Workflowscope_OwnedWorkflow

What is Workflowscope_OwnedWorkflow?

In BAM control, apart from Global Reports, the logged in user is able to see the reports of the workflows that the logged in user triggered.

Example: Consider that user "Tim" is the owner of the "workflow1" and the user "John" logged-in and triggered the "workflow1". The user "John" only can view the report of the "workflow1" in the BAM Report. Even though "Tim" is the owner of "workflow1", if they log in, they cannot view the report of "workflow1" in the BAM Report.

How to Access Owned Workflow's?

To access the owned workflow reports, the logged in user must have the right to view owned workflow i.e. the Workflowscope_OwnedWorkflow right value must be True at the item level.

Note: If you are not able to see the Reports menu item in the application menu, it means the Can Consume right is set as false for whatever security group you belong to at the repository level.

Purpose

AVEVA Work Tasks implemented a security right named Workflowscope_OwnedWorkflow at ListSpecificForListItemLevel to control the owned workflows. This right can have either the True or False (check box) value.

Predefined Security Groups - Right Value

The default value of this right for the different predefined security groups is as follows:

If this right is set to True for a workflow for a specific user and the user is the owner of the workflow and has not triggered any instances of the workflow, the user can see the workflow details in the BAM Report.

For example, users who belong to either the administrator or contributor security group are able to see their owned workflows in the BAM Report by default.

If this right set to False for a workflow for a specific user and the user is the owner of the workflow and has not triggered any instance of the workflow, the user will not be able to see details of the workflow in the BAM Report (despite being the owner of the workflow).

For example, users who belong to either the Reader or Limited Access security group are not able to see their owned workflows in the BAM Report by default.

Note: Even though the Workflowscope_OwnedWorkflow right is set as False, the user can view the Reports menu item in the application menu (Enterprise Console).

Scenario

Scenario Name: Privileging the user to view owned workflows in the BAM control.

Business Scenario: This scenario describes how to provide access to the Reader user to view owned workflows in the BAM control.

Roles: To understand this scenario clearly, assume that there are two users in a repository. One user belongs to the Administrator security group and the other user belongs to the Reader security group.

1. admin - Has Administrator access rights.

2. UserR - Has Reader access rights.

The following table depicts the users and their security groups:

Overview

As mentioned in Predefined Security Groups - Right Value, the users who belong to either the Administrator or Contributor security group have the rights to view owned workflows in the BAM control by default. So the 'admin' user has the right to view owned workflow in the BAM control.

The users who belong to either the Reader or Limited Access security group do not have the right to view owned workflows in the BAM control by default. So 'UserR' does not have the right to view owned workflow in the BAM control.

Assume that there are two workflows named adminWF (created by admin – owner is admin) and readerWF (created by UserR (Reader) – owner is UserR) in the repository.

Assume that both the workflows are triggered by 'admin' user.

After logging in, 'admin' can see the both workflow names and the Global Reports item in the drop-down of the BAM control.

After logging in, 'UserR' cannot see the Global Reports option in the drop-down (because UserR is a Reader and does not have permission to view the Global Reports) and readerWF details in the BAM Control (as UserR is the owner of readerWF).

Here, admin (Administrator) wants to privilege UserR (Reader) to view UserR's owned workflow details in the BAM control. The same is depicted in the following table:

It means that after logging in, UserR (Reader) is able to see the Reports item in the application menu (Enterprise Console). If UserR clicks the Reports menu item, the user will be redirected to the BAM page and be able to see owned workflow in the BAM Report.

Scenario Solution:

To privilege the reader to view owned workflow in the BAM Report, perform the following steps:

3. Login as a user who belongs to the Administrator security group. Here, login as 'admin'.

4. From the Enterprise Console menu, select Workflows. You will be redirected to the Workflows list page.

5. As admin wants to give the privilege for the 'readerWF' (UserR is the owner of this workflow), right-click 'readerWF' and select Security Settings from the context menu.

6. You will be redirected to the ListItem security settings page. Click the Advanced Settings tab.

7. Click Enable List Item Specific Security.

8. Select the Security Group Customization option in the Enable Security Wizard and click Next.

9. Click Next.

10. The user will be redirected to the Security Group customization at list item level page.

11. To give privilege to 'UserR' (Reader security group), select the Reader security group and click Actions > Edit or right-click the Reader security group and select Edit from the context menu.

12. A pop-up window is displayed with the assigned security rights. Check the Workflowscope_OwnedWorkflow right and click Save.

13. Before clicking Save, ensure that the required BAM tree menu rights are set.

14. The Synchronization dialog box is displayed. Click Yes to synchronize the changes to the below level.

15. You will be prompted with a message stating that "Security Group has been modified successfully." Click OK.

16. To check the same, login as a user who belongs the Reader security group. Here, login as 'UserR'.

17. To access the BAM control, select Reports from the Enterprise Console menu. Now the 'UserR' will get the BAM control page and will be able to view owned workflow.