Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Work Tasks

TABLE OF CONTENTS

Secure Process Designer Control at Workflow Level

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedNov 24, 2023
  • 8 minute read

The Process Designer Control can be secured at Repository, List, or ListItem (Workflow) level.

Example:

This example illustrates how the Repository level security will be applicable at listitem level and how to customize the security group definition at listitem level to meet the requirement of a particular workflow for a contributor user.

Consider three workflows 'Sales Domain', 'HR Domain' and 'Finance Domain'. Under the 'HR Domain' workflow, there are two child workflows called 'Employees Induction' and 'Leave Process' at the repository level.

The following steps explains how to secure the Process Designer control at Repository and ListItem level.

To set Process Designer rights at Repository Level

  1. To customize the Contributor security group definition to set the Process Designer rights at repository level, login as a user who belongs to the Administrator security group.

  2. Click Repository Settings > Advance Settings > Manage Security Group.

  3. Select the Contributor security group and click Edit on the ribbon bar or right-click and select Edit from the context menu.

  4. In the Modify Existing Security Group window, click Set Process Designer Rights to restrict to access the categories, activities and properties.

  5. Select the Check for Inclusion check box.

  6. Select the categories, activities and properties at the repository level.
    Here, only two categories – Human Activities & Engine Activities are privileged. The others are restricted for the contributor user.
    In the following screen a few properties are privileged and the others are restricted for the contributor user: 
     

  7. Click Save to save the changes.

  8. Click Save to save the Security Group definition and synchronize it, if required.

  9. Login as a user who belongs to the Contributor security group to see the effect of the security provided for the contributor user at the repository level.

  10. From the Enterprise Console menu, select Workflows.

  11. As there is no security is enabled at Workflow list and Workflow listitem level, the workflow list will inherit the security from the Repository level, and the Repository level security rights for the Process Designer Control.

  12. Select 'HR Domain' and click Design on the ribbon bar or select Design Workflow from the context menu. You will find the same categories, activities and properties for all the workflows, because none of them have security enabled. They inherit security from the repository level.

  13. Select 'Finance Domain' and click Design on the ribbon bar or select Design Workflow from the context menu. You will find the same categories, activities and properties for all the workflows, because none of them have security enabled. They inherit security from the repository level.

  14. Select 'Sales Domain' and click Design on the ribbon bar or select Design Workflow from the context menu. You will find the same categories, activities and properties for all the workflows, because none of them have security enabled. They inherit security from the repository level.

Enabling ListItem Level Security for 'Sales Domain' Workflow

Here giving more privilege to access Integration activities (Category), Human Activities > Task (Activity), Human Activities > Approval > Subject, Body, From Email Address and Send Notification Email (Properties) along with above action rights at the 'Sales Domain' workflow listitem level.

For this, you need to customize the security definition at 'Sales Domain' workflow listitem level.

To achieve the above, perform the following steps:

  1. Login as an Administrator user to customize the Contributor security group.

  2. Select Workflows from the Enterprise Console menu.

  3. Right-click the 'Sales Domain' workflow and then select Security Settings from the context menu.

  4. Click the Advanced Settings tab to enable security at the list item level.

  5. Click Enable ListItem specific Security.

  6. Select Security Group Customization, click Next and again Next.

  7. Select the Contributor security group and click Edit from the ribbon bar or select Edit from the context menu.

  8. To open the Process Designer Rights window, use the Set Process Designer Rights link from value column.Note: Use the Set Process Designer Rights link from Follower specific value for the Rights column. It is for follower items not for the current item.

  9. Select the Check for Inclusion check box.

  10. Select the categories, activities and properties at item level as shown in the following figures.

  11. Here only three categories – Human Activities, Human Activities > Approval, Check-List, Choice, Information and Task, Engine Activities and Integration are privileged the others are restricted for the contributor user.

  12. In the following screen, four properties of Notification Contents of Approval activity are privileged along with the other properties. The others are restricted for the contributor user.

  13. Click Save to save the changes.

  14. Click Save to save the Security Group definition and synchronize it, if required.

  15. Login as a user who belongs to the Contributor security group to see the effect of security provided for the contributor user at repository level.

