Versions Compared

Old Version 2

changes.mady.by.user Annegret Bernhardt

Saved on

compared with

New Version Current

changes.mady.by.user Annegret Bernhardt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Granting Role-specific Access Rights

A user can only execute the process steps that are released for his role.


As soon as he switches to the next process step for which he no longer has authorization, the following warning appears:

You are not authorized to execute the current process step. The data of your last allowed step is displayed. Changes are not possible.

For example, an applicant can complete the application form, but when he sent the form to approval, he is not able to see the approver's input in the next process step.

However, read and write permission of a role can be adjusted individually for each process step.

 In an EPC, as soon as a role is attached to a function, the option Role Rights appears in the settings of the element Function.

Click on the gear wheel to open the editor. All roles attached to this function are displayed here, as well as the read and write permission for each role.

Click on the permission you want to edit and use the checkbox to enable or disable the read and write permission for each role.

Info

If you disable both options, the role does not have any rights for the process step. When the EPC is executed, the role is handled as if it were not linked to the function.

It is possible to assign the combination that writing is allowed but reading is not. However, this combination is not practical, because a user cannot save without read permission.


Use Case

In ACME's Procurement Process, an employee must check and confirm his orders.

But Irene Adler wants to grant the Head of Accounting and the Head of Purchasing insight in the process step Confirming delivery to allow them to make corresponding bookings.

However, the Head of Accounting and the Head of Purchasing should not be able to fill the form Inspection of Delivery. They should only be able to take a look at it.

The two roles should therefore only have read permission for this process step.

Both roles have already been attached to the process step Confirming delivery, so Irene Adler opens the Role Rights editor of this function.

In the Role Rights editor, all roles attached to the function are displayed:

  • employee
  • head_accounting
  • head_purchasing
Info

Please note: In the Role Rights editor, the technical identifier of a role is displayed. It may differ from the label of the role element shown in the EPC model.

By default, read and write permission is granted to all attached roles.

Irene disables the write option for the roles head_accounting and head_purchasing.

The two roles now have read-only access to the process step Confirming delivery.



Panel
titleOn this Page:
Table of Contents


Panel
titleRelated Pages:

Otp
Floatingfalse
maxHLevel2

rp