Skip to content

Latest commit

 

History

History
25 lines (15 loc) · 1.25 KB

31-Permissions.md

File metadata and controls

25 lines (15 loc) · 1.25 KB

Permission System

The permission system of the module is based on permissions and restrictions.

Permissions

The module has five levels of permissions:

  • Granting general module access allows a user to view business processes. (module/businessprocess)
  • Create permissions allow to create new business processes. (businessprocess/create)
  • Modify permissions allow to modify already existing ones. (businessprocess/modify)
  • Permission to view all business processes regardless restrictions. (businessprocess/showall)
  • Full permissions. (businessprocess/*)

Restrictions

There are two ways to configure restrictions: prefix-based and access controls

Prefix-based

This option allows to limit access of a role to only business processes with a specific prefix. For this the ID (Configuration name) of a business process has to start with a prefix and it has to be set as restriction on the role. (businessprocess/prefix)

Access controls

This option allows for more fine granular permissions based on user (AllowedUsers), group (AllowedGroups) and role (AllowedRoles). These attributes take a comma-separated list, get added to the header of the business process configuration file and limit access to the owner and the mentioned ones.