  16. From the Enterprise Console menu, select Workflows.

  17. Select 'Sales Domain' and click Design on the ribbon bar or select Design Workflow from the context menu.

    To enable ListItem Level Security for 'HR Domain' Workflow

    1. Here, giving more privilege to access:

    2. Scheduler Activities, Communication, BPMN Elements, and Wizard along with other categories mentioned above.

    3. Human Activities > All Activities

    4. Human Activities > All Properties along with above categories at the 'HR Domain' workflow listitem level.

    5. For this, you need to customize the security definition at the 'HR Domain' workflow listitem level.

    6. To achieve the above, perform the following steps:

    7. Login as an Administrator user to customize the Contributor security group.

    8. Select Workflows from the Enterprise Console menu.

    9. Right-click 'HR Domain' workflow and select Security Settings from the context menu.

    10. Click the Advanced Settings tab to enable the security at list item level.

    11. Click Enable ListItem specific Security.

    12. Select Security Group Customization, click Next and again Next.

    13. Select the Contributor security group and click Edit on the ribbon bar or select Edit from the context menu.

    14. To open the Process Designer Rights window, use the Set Process Designer Rights link from value column.

    15. Select the Check for Inclusion check box.

    16. Select the categories, activities and properties at the item level as shown in the following figures.

    17. Here only six categories – Human Activities, Engine Activities, Scheduler Activities, Communication, BPMN Elements and Wizards are privileged. The others are restricted for the contributor user.

    18. All activities of the Human Activities category are privileged. The others are restricted for the contributor user.

    19. All properties of the Approval Activity of Human Activities category are privileged. The others are restricted for the contributor user.

    20. Click Save to save the changes.

    21. Click Save to save the Security Group definition and synchronize it, if required.

    22. Login as a user who belongs to the Contributor security group to see the effect of security provided for the contributor user at repository level.

    23. From the Enterprise Console menu, select Workflows.

    24. Select 'HR Domain' and click Design from the ribbon bar or select Design Workflow from the context menu.

    25. Here, you have set the Process Designer Rights for value, not for the follower specific value. So, if you have to navigate and view the Process Designer Control at child item then these changes will not be found there.

    26. Select any child item of the 'HR Domain' workflow and click Design on the ribbon bar or select Design Workflow from the context menu. The changes are not applicable at its child item level.

    27. This child item does not have any security enabled. It will inherit from its immediate Dictator. In this case, the parent item is 'HR Domain'.

      To enable Security at Child Item Level for 'HR Domain' Workflow

      1. To enable security at child item level, follow the steps given below:

      2. Perform the steps 1 to 7 (See Enabling ListItem Level Security for 'HR Domain' Workflow steps).

      3. To open the Process Designer Rights window, use the Set Process Designer Rights link from Follower specific value column.

      4. Set the rights as shown in the following figure: 
         

      5. Click Save to save the changes.

      6. Click Save to save the Security Group definition and synchronize it, if required.

      7. Login as a user who belongs to the Contributor security group to see the effect of the security provided for the contributor user at the repository level.

      8. From the Enterprise Console menu, select Workflows.

      9. Double-click 'HR Domain' and select any child item (Employee Induction or Leave Process).

      10. Select Design from the ribbon bar or select Design Workflow from the context menu to see the effect.

      11. Here, both the child workflows (Employees Induction and Leave Process) do not have the security enabled. Hence, they will inherit the security set by their immediate dictator. In this case, their parent workflow (HR Domain).

        To enable Child Item Level Security for 'HR Domain' Workflow

        The following example demonstrates that the security has been enabled at one child item i.e 'Employees Induction' and shows the effect for both the child items.

        1. Go to the Employees Induction workflow and enable the listitem level security. To know more about how to enable security at the listitem level, click “Enabling Security at ListItem Level” and customize the Process Designer rights for the security group.

        2. To enable security for child items, follow the steps given below:

        3. Login as an Administrator user to customize the Contributor security group.

        4. Select Workflows from the Enterprise Console menu.

        5. Double-click the 'HR Domain' workflow and then select 'Employees Induction' workflow.

        6. Right-click and select Security Settings from the context menu.

        7. Click the Advanced Settings tab to enable the security at list item level.

        8. Click Enable ListItem specific Security.

        9. Select Security Group Customization, click Next and again Next.

        10. Select the Contributor security group and click Edit from the ribbon bar or select Edit from the context menu.

        11. To open the Process Designer Rights window, use the Set Process Designer Rights link from the Follower specific value column.

        12. Select the Check for Inclusion check box.

        13. Select the categories, activities and properties at item level.

        14. The screen shows that the categories (Security and SAP Activities) are excluded/restricted.

        15. Click Save to save the changes.

        16. Click Save to save the Security Group definition and synchronize it, if required.

        17. Login as a user who belongs to the Contributor security group to see the effect of security provided for the contributor user at the repository level.

        18. From the Enterprise Console pull-down menu, select Workflows.

        19. Double-click 'HR Domain' and select any child item i.e. Employee Induction.

        20. Select Design from the ribbon bar or select Design Workflow from the context menu to see the effect.

          The Employees Induction Process Designer will open with all the categories except the restricted ones.

        21. For the 'Employees Induction' workflow, the administrator user has enabled and customized the security as mentioned above. For another child workflow called 'Leave Process', the administrator user has not enabled and customized the security. So, it will inherit from its immediate dictator. In this case, the 'HR Domain' workflow.

        22. Right-click the 'Leave Process' workflow and select Design workflow and see the effect.

          TitleResults for “How to create a CRG?”Also Available in