26.07.2023
16:16
Every WebCon BPS Applications needs permissions to work properly. Of course best practices is to use groups: WebCon BPS, Active Directory, SharePoint ones.
It is worth to some have naming convention for them. It is also crucial to know which are used within the specific Application.
We can dig into the BPS Studio and check Application, Process, Worfklow, Document Types permissions. We can check actions, business rules, etc.
We can try to do it better via SQL or/and WebCon BPS Application. It is well described here: https://community.webcon.com/posts/post/checking-user-and-group-privileges/258/3
Sometimes we need to use groups which are cross Applications, cross company alike Board Members, HR Department.
Sometimes we need to use Active Directory groups (not WebCon BPS ones) to give some permissions to Microsoft Reporting Services report or some fileshare.
For us it was important to document all permissions connected with each Application.
Above SQLing is a good basis for input as basis for something we called "Group Management Dashboard" - the dashboard with the information (and links which worked in former BPS version - 2021).
Please notice the screenshot attached - it gives an overview how it is done :)
Such dashboard contains information about Permissions/Groups used directly in WebCon BPS Application: application, process, doc types, workflow, business rules, actions.
About the per application groups, about groups shared between multiple applications, about external groups used in the process, e.g. fileshares, reporting services.
Such attitute with planned update to WebCon BPS 2023 (Global Role for Group Management and per Group Admin) gives as opportunity to give the "Power" of managing permissions by Buisness (Self-Service by Business Admins). We wanted to achive the idea which we had followed in SharePoint (business is maintaining adding/removing users from the groups).
And such dashboard is powerfull tool - the Permission Admin per Application can jump from one Dashboard to DEV/TEST/PROD groups from one place.
Please notice the screenshot attached - it gives an overview how it is done :)
* Of course behind the scenes there is a lot of technical fun :)
E.g. Prefix to group links is taken taken from configuration (via WebCon BPS REST API) so every time we had to change the WEbCon BPS Portal address we just changed portal address in one place.
Please notice the screenshot attached - it gives an overview how it is done :)
BPS 2023+
It would be perfect if such an overview could be added out-of-the-box (e.g. such dashboard) of the groups (at least the ones directly used which can be SQLed from Database) - alike in the kb article by Mr. Baszak :)
https://community.webcon.com/posts/post/checking-user-and-group-privileges/258/3
