Security option

<< Click to Display Table of Contents >>

Navigation:  Automation Service Management > How to manage your environment with Management Console Web > Security >

Security option

This option lets you restrict access to different areas of your processes during execution to ensure that the correct people have the necessary privileges and to prevent unauthorized actions.

 

Bizagi offers a Security Module that lets you define a schema of permissions on specific elements.  

 

Web_MC_037

 

Security module has two main tabs:

Authorization

Authentication

 

Web_MC_038

 

Authorization

The Authorization component controls access to all pages in the Work Portal. These permissions and restrictions are defined by roles and user groups specified in the Organization component.

 

You can configure the following options using the Authorization tab. For more information about how to configure them, refer to Authorization.

 

MENU

DESCRIPTION

Analysis

 

Allows or denies access to specific Process information in the various Process Analysis Tools.

If access is denied for a specific Process, you can access the Reports menu, but cannot view that Process in the Business Activities Monitoring BAM, Sensors Analytics and Process and Task Analytics.

Applications

Allows or denies access to applications. These permissions are granted for each application individually.

If permission is denied for a specific application, you cannot be able to create new cases of any processes that belong to that restricted application; nor can you view cases related to such processes in your Inbox.

You can still be assigned to tasks of a Process that belongs to a restricted application, despite not having access rights to the application.  For this reason, take care when implementing this restriction.

Entities

Allows or denies administration privileges for Parameter entities in the Work Portal. These permissions are granted for each entity individually.

The administration privileges that can be set are:

Full Control: Permits total administration of an entity. If allowed, you can create new records of the specified entity as well as view and modify existing entities.

View Data: If allowed, you can view records of the entity only.  Changes to data will not be permitted.

Modify: If allowed, you can view and modify the records of the entity, but not create new records.

Create: If allowed, you can create new records for the entity, but not modify existing records.

Manage

Allows or denies management of Alarms, Asynchronous Work Items, Cases, Default Users and Profiles.

New Cases

Allows or denies creation of new cases. These permissions are granted for each process individually.

If permission is denied for a specific Process, you will not be able to create new cases of that Process; however, you may still be assigned to activities belonging to such a restricted process.

Pages

Controls access to the menu and submenus pages of the Work Portal.  These permissions are granted for each page individually.

IMPORTANT: In the Analysis menu, the permissions applied to All Reports cascade down to all sub-menus.  This means that if access is denied in All Reports you will not be able to access any of its features or lower level directories (sub-menus).  

Policies

Allows or denies access to policies. These permissions are granted for each policy individually.

If access is denied for a specific policy, the restricted policy will not be visible in the Business Policies menu of the Work Portal; consequently, you will not be able to gain access to it.

Queries

Allows or denies access to case queries. These permissions are granted for each query individually.

If access is denied for a specific query, the related form of the restricted query are not visible in the Queries menu of the Work Portal.

Stakeholders

Allows or denies administration privileges for Stakeholder entities in the Work Portal. These permissions are granted for each entity individually.

The administration privileges that can be set are:

Full Control: Permits total administration of an entity. If allowed, you can create new records of the specified entity as well as view and modify existing entities.

View Data: If allowed, you can view records of the entity only.  Changes to data will not be permitted.

Modify: If allowed, you can view and modify the records of the entity, but not create new records.

Create: If allowed, you can create new records for the entity, but not modify the existing records.

Vocabularies

Allows or denies administration privileges for global, application, or process vocabularies.

The administration privileges that can be set are:

Full Control: Permits total administration of global, application, or process vocabularies; that is, if allowed, you will be able to create new global or process vocabularies, as well as view and modify existing ones.

View Data: If allowed, you will be able to view global, application, or process only. Changes to them will not be permitted.

Modify: If allowed, you will be able to view and modify global, application, or process vocabularies, but not to create new ones.

 

To grant or restrict access to any menu, expand and select an element from the list. Then, click Add condition.

 

Web_MC_039

 

You can add a user group, a user role or a Stakeholder. According to your choose, the available values are loaded in the Select one or more assignment group.

 

Once a group is selected, click Allow or Deny to configure the group's access.

 

Web_MC_040

 

Authentication

The Authentication component manages and validates user access to the Work Portal. Bizagi offers several types of authentication to support your business requirements.

The following Authentication types are available:

Bizagi Authentication

LDAP Authentication

OAuth2 Authentication

SAML 2.0 Authentication

Multiple Authentication

 

note_pin

When configuring Multiple Authentication from Management Web Console, it is mandatory to configure at least one Authenticator.

 

For more information about how to configure authentication, refer to Authentication.

 

Web_MC_041

 

To configure the Authentication type, start the Maintenance Window.