Overview
Bizagi offers a collaborative environment where you and process developers can work simultaneously on the same project.
If you have several processes in your project you might need to restrict access to some resources to prevent other users modifying one process that will affect other processes.
By default, each new Bizagi project enables users included as Bizagi administrators to access all the project’s objects. Access rights to specific objects of the project are not configured.
We encourage enabling Bizagi Studio Security to make sure the right users have access to managing the correct project resources.
Resources for which security can be managed are:
•Applications
•Processes
•Entities
•Global Business Rules
As soon as a resource has any type of security (either to deny or to allow access), Bizagi will assume that the resource is restricted and only users with Deny, Modify or Full Control access will be able to modify it. All others will be prevented from modifying the resource.
Resources with Security
Security can be managed for certain elements, or resources in Bizagi Studio. Security can be assigned to specific users or to an entire user group.
The specific security action varies depending on the type of Resource.
There are three actions:
•Deny: Prevents access to a Resource.
•Modify: Permits editing of a Resource but does not allow creation of a new one.
•Full Control: Users have the ability to execute all actions on a Resource (Create, Modify, Delete) and assign Security to it.
Access rights are inherited. When you have permission on a Resource with a higher hierarchy, you also have permissions over its child Resources. Unless the child Resource has specific permissions of its own.
The following list describes the Resources and the actions relating to each of them.
Applications and Processes Security
Resource |
Deny |
Modify |
Full Control |
|---|---|---|---|
Applications main node |
Access to Applications denied |
N/A |
N/A |
Applications |
Access to Processes and Sub-processes denied |
Is visible and modifiable |
Create, modify and manage Security |
Processes |
Access to Processes denied |
Is visible and modifiable |
Create, modify and manage Security |
Process versions |
Access to Process versions denied |
Is visible and modifiable |
Create, modify and manage Security |
•Access rights are inherited. If you have Modify permissions over an application, then you will also have permissions over all the process related to that application and all its elements: Forms, Business Rules, Expressions, etc. Everything contained in the hierarchical tree.
•The creation of new processes will inherit the Security configuration given to their related application.
Entities Security
Resource |
Deny |
Modify |
Full Control |
|---|---|---|---|
Entities main node |
Access to Entities denied |
N/A |
N/A |
Application entities |
Access to Application Entities denied |
Is visible and modifiable |
Create, modify and manage Security |
Master entities |
Access to Master Entities denied |
Is visible and modifiable |
Create, modify and manage Security |
Parameter entities |
Access to Parameter entities denied |
Is visible and modifiable |
Create, modify and manage Security |
•Most projects have entities that are crucial for the proper functioning of a process, and any uncontrolled changes can affect its development. You can restrict access permissions to those entities to limit modifications.
•Access rights are inherited. If you have Modify permissions over an entity then you will also have permissions over all its related elements: Attributes, forms, values, queries, and expressions. All descendants in the hierarchical data of the given entity.
•When you have been denied the Modify permissions over an entity, you will not be able to modify any of its elements. Note the entity's elements will be available for use (in Forms and Expressions) but NOT for modification.
Global Business Rules security
Resource |
Deny |
Modify |
Full Control |
|---|---|---|---|
Applications |
Access to Applications business rules denied |
Is visible and modifiable |
Create, modify and manage Security |
Global Functions |
Access to Global Functions denied |
Is visible and modifiable |
Create, modify and manage Security |
Global Expressions |
Access to Global Expressions denied |
Is visible and modifiable |
Create, modify and manage Security |
•When you have been denied the Modify permissions over an expression or a function, you will not be able to modify it. The expression or function will be available for use but can NOT be modified.
Project owners and subscription owners
•Only project owners and subscription owners have the right to add additional teams in the Collaboration teams option.
•Project owners will be able to grant rights for all elements that handle security (i.e., Authentication, Authorization and LDAP) in Bizagi Studio.
•Project owners will always have access rights over all elements that handle security in Bizagi Studio.
•Users that are NOT owners will not be able to grant rights for elements that handle security in Bizagi Studio, unless they have Full Control permissions over a certain resource.
•Users that are NOT owners will be able to create or modify elements that handle security in Bizagi Studio, according to the rights given by Administrators.
Last Updated 5/2/2024 3:26:13 PM