Security Wizard and click Next.

  10. Click Next.

  11. You will be redirected to the Security Group customization at list item level page.

  12. To give privilege to 'UserR' (Reader Security Group), select the Reader security group and click Actions > Edit or right-click the Reader security group and select Edit from the context menu.

  13. A pop-up window is displayed with the assigned security rights. Check the Workflowscope_Any right and click Save.

  14. Before clicking Save, ensure that the required BAM tree menu rights are set.

  15. The Synchronization dialog box is displayed. Click Yes to synchronize the changes to its below level.

  16. You will be prompted with a message stating that "Security Group has been modified successfully." Click OK.

  17. To check the same, login as a user who belongs the Reader security group. Here, login as 'UserR'.

  18. To view "GenericWF" details in the BAM control, select Reports from the Enterprise Console menu. Now the 'UserR' will get the BAM control page and will be able to view owned workflow.

    In This Topic
    Related Links
    TitleResults for “How to create a CRG?”Also Available in