Role-based Authorization Concept
By default, a user is allowed to run all apps that have been stored in one of the namespaces assigned to him. However, there are use cases, for example in approval workflows, in which you want to assign different authorizations: Certain process steps should only be executed by a defined group of people.
A simple use case is our idea management example: Employees are only allowed to create new idea, but the approval level is reserved for the CEO while the instructions for realization of the idea are displayed for managers only.
Idea_Management_Example
Click here to download a simple example model that shows what you can do with Lanes and Forms in Scheer PAS Designer. It also contains a configured instance list and shows the usage of trigger events.
The following fundamentals apply to working with role-based applications:
Using Lanes: During modeling, you define which role(s) are allowed to execute a particular process step. Use element Lane in the BPMN editor to define related roles that apply to all process steps within that lane.
If no roles are assigned to a lane, the process steps inside the lane can be executed by all users.
Assigning Roles: Roles and users are managed centrally in the Scheer PAS User Management. An administrator can assign a role to all users who should hold this role.
Transferring Processes With Roles Between PAS Systems
When transferring role-based models from one system to another (for example, from a test system to a production system), you must also transfer the related roles to the user administration of the target system. Refer to Reusing Central Roles in the Administration Guide for detailed information about the import and export of roles in the user management.
Related Pages:
Related Documentation: