Applies to version: 2020.1.x and above; author: Michał Lalewicz
Introduction
Privileges are an integral part of the WEBCON BPS system – defining what each user (or group of users) can see in an application and to what extent they can participate in the system. Privileges can be scaled and applied globally, per application, per process and even per specific form type.
Types of privileges
Global privileges
The global parameters allow you to grant selected users the global administration or read-only privileges on all existing processes. To do this, go to the “System settings” tab and then, in the “Global parameters” section select the “Global privileges” option.
- System administrators – they have the highest level of privileges. A user can work in full WEBCON BPS Designer Studio mode and modify all system elements. They see and can modify all applications form the Designer Studio level. There is no access to data.
- Business administrators – they have access to edit, add and delete instances. They also have access to all parts of the process (e.g. archive). Business administrators do not have the privileges of the Designer Studio application.
- Workflow data read-only access – it allows you to specify users who will have the global read-only privileges for all existing processes, regardless of the privileges they already have (or their lack) on the processes.
Application privileges
For each application you can define a separate set of privileges. The privileges defined for the application allow you to specify groups of users who can modify their definitions and processes assigned to them. Within the application’s privileges, the scope of their visibility to end users is also defined.
To set privileges go to the selected application and select the “Privileges” section.
The application has the following levels of privileges:
- Application administrators – privileges give full access to the application, both in terms of their visibility and the possibility of modification. From the WEBCON BPS Designer Studio level, a user can modify all application settings, modify the parent and related processes and create and modify the presentation elements. From the WEBCON BPS Portal level, a user can enter the edit mode and add new or modify the existing elements (starts, dashboards, reports). They also have the ability of downloading the embed code of any system elements. These privileges do not give access to the given processes. To define the data visibility you need to specify the appropriate privileges (e.g. reports) at the process level.
- Portal designers – privileges give full access to the application form the Designer Studio level, both in terms of their visibility and the possibility of modification. The privileges do not allow you to start and edit the application by using Designer Studio. From the Portal level, a user has the ability of entering the edit mode, adding new and modifying the existing system elements (starts, dashboards, reports). They also have the ability of downloading the embed code of any system elements. These privileges do not have access to the given processes.
- Metadata access – the privileges give access to the process metadata (form fields structure) from the WEBCON BPS Word add-in level, allowing the definition of the document templates. They do not give access to the given processes and applications from the Portal level.
- Read-only – the privileges give access to the application from the Portal level. A user can find and view the application content. These privileges do not have access to the given processes. To define the data visibility (e.g. reports) you need to specify the appropriate privileges (e.g. reports) at the process level.
Forms/processes privileges
There is the ability to define the privileges per business entity. Assigning privileges at this level means that they will apply to all types of forms and workflows created within it. Go to the “Privileges” tab in the process configuration.
There is also the ability to define the privileges at the associated form types level – these privileges are limited to relate the form type with the workflow. They allow users to work within the given form only with the given configured workflow. Go to the “Associated form types” tab to manage them.
- Business administrator – they have the privileges to edit, add and delete instances. They also have access to all parts of the process (e.g. archive). They do not have the privileges of the Designer Studio application.
- Access and edit all workflow instances – allows you to set people who have the privileges to modify and view instances in the process.
- Access all workflow instances and attachments – allows you to set people who can view instances in the process and their attachments.
- Launch new workflow instances – allows you to set people who can start new instances. Such a person also can read, modify and delete processes but only those that they created.
- Access all workflow instances (excluding attachments) – allows you to set people who can view instances in the process but who do not have access to attachments.
- Manage archive – allows you to set people who will have access to all archived workflow instances. The global and process administrators will also have access there.