10 Performing Administrative Tasks

This chapter describes how to perform administrative using Oracle Business Process Composer.

Note:

The procedures described in this chapter can only be performed by users who have been granted the Project Administrator security role. See Section 10.1.1, "Introduction to Default Security Roles" for more information.

This chapter includes the following sections:

• Section 10.1, "Introduction to Security Roles in Oracle Business Process Composer"

• Section 10.2, "Assigning Users and Groups to Security Roles"

• Section 10.3, "Managing Projects"

• Section 10.4, "Managing Project Templates"

10.1 Introduction to Security Roles in Oracle Business Process Composer

Oracle BPM uses the security realm functionality of Oracle WebLogic Server to determine what Business Process Composer features a user can access.

Security realm provide mechanisms for protecting Oracle BPM application resources. Each security realm consists of a set of configured security providers, users, groups, security roles, and security policies. A user must be defined in a security realm to access any Oracle BPM resources.

When a user attempts to access Business Process Composer or other Oracle BPM resource, WebLogic Server tries to authenticate and authorize the user by checking the security role assigned to the user in the relevant security realm and the security policy of the particular WebLogic resource.

Table 10-1 describes the basic components of security realms that are relevant to Business Process Composer administration.

Note:

The security roles managed and used in Business Process Composer are not global roles. They are used only within the context of Business Process Composer for managing access to application functionality.

Table 10-1 Oracle WebLogic Server Security Realm

Security Realm Component	Description
Users	A user can be a person, such as application end user, or a software entity, such as a client application, or other instances of WebLogic Server. Each user is given a unique identity within the security realm. Users may be placed into groups that are associated with security roles, or be directly associated with security roles.
Groups	Groups are logically ordered sets of users. Usually, group members have something in common. For example, a company may separate its sales staff into two groups, Sales Representatives and Sales Managers. Companies may do this because they want their sales personnel to have different levels of access to WebLogic resources, depending on their job functions.
Security Roles	A security role is a privilege granted to users or groups based on specific conditions (see Figure 4-1). Like groups, security roles allow you to restrict access to WebLogic resources for several users at simultaneously.

Figure 10-1 shows how Business Process Composer fits within the overall Oracle WebLogic Server security architecture.

Figure 10-1 Oracle Business Process Composer Administration

Description of "Figure 10-1 Oracle Business Process Composer Administration"

10.1.1 Introduction to Default Security Roles

Oracle BPM provides additional default security roles that are creating during installation of the Oracle BPM Suite. These additional security roles grant access to different functionality within Business Process Composer. They define who can assign security roles to users or groups, delete projects, unlock projects, and import project templates.

Note:

The set of security roles in Business Process Composer is fixed. You cannot create new security roles or delete any of the default security roles.

You can use Oracle Enterprise Manager to map the default security roles to the application roles defined in your business application.

Table 10-2 describes the Oracle BPM default security roles.

Table 10-2 Default Security Roles in Oracle BPM

Security Role	Description
Project Administrator	Enables users and groups to access the administration functionality of Business Process Composer. Users and groups assigned to this role can release project locks. It also enables the assigned users and groups to perform all tasks within the Business Process Composer application, including creating projects.
Developer	Grants users and groups permission to implement any project stored in Oracle BPM MDS.
Designer	Grants users and groups permission to model any project stored in Oracle BPM MDS. It does not permit implementation.
Deployer	Grants users and groups permission to deploy any unlocked project to Oracle BPM run time. In addition to the Deployer security role, users and groups must also be assigned application roles within the SOA infrastructure. See Section 4.5.1, "Introduction to the Deployer Security Role" for more information.
Project Creator from Template	Enables users and groups to create projects based on project templates.
Project Creator	Enables assigned users and groups to create process blueprints or projects based on templates.
Project Viewer	Enables users and groups to view any project stored in Oracle BPM MDS.
Project Documentor	Grants users and groups permission to add documentation to any project.
SOA Designer	The SOA Designer role is a security role shared with the SOA infrastructure. Business Process Composer uses this role to enable users and groups to edit Oracle Business Rules at run time. See Section 9.4, "Editing Oracle Business Rules at Run Time" for more information.

