Security permissions for process definitions

Last published at: May 14th, 2024

By default, a normal user will be only able to view the process definitions that they have created or have permission to view. The normal user can only view process definitions created by other users if permissions are given by other users. Based on the “Permissions” assigned by the admin or the user who created the definition, the normal user can “View”,” Design” or Remove” the process definition.

Admin users can restrict the permission for view, design, and remove access to the process definition for the normal users by clicking on the “Permissions” menu item.

Search and add the desired user(s) for whom the permission for the selected definition must be set. User should type 3 char(s) at least to initiate the search. 

Select the user from the list and click on "Add" button.

The admin user can allow any or all the process definition permissions for the selected user by checking the view, design, and remove checkboxes. The user can only have access to these permissions. Above, the user “Derek” can view and design the selected process definition. But does not have permission to remove the definition. The admin user can grant permissions to design and remove by selecting "Save Permissions" button.

The admin user can revoke permissions by selecting "Remove Permissions" button.

Lock and Unlock process definitions

By default, a normal user will be only able to view the process definitions that they have created or have permission to view. The normal user can only view process definitions created by other users if permissions are given by other users. Based on the “Permissions” assigned by the admin or the user who created the definition, the normal user can “View”,” Design” or “Remove” the process definition.

The definition is locked to the user who is creating / modifying the process. There is no concept of building workflows collaboratively and the definition gets unlocked, only after the changes are saved and closed. 

The locked definition can be unlocked by another user with View / Design / Remove permissions on this definition. The unlocked definition can now be locked by this second user for further modification. The first user cannot save the changes now that the definition is no more locked to self. The application shall alert the first user on the lock status and the username who is making the changes at that moment. This safety check thus prevents the contents from being overwritten by any concurrent usage.