By default, a user is allowed to run all apps that have been stored in one of the namespaces assigned to him. However, there are use cases, for example in approval workflows, in which you want to assign different authorizations: Certain process steps should only be executed by a defined group of people.
A simple use case is our idea management example: Employees are only allowed to create new idea, but the approval level is reserved for the CEO while the instructions for realization of the idea are displayed for managers only.
The following fundamentals apply to working with role-based applications:
Using Lanes: During modeling, you define which role(s) are allowed to execute a particular process step. Use the lane element in the BPMN editor to define related roles that apply to all process steps within that lane.
If no roles are assigned to a lane, the process steps inside the lane can be executed by all users.
Assigning Roles: Roles and users are managed centrally in the Scheer PASUser Management. An administrator can assign a role to all users who should hold this role.
Transferring Processes With Roles Between PAS Systems
When transferring role-based models from one system to another (for example, from a test system to a production system), you must also transfer the related roles to the user administration of the target system.