10.2 Assigning Users and Groups to Security Roles

Using the Business Process Composer administration tool, you can assign users and groups to security roles and remove security role assignments.

Note:

The configuration changes outlined in the following procedures are propagated immediately. However, any users who are currently signed on will not see these changes propagated until they sign on again.

To assign users and groups to security roles

1. Click Administration.

2. Select Role Mapping.

3. Expand Add Mapping.

4. Select the security role where you want to add a user or group.

5. Click Choose, then click Search.

   This returns a list of all users of groups. Optionally, you could search for a specific user or group.

6. Select the appropriate user or group from the Available column.

7. Click the Move.

8. Click OK.

9. Click Add Mapping.

To remove a security role assignment:

1. Click Administration

2. Select Role Mapping.

3. Expand Manage Mappings, then select the security role mapping you want to delete.

4. Click Delete.

10.2.1 What You Need to Know About Security Role Assignment

When you remove a security role mapping, these changes are propagated immediately. However, if the user whose role has been revoked is currently signed in, the changes are not propagated until the next time the user signs on again.

In contrast, when the administrator role is revoked and the user is currently signed in, a message is displayed when performing any administrative task. The user is then signed off automatically.

10.3 Managing Projects

Business Process Composer enables you to perform the following project management tasks:

• Release project locks.

• Delete projects from the Oracle BPM MDS repository.

• Refresh information from the Oracle BPM MDS repository.

To perform project related administrative tasks:

1. Sign on to Business Process Composer.

2. Click Administration.

3. Select the Project Management tab from the left-hand pane.

4. Select the appropriate project from the right-hand column, then select from the following:

   • Delete: Deletes the selected project from the Oracle BPM Metadata Service repository.

   • Release Lock: Releases the lock for the selected project. Other users with the appropriate permissions can lock and edit the project.

   • Refresh Repository: Refreshes the project list from the Oracle BPM Metadata Service repository.

10.3.1 What You Need to Know About Managing Projects

When deleting or resetting locks on projects, it is important to consider how this effects other Business Process Composer users. It is possible to delete a project or project lock while a user is actively making changes to a project. You must ensure that deleting a project or removing a lock does not adversely effect your users.

After deleting a project or project lock, Business Process Composer users do not see the propagated changes until they refresh the Oracle BPM MDS Repository or sign on to Business Process Composer.

10.4 Managing Project Templates

You can use Business Process Composer to manage project templates stored in the Oracle BPM MDS repository. You can perform the following tasks from the administration utility:

• Import projects and project templates to Oracle BPM MDS from your local file system.

• Delete a project template from Oracle BPM MDS.

Note:

These options are only available to users who have been granted the Project Administrator security role. See Section 10.1.1, "Introduction to Default Security Roles" for more information.

To import a project template:

1. Sign on to Business Process Composer.

2. Click Administration.

3. Select the Template Management tab.

4. Click Import Template.

5. Click Browse to select the project template you want to import.

6. Enter the following information:

   • Name: The name of the project template that will appear in Oracle BPM MDS.

   • Description: An optional description of the project template.

   Additionally, you can choose or create a new folder where you want to import the project template.

   Note:

   In the Oracle BPM MDS repository, templates are stored within the Templates partition. And folders and subfolders you create are also created in the Templates partition.

7. Click OK.

The project template is uploaded to the Oracle BPM MDS repository and appears in the list of project templates.

To delete a project template:

1. Sign on to Business Process Composer.

2. Click Administration.

3. Select the Template Management tab.

4. Select the project template you want to delete from the list.

5. Click Delete.

10.4.1 What You Need to Know About Managing Project Templates

After importing a project template to Oracle BPM MDS, the template is accessible to other Business Process Composer users who can begin creating new projects based on it.

After deleting a project template for Oracle BPM MDS, it cannot be recovered. The template is no longer accessible to Business Process Composer users. After deleting a project template, Business Process Composer users do not see the propagated changes until they refresh the Oracle BPM MDS repository or sign on to Business Process Composer.