By design, an average user can view only the form definitions they have created or are permitted to view. They can also view form definitions developed by other users if those users permit it. Based on the “Permissions” assigned by the admin or the user who created the definition, the average user can “View, Design, Remove, and Instance."
Admin users can restrict regular users’ permission to view and design and remove their access to the process definition by clicking the “Permissions” menu item.
The Manage Permissions page is rendered as follows. Configure permissions for the Form definition and any form attachments this definition instance may have during runtime.
Select the attachment permission from the drop-down list below. Choose one of the permissions provided here. The available permissions apply to the global configuration: all users can access it; only users involved in the form; only users engaged in the form and process; only the people who attached files to the form; and only the person who attached the file. Click the Save Permission button to confirm.
Type in the first three characters to search for a user or application role.
Select the user from the list and click the "Add" button. Use the checkboxes to “grant or revoke” the permissions.
- The “View” permission, when checked, grants the user the ability to render the Process Definition.
- The “Design” permission, when checked, grants the user the ability to modify the Process Definition.
- The “Remove” permission, when checked, grants the user the ability to remove the Process Definition.
- The “Instance” permission, when checked, grants the user the ability to view Process Instances associated with this Process Definition, regardless of who created them.
Click the “Save Permissions” button to confirm the access. A confirmation message appears in the top-right corner, as shown below.
The admin user can grant any or all process definition permissions to the selected user by checking the view, design, and remove checkboxes. The user can only access these permissions. In the example above, the “RegularUser” can view and design the selected process definition, but does not have permission to remove it. The admin user can grant permission to create and remove by choosing the "Save Permissions" button.
The admin user can revoke permissions by selecting the "Remove Permissions" button.
A confirmation message is displayed in the top-right corner.
Note: The Form Instances inherit the same security permissions as their Form Definitions.
| Permissions | Meaning |
| All Users/Roles can access | There is no security, anyone who can access the form can download the attachments (default) |
| Only users/roles involved in the form | Only users/roles involved in the form routing can download the file attachments |
| Only users/roles involved in the form and process | Only users/roles involved in the form and process can download the file attachments |
| Only the people who attached files to the form instance | Only the users who attached the files to the form can download them. If user1 uploads file1 to form1 and user2 uploads file2 to form1, then only user1 and user2 can download the files. |
| Only the person who attached the file | Only the person who attached the file to the form can download it. If user1 attaches file1 to form1, then only user1 can download the file, and if user2 attaches file2 to form2, then only user2 can download file2 from form2 |
Lock and Unlock Form Definitions.
By default, an average user can view only the form definitions they have created or have permission to view. They can also view form definitions developed by other users if they are granted permission. Based on the “Permissions” assigned by the admin or the user who created the definition, the average user can “View,” “Design,” or “Remove” the form definition.
The definition is locked to the user who creates or modifies the process. There is no support for collaborative form building, and the definition is unlocked only after the changes are saved and the process is closed.
Another user with View / Design / Remove permissions can unlock the definition and lock it for further modification. The first user can no longer save changes now that the definition is no longer locked to the first user. The application shall alert the first user to the lock status and the username of the user making the changes. This safety check prevents the contents from being overwritten by concurrent usage.