Setting Up Role Model

A role model sets user permissions to access data used in building a business process. To determine data access user permissions, use data segments or authorization objects that set a link between security subjects (users/groups of users) and cube data slices.

NOTE. In the web application, it is recommended to use data segments to separate access permissions of security subjects.

In case of collaborated work on the project, the following user roles are determined:

The owner of the ADMIN schema.
The user belonging to the Administrators group.

The administrator with configured full access to process can:

Execute full process monitoring with displaying of instances of all active processes.
Start new process instances.
Execute/reject steps of all instances of corresponding process.
Manage process instances.

The process owner can:

Execute full process monitoring with displaying of process instances.
Start new process instances.
Execute/reject steps of all process instances.
Manage process instances.

To select the user as a process owner, use the Basic Properties tab of the Settings dialog box.

NOTE. A user or a group of users can be selected as a process owner.

The step execution owner can:

Execute custom process monitoring with all steps, for which execution he is responsible.
Execute/reject assigned steps.

To select the step execution owner, use the Settings tab on the step parameters panel. Custom process monitoring is available for the user.

NOTE. A user or a group of users can be selected as a step execution owner.

In case of user collaboration take into account the following:

If a group of users is selected as a step execution owner, in the process monitoring the process owner/administrator can select step executor. The executor is the selected user in the group of users responsible for specific step execution of process instance. After selecting the owner the process instance step is available only for the executor.
If a group of users is selected as a step execution owner, which includes other groups of users, they cannot be selected as executors.
If a group of users is selected as a step execution owner, and executor is not selected, the process instance is displayed in the process monitoring and the corresponding step is available for execution.