Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Work Tasks

TABLE OF CONTENTS

Workflowscope_InitiatedWorkflow

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedSep 11, 2024
  • 5 minute read

What is Workflowscope_InitiatedWorkflow?

In the BAM control, apart from Global Reports, the logged in user can see the reports of the workflows that the user triggered.

Example: Consider that the user "John" triggered "Workflow1". Even though "John" is not the owner of this workflow, they will be able to see the details of "Workflow1" in the BAM Report because they triggered it.

You can prevent "John" from viewing "Workflow1" details in the BAM Report, even though they triggered it, using the right called Workflowscope_InitiatedWorkflow.

How to Access Initiated Workflows?

To access the initiated workflow reports, the logged in user must have the right to view triggered workflows i.e. the Workflowscope_InitiatedWorkflow right value must be True at the item level.

Note: If you are not able to see the Reports menu item in the application menu, it means the Can Consume right is set as false for whatever security group you belong to at the repository level.

Purpose

AVEVA Work Tasks implemented a security right named Workflowscope_InitiatedWorkflow at ListSpecificForListItemLevel to control the initiated (triggered) workflows. This right can have either the True or False (check box) value.

Predefined Security Groups - Right Value

The default value of this right for the different predefined security groups is as follows:

Security Group Name

Right Name

Right Value

Administrator

Workflowscope_InitiatedWorkflow

True

Contributor

Workflowscope_InitiatedWorkflow

True

Reader

Workflowscope_InitiatedWorkflow

True

Limited Access

Workflowscope_InitiatedWorkflow

False

If this right is set to True for a specific workflow, then the user who triggered any instance of the workflow can view the report of the workflow in the BAM Report.

For example, users who belong to either the administrator, contributor or reader security group are able to see their initiated (triggered) workflows in the BAM Report by default.

If the right is set to False for a workflow and the user who triggered it logs in, the user will not be able to view the report of the workflow in the BAM Report section.

For example, the users who belong to the Limited Access security group are not able to see their initiated (triggered) workflows in the BAM Report by default.

Note: Even though the Workflowscope_InitiatedWorkflow right is set as False, the user can view the Reports menu item in the application menu (Enterprise Console).

Scenario

Scenario Name: Preventing the user from viewing the initiated workflows in the BAM control.

Business Scenario: This scenario describes how to prevent the Reader user from viewing the initiated workflows in the BAM control.

Roles: To understand this scenario clearly, assumed that there are two users in a repository. One user belongs to the Administrator security group and the other user belongs to the Reader security group.

  1. admin - Has Administrator access rights.

  2. UserR - Has Reader access rights.

The following table depicts the users and their security groups:

User Name

Security Group

admin

Administrator

UserR

Reader

Overview

As mentioned in Predefined Security Groups - Right Value, the users who belong to either the Administrator, Contributor or Reader security group have the rights to view initiated workflows in the BAM control by default. So both, 'admin' and 'UserR' have the right to view initiated workflows in the BAM control.

The users who belong to the Limited Access security group does not have the right to view initiated workflows in the BAM control by default.

Assume that there are two workflows named adminWF and readerWF (both created by admin – owner is admin) in the repository.

Assume that the 'adminWF' is triggered by the admin user and 'readerWF' is triggered by UserR (Reader security group).

After logging in, the admin user can see the details of both the workflows (adminWF and readerWF) apart from the Global Reports in the BAM Report. This is because the admin user has the rights to view both owned workflows and initiated workflows and also the right to view the Global Reports.

After logging in, UserR cannot see the Global Reports option in the drop-down. This is because UserR is a part of the Reader security group and does not have the permission to view Global Reports. UserR can see only the 'readerWF' in the BAM Report as this user has the right to view initiated workflow, by default.

Here admin (Administrator) wants to prevent the UserR (Reader) from viewing UserR's initiated workflow details in the BAM control. The same is depicted in the following table:

User Name

Report Menu Item

Workflowscope_InitiatedWorkflow

admin

Yes

Yes

UserR

Yes

No

It means that when UserR (Reader) logs in, UserR will be able to see the Reports item in the application menu (Enterprise Console). If UserR clicks the Reports menu item, the user will be redirected to the BAM page and will not be able to see the initiated workflow in the BAM Report.

Scenario Solution:

To prevent the reader from viewing initiated workflow in the BAM Report, perform the following steps:

  1. Login as a user who belongs to the Reader security group. Here, login as 'UserR'.

  2. From the Enterprise Console menu, select Reports.

  3. Here, 'UserR' is not the owner of readerWF even though UserR triggered readerWF.

  4. To prevent 'UserR' from viewing readerWF details in the BAM Report, login as an administrator user. Here, login as 'admin'.

  5. From the Enterprise Console menu, select Workflows. You will be redirecting to the Workflows list page.

  6. As the 'admin' user wants to restrict access to the "readerWF" details in the BAM control (because readerWF is triggered by UserR), right click 'readerWF' and select Security Settings from the context menu.

  7. You will be redirected to the ListItem security settings page. Click the Advanced Settings tab.

  8. Click Enable List Item Specific Security.

  9. Select the Security Group Customization option in the Enable Security Wizard and click Next.

  10. Click Next.

  11. The user will be redirected to the Security Group customization at list item level page.

  12. As 'admin' wants to restrict 'UserR' (Reader Security Group), select the Reader security group and click Actions > Edit or right click the Reader security group and select Edit from the context menu.

  13. A pop-up window is displayed with assigned security rights. Uncheck the Workflowscope_InitiatedWorkflow right and click Save.

  14. Before clicking Save, ensure that the required BAM tree menu rights are set.

  15. The Synchronization dialog box is displayed. Click Yes to synchronize the changes to the below levels.

  16. You will be prompted with a message stating that "Security Group has been modified successfully." Click OK.

  17. To check the same, login as a user who belongs the Reader security group. Here, login as 'UserR'.

  18. To access the BAM control, select Reports from the Enterprise Console menu. The 'UserR' will be redirected to the BAM control page and will not be able to view the 'readerWF' details in the BAM control.

     

    In This Topic
    Related Links
    TitleResults for “How to create a CRG?”Also Available in