Checking privileges by application, process, workflow, and form type

Applies to version: 2021.1.x and above; author: Adrian Baszak

Update: 22.06.2026; author: Lily Adamowicz

 

Related documentation

A detailed description of the functionalities mentioned herein and their configuration can be found in the following sections of the WEBCON BPS Help:

• Privileges
• MSSQL database

 

Introduction

As the number of deployed applications grows, so does the number of roles and privileges that need to be managed. These roles can be assigned both directly to users and to groups. In practice, this may create a need to quickly check which privileges have been configured within a specific application, process, workflow, or form type.

This article presents an example workflow that can be used to verify such privileges. Each example includes a view from the user’s perspective, an SQL query returning the relevant data, and an SQL query used as the data source for the Choice fields used in the configuration.

 

The following information will be presented on a single form:

• basic information about the application,
• privileges configured in the selected application,
• privileges assigned to the selected process,
• privileges for the selected workflow and form type within the selected process.

 

Application list

Two form fields were added to the form: Choice field and Data row. The Choice field is used to select an application. Once an application is selected, basic information about it is displayed in the section on the right side of the form, configured as a Data row.

Fig. 1. Information about the selected application

 

To obtain this view on the form, the following SQL query was used in the data source of the Data row form field. The query returns information about the application:

 

select

   APP_ID as [Id],

  APP_Name as [Name],

  APP_Description as [Description],

  APP_TSInsert as[Creation date],

  dbo.ClearWFElem(APP_Supervisor) as [Supervisor]

from WFApplications

where APP_ID = '{formFieldID}'

 

Replace '{formFieldID}' with the value from the Choice field – Application list.

 

Fig. 2. Configuration of the Data row data source

 

For the Choice field data source, you can use a query based on the same table, but without the where condition and with a limited number of returned columns.

 

select 

  APP_name as Name,

  APP_ID as ID,

  APP_Description as Description

from WFApplications 

 

Fig. 3. Configuration of the Choice field data source

 

Privileges at the application level

Next, a Data table form field was added to the form. It displays a list of users and groups that have been granted privileges to the selected application.

 

Fig. 4. Selecting an application and previewing privileges

 

The following SQL query was added to the data source of the Data table form field. It returns privileges for the selected application:

select

   CSC_APPID as [Application ID]

  ,CSC_USERGUID  as [Login]

  ,CSC_UserName  as [Display Name]

  ,APP_Name as [Application]

  ,lvl.Name as [Privileges]

from WFConfigurationSecurities

  join WFApplications on APP_ID = CSC_APPID

  join DicConfigurationSecurityLevels as lvl on lvl.TypeID = CSC_LevelID

where APP_ID = '{formFieldID}'

order by 2

 

Replace '{formFieldID}' with the value from the Choice field – Application list.

 

Fig. 5. Configuration of the Data table data source

 

Privileges at the level of processes, workflows, and form types

Information about application privileges can be extended with privileges granted within individual processes, workflows, and form types. To do this, three Choice fields were added to the form, allowing you to select the process, workflow, and form type for which privileges should be checked: Process list, Workflow, and Form type. Another Data table was also added to display information about these privileges. The configuration of the form fields is described later in this article.

Fig. 6. Application privileges divided by processes, workflows, and form types

 

If no value is selected in the Process list, Workflow, or Form type Choice fields, the form will display all privileges available for the given configuration level. For example, in the screenshot above, only the application has been selected, so privileges for all processes in this application are displayed.

In the screenshot below, a specific process has been selected for which privileges should be checked. The results in the Data table have been filtered based on this selection.

Fig. 7. Privileges for a specific process in the selected application

 

The results can be filtered in the same way by selecting a specific workflow and form type. In the view below, the results have been narrowed down to a specific workflow and form type within the selected process.

Fig. 8. Privileges for a specific form type in the selected workflow

 

Choice field configuration

The data sources of the individual Choice fields use SQL queries that return the relevant processes, workflows, and form types in the selected application.

 

• processes

SQL query:

select

  DEF_ID as [ID],

  DEF_Name as [Name],

  DEF_Description as [Description],

  DEF_APPID as [APP_ID] 

  from WFDefinitions

where

 DEF_APPID='{formFieldID}'

 

Replace '{formFieldID}' with the value from the Choice field – Application list.

Fig. 9. Configuration of the Process list Choice field data source

 

 

• workflows

SQL query:

select

  WF_ID as [ID],

  WF_WFDEFID as [DEF_ID],

  WF_Name as [Name]

 from Workflows

where

WF_WFDEFID = '{formFieldID}'

 

Replace '{formFieldID}' with the value from the Choice field – Process list.

 

Fig. 10. Configuration of the Workflow Choice field data source

 

• form types

SQL query:

select

  DTYPE_ID as [ID]

 ,DTYPE_Name as [Name]

from  WFDocTypes

  join  DocTypeAssocciations on ASS_DTYPEID=DTYPE_ID

  join WorkFlows on WF_ID = ASS_WFID

  join WFDefinitions on DEF_ID = DTYPE_DEFID

where

 DEF_APPID = '{formFieldID}'

 and (DEF_ID = '{formFieldID}' or '{formFieldID}' = '')

 and (WF_ID = '{formFieldID}' or '{formFieldID}' = '')

 

Replace each '{formFieldID}' with the corresponding values from the Choice fields: Application list, Process list, Workflow.
 

Fig. 11.  Configuration of the Form type Choice field data source

 

 

Data table configuration

The configuration of the Privileges Data table data source is presented below. It uses an SQL query that returns privileges for individual processes, workflows, and form types in the selected application:

select

   DEF_Name as [Process name]

  ,SEC_UserName as [UserName]

  ,SEC_USERGUID  as [Userlogin]

  ,WF_Name as [Workflow]

  ,DTYPE_Name as [Form type]

  ,lvl.Name as [Level]

  ,isnull(COM_Name, '<All>') as [COM_Name]

from DocTypeAssocciations

  join WFDocTypes on DTYPE_ID = ASS_DTYPEID

  join WorkFlows on WF_ID = ASS_WFID

  join WFSecurities on SEC_ASSID = ASS_ID

  join WFDefinitions on DEF_ID = DTYPE_DEFID

  join DicSecurityLevels as lvl on lvl.TypeID = SEC_LevelID

  left join Companies on COM_ID = SEC_COMID

where

DEF_APPID='{Application_formFieldID}'

  and (DEF_ID ='{Process_formFieldID }' or '{Process_formFieldID }' = '')

  and (WF_ID  = '{Workflow_formFieldID }' or '{Workflow_formFieldID }' = '')

  and (DTYPE_ID = '{FormType_formFieldID }' or '{FormType_formFieldID }' = '')

 

order by 1, 2, 3

 

Replace each '{formFieldID}' with the corresponding values from the Choice fields: Application list, Process list, Workflow, Form type.

 

Fig. 12. Configuration of the data source returning information in the Data table

 

 

Summary

The presented form and SQL queries can be used to create a dedicated application supporting the preview and verification of privileges in WEBCON. This solution makes it possible to quickly check the privileges configuration in selected applications, processes, workflows, and form types.

It can be particularly useful for administrators, who gain a clear way to analyze user and group privileges without having to manually go through individual configuration elements.