How to grant access to Work Portal's menus

<< Click to Display Table of Contents >>

Navigation:  Bizagi Studio > Security definition > Work Portal Security > Security for Work Portal menus >

How to grant access to Work Portal's menus

To illustrate how to grant and restrict access to the Work Portal's menus we will use the following example:

Assume that in a Vacation Request Process four roles have been defined: Analysis, Management, Director and Vacation Requester. The following permission are selected for these roles.

 

 

Grant Access Rights for Case creation

In the Vacation Request Process, only certain employees are able to request vacations. For this reason, the Vacation Requester Role was created. This role is assigned to each employee that applies.

 

Only employees holding the Vacation Requester Role are able to create cases of the Vacation Request Process.

 

In order to grant access rights for case creation, follow the next procedure:

 

1. Go to the Security module in the Expert View.

 

Security2

 

 

2. Expand the Authorization options. Then go to the New case option, select the application and Process where the access rights are to be granted. For this case the application is Vacation Request and the Process is Vacation Leave Request.

 

 

Security4

 

3. Note that new options are displayed in the right panel. Click Add User Role to define the authorized roles to create cases.

The same configuration applies if user groups are selected by clicking Add user Group.

 

Security5

 

4. In the new window select the role to include from the drop-down list and click OK.

 

Security6

 

5. As the selected role should be allowed to create cases, click on the role and select Allow in the New Case option. Click OK.

 

Security7

 

The Vacation Requester Role has been enabled to create Vacation Request cases. Anyone holding a different role will be denied.

 

Additional Authorization facts

The following applies to all Authorization modules:

 

1. When no Authorization is explicitly defined (i.e to start new cases), then by default, all users (all roles and all user groups) will be authorized (i.e, everyone can start new cases).

 

2. If only one certain role or user group is authorized (explicitly allowed), then other users not contained in this definition, by default will be not be authorized (denied).

The same applies vice versa: when only having one certain role or user group denied, this will result in having the other users not contained in this definition as authorized (allowed).

Should there be definitions of: one role or user group with denied access and another role or user group with allowed access, then other users not contained in this definition will have a denied access (having at least 1 allow definition will deny access to users not explicitly allowed).

 

3. When having one role or user group with denied access and another role or user group with allowed access, and should there be a user which belongs to both definitions, then this user will have access denied (un-authorization prevails over authorization in case of ambiguity).

 

 

Grant Access Rights to Entities

Assume that the Vacation Request Process has a Parameter entity called Rejection Reason where the possible reasons to reject a request are defined.

 

The following access rights to the Entity have to be defined according to the roles of the Organization.

 

The Director Role is able to view and modify the Rejection Reason entity, that is, the role has Full Access Rights.

The Management Role is able to view the Rejection  Reason entity's data but is not able to edit it.

The Analysis Role is not able to view the Rejection Reason entity's data at all.

 

In order to grant access rights for entities, follow the next procedure:

 

1. Go to the Security module in the Expert View.

 

Security2

 

 

2. Expand the Authorization options and go to the Entities option.  Select the entity to which access rights are to be granted. For this case the entity is Applicant Status.

 

Security8

 

 

3. Note that new options are displayed in the right panel. Click Add User Role to define the roles.

The same configuration applies if user groups are selected by clicking on Add user Group..

 

Security9

 

4. Include the roles to define the access rights to the entity. In this case include Office Manager, Financial Manager and Financial Assistant.

 

Security10

 

 

5. For each role or user group, allow or deny access rights accordingly:

 

For the Office Manger Role check Allow for the Full control option. This will grant the Office Manger full control over the Applicant Status entity. Note that the View Data, Modify and Create options will be automatically marked.

 

Security11

 

For the Financial Manager Role check Allow for the View Data option. This will allow managers to view the entity's records but will disallow them to modify or create new ones.

 

Security12

 

 

For the Financial Assistant Role check Deny for the Full control option. This will prohibit analysts to access the entity. Note that the View Data, Modify and Create options will be automatically marked.

 

 

Security13

 

When Finished click OK to save the changes.

 

Grant Access Rights to Queries

As queries are used to search cases that meet defined criteria and to perform analysis, only people in charge of the analysis of the processes performance should be able access to them. We created the Process Analysis group where we included the Analysis and Management Roles.

 

Security14

 

 

In order to grant access to queries for roles or user groups, follow the next procedure:

 

1. Go to the Security module in the Expert View.

 

Security2

 

 

2. Expand the Authorization options. Then go to the Queries option and select the query to which access rights are to be granted. For this case the query is Vacations Request Query.

 

Security15

 

3. Note that new options are displayed in the right panel. Click Add User Groups to define the groups to administrate access rights.

 

 

 

Security16

 

 

4. Include the user groups for which to grant or deny access to the query. In this case include the Process Analysis Group.

 

Security17

 

 

5. The group will be allowed to View Data, Export and Analyze the Query. Click on the group and select the Allow in every option. Finally click OK.

 

Security18

 

 

note_pin

The procedure followed above to configure access rights is similar for all the elements in this Module.