This option lets you restrict access to different areas of your processes during execution to ensure that the correct people have the necessary privileges and to prevent unauthorized actions.
Bizagi offers a Security Module that lets you define a schema of permissions on specific elements.
Security module has two main tabs:
•Authorization
•Authentication
Authorization
The Authorization component controls access to all pages in the Work Portal. These permissions and restrictions are defined by roles and user groups specified in the Organization component.
You can configure the following options using the Authorization tab. For more information about how to configure them, refer to Authorization.
MENU |
DESCRIPTION |
|---|---|
Analysis
|
Allows or denies access to specific Process information in the various Process Analysis Tools. If access is denied for a specific Process, you can access the Reports menu, but cannot view that Process in the Business Activities Monitoring BAM, Sensors Analytics and Process and Task Analytics. |
Applications |
Allows or denies access to applications. These permissions are granted for each application individually. If permission is denied for a specific application, you cannot be able to create new cases of any processes that belong to that restricted application; nor can you view cases related to such processes in your Inbox. You can still be assigned to tasks of a Process that belongs to a restricted application, despite not having access rights to the application. For this reason, take care when implementing this restriction. |
Entities |
Allows or denies administration privileges for Parameter entities in the Work Portal. These permissions are granted for each entity individually. The administration privileges that can be set are: •Full Control: Permits total administration of an entity. If allowed, you can create new records of the specified entity as well as view and modify existing entities. •View Data: If allowed, you can view records of the entity only. Changes to data will not be permitted. •Modify: If allowed, you can view and modify the records of the entity, but not create new records. •Create: If allowed, you can create new records for the entity, but not modify existing records. |
Manage |
Allows or denies management of Alarms, Asynchronous Work Items, Cases, Default Users and Profiles. |
New Cases |
Allows or denies creation of new cases. These permissions are granted for each process individually. If permission is denied for a specific Process, you will not be able to create new cases of that Process; however, you may still be assigned to activities belonging to such a restricted process. |
Pages |
Controls access to the menu and submenus pages of the Work Portal. These permissions are granted for each page individually. IMPORTANT: In the Analysis menu, the permissions applied to All Reports cascade down to all sub-menus. This means that if access is denied in All Reports you will not be able to access any of its features or lower level directories (sub-menus). |
Policies |
Allows or denies access to policies. These permissions are granted for each policy individually. If access is denied for a specific policy, the restricted policy will not be visible in the Business Policies menu of the Work Portal; consequently, you will not be able to gain access to it. |
Queries |
Allows or denies access to case queries. These permissions are granted for each query individually. If access is denied for a specific query, the related form of the restricted query are not visible in the Queries menu of the Work Portal. |
Personas |
Allows or denies administration privileges for Persona entities in the Work Portal. These permissions are granted for each entity individually. The administration privileges that can be set are: •Full Control: Permits total administration of an entity. If allowed, you can create new records of the specified entity as well as view and modify existing entities. •View Data: If allowed, you can view records of the entity only. Changes to data will not be permitted. •Modify: If allowed, you can view and modify the records of the entity, but not create new records. •Create: If allowed, you can create new records for the entity, but not modify the existing records. |
Vocabularies |
Allows or denies administration privileges for global, application, or process vocabularies. The administration privileges that can be set are: •Full Control: Permits total administration of global, application, or process vocabularies; that is, if allowed, you will be able to create new global or process vocabularies, as well as view and modify existing ones. •View Data: If allowed, you will be able to view global, application, or process only. Changes to them will not be permitted. •Modify: If allowed, you will be able to view and modify global, application, or process vocabularies, but not to create new ones. |
To grant or restrict access to any menu, expand and select an element from the list. Then, click Add condition.
You can add a user group, a user role or a Persona. According to your choose, the available values are loaded in the Select one or more assignment group.
Once a group is selected, click Allow or Deny to configure the group's access.
Authentication
The Authentication component manages and validates user access to the Work Portal. Bizagi offers several types of authentication to support your business requirements.
The following Authentication types are available:
•Bizagi Authentication
•LDAP Authentication
•OAuth2 Authentication
•SAML 2.0 Authentication
•Multiple Authentication
|
When configuring Multiple Authentication from Management Console, it is mandatory to configure at least one Authenticator. |
To configure the Authentication type, start the Maintenance Window.
Last Updated 12/12/2024 12:05:18 PM