Can View Global Reports

What is Global Reports?

In the BAM control, the Global Reports option in the drop-down is used to monitor all triggered workflow details like executing instances, awaiting instances, completed instances, failed instances and aborted instances at a time, instead of monitoring individual workflow details.

How to Access Global Reports?

To access Global Reports, click Reports from the Enterprise Console (application) menu. BAM Control will be displayed. If the user has the right to view Global Reports, the Global Reports option will selected by default in the drop-down.

Note: If you are not able to see the Reports menu item in the application menu, it means the Can Consume right is set as false for whatever security group you belong to at the repository level.

Purpose

AVEVA Work Tasks implemented a security right named Can View Global Reports at the repository level to control the Global Reports. This right can have either the true or false value (check box).

Predefined Security Groups - Right Value

The default value of this right for different the predefined security groups is as follows:

If this right is set to True for a specific user only then will the user be able to see the Global Reports item in the drop-down of BAM control.

For example, the users who belong to the either the administrator or the contributor security group are able to see the Global Reports item in the drop-down of BAM control.

If this right is set to False for a specific user, the user will not be able to see the Global Reports item in the drop-down of BAM control.

For example, the users who belong to either the Reader or Limited Access security group are not able to see the Global Reports item in the drop-down of BAM Control.

Note: Even though the Can View Global Reports right is set as False, the user will be able to view the Reports menu item in the application menu (Enterprise Console). This right will not restrict the user from viewing this menu but if the user tries to access the BAM Control, the user will be redirected to the BAM control page where the Global Reports option will not be available in the drop-down.

Scenario

Scenario Name: Preventing the user from accessing the Global Reports item in the drop-down of the BAM control.

Business Scenario: This scenario describes how to prevent the contributor user from accessing the Global Reports item in the drop down of the BAM control.

Roles: To understand this scenario properly, assumed that there are two users in a repository. One of the user belongs to the Administrator security group and the other user belongs to the Contributor security group.

1. UserA  - Has Administrator access rights.

2. UserC - Has Contributor access rights.

The following table depicts the users and their security groups:

Overview

As mentioned in Predefined Security Groups - Right Value, the users who belong to either the Administrator or Contributor security groups have the rights to view the BAM control by default. So Both UserA and UserC have the right to view the BAM control.

Here UserA (Administrator) wants to prevent the UserC (Contributor) from viewing the Global Reports item in the drop-down of the BAM control. The same is depicted in the following table:

It means that UserC is able to see the Reports menu in the application menu (Enterprise Console) after logging in. But when UserC clicks the Reports menu item, the BAM Control page will be displayed without the Global Reports item in the drop-down.

Scenario Solution:

To arrive at a solution for this scenario, perform the following steps:

3. Login as a user who belongs to the Contributor security group. Here, login as 'UserC'.

4. From the Enterprise Console menu, select Reports. Before setting security, UserC can see the BAM Control and the Global Reports item in the drop-down.

5. To prevent the contributor user from viewing the Global Reports item in the drop-down of the BAM control, login as the administrator user. Here login as 'UserA'.

6. Click Repository Settings > Advanced Settings > Manage Security Groups. You will be redirected to the Security Group list.

7. Select the Contributor security group and click Edit on the ribbon bar or right-click the security group and select Edit from the context menu.

8. A pop-up window appears with the assigned security rights. Uncheck the Can View Global Reports right and click Save.

9. Click Save.

10. The Synchronization dialog box is displayed. Click Yes to synchronize the changes to the below level.

11. You will be prompted with a message stating that “Security Group has been modified successfully”. Click OK.

12. To check, login as a user who belongs to the contributor security group i.e 'UserC'.

13. From the Enterprise Console menu, select Reports. The user is redirected to the BAM Control page but the Global Reports item is not available in the drop-down.

14. The 'UserC' (Contributor security group user) does not have any owned workflow or workflows that are triggered by 'UserC'. The user will get the screen shown below while accessing BAM Control (Reports menu item in the application menu) since this user does not have the permission to view the workflows owned and triggered by others.

Observe that 'UserC' (Contributor security group user) does not have the permission to view others' workflows (Workflowscope_Any is false).

As per the above screen, the rights of “UseC” (Contributor security group) are as follows: