![]() |
![]() |
|
|
Administering Data
The following sections explain data administration concepts and tasks within BEA WebLogic Process Integrator:
Understanding Security
In BEA WebLogic Process Integrator, you maintain security for your workflows and their resources by doing the following:
About Security Realms
WebLogic Server provides security for applications through a service called a security realm. A security realm is a logical grouping of users and groups. A user is a specific individual who performs a certain task, such as programming or sales. A group is a collection of users who perform the same task. In this scheme, Group A might represent a collection of users who are programmers, and Group B might represent a collection of users who are sales people. Within a security realm, administrators can specify the levels of access users and groups have to workflows and other resources.
BEA WebLogic Process Integrator maintains information about roles and users in WebLogic Server security realms. When you define users and roles in BEA WebLogic Process Integrator, you need to specify their relationship to users and groups in WebLogic Server. You do this by mapping the roles you define in the Studio to the groups in a security realm in WebLogic Server.
About Levels of Permission
Levels of permission enable you to protect and control access to Studio functionality. Roles and users can perform the tasks shown in the following table only if they have the corresponding level of permission.
A role in BEA WebLogic Process Integrator inherits the levels of permission for the WebLogic Server group to which it belongs. In the Studio, you can add or remove levels of permission for a role. Any changes you make to a role are reflected in the group to which the role belongs, and affect any other roles that belong to the group.
A user inherits the levels of permission for role to which it belongs. In the Studio, you can add levels of permission for a user, but you cannot remove the permissions a user inherits from the role to which it belongs. Any permissions you add to a user are specific to the user, and are not reflected in the role to which the user belongs.
Available Functions
A security realm in WebLogic Server can be manageable or nonmanageable. This is defined when the realm is implemented on WebLogic Server. A manageable realm is one in which an application can make updates to groups and users. A nonmanageable realm is one in which an application can only list the groups and users
BEA WebLogic Process Integrator detects automatically whether a realm is manageable or nonmanageable. The type of security realm BEA WebLogic Process Integrator detects determines which data administration functions are available in the Studio.
You can perform the following tasks using the Studio dialog boxes only if BEA WebLogic Process Integrator detects a manageable realm:
If BEA WebLogic Process Integrator detects a nonmanageable realm, you can perform the following tasks using the Studio dialog boxes:
If you want to add users to a nonmanageable realm, you must add them using the appropriate data administration functions for the realm. You cannot add them using the Studio dialog boxes.
Configuring Security
To configure security for roles and users, you need to perform tasks in both WebLogic Server and the Studio as follows:
For information about performing these tasks using the Studio, see the sections that follow.
Maintaining Organizations
Use the Organization option to define organizations, which can represent different business entities, geographical locations, or any other distinction relevant to the particular business of the company. Organizations are specific to BEA WebLogic Process Integrator, and do not correspond to any groups on WebLogic Server.
The Organization drop-down list is located on the main menu of the BEA WebLogic Process Integrator main window. Selecting an organization from the drop-down list displays information in the folder tree for that organization only.
Adding an Organization
The Add Organization facility adds an organization to the WebLogic Process Integrator database.
To add an organization:
Figure 4-1 Define Organizations Dialog Box
Figure 4-2 Organization Properties Dialog Box
Updating an Organization
The Update Organization facility allows you to update the business calendar of an existing organization.
To update an organization:
Figure 4-3 Organization Properties Dialog Box
Deleting an Organization
The Delete Organization facility allows you to remove an organization from the WebLogic Process Integrator database.
To delete an organization:
Figure 4-4 Delete Organization Dialog Box
Maintaining Roles
Use the Roles feature to create, update, and delete roles, and to map roles to WebLogic Server groups.
A role is a common area of responsibility, ability, or authorization level that is shared by a group of individuals. A role can only be a member of one organization, but you can use the same name in multiple organizations. For example, you can have a role named Supervisor defined in Org1 and Org2. The name of the role is the same, but, in actual fact, the roles are different. Supervisor in Org1 is not the same as Supervisor in Org2, even though the names are the same.
Roles are mapped to groups in WebLogic Server. Using the previous roles and organizations as an example, you can map Supervisor in Org1 to a group called SupervisorOrg1, and Supervisor in Org2 to a group called SupervisorOrg2.
Roles are displayed within each organization. Selecting an organization from the Organizations drop-down list in the BEA WebLogic Process Integrator main window and double-clicking the Roles folder displays the roles belonging to that particular organization. Double-clicking an existing role displays the properties for that role.
Right-clicking a role displays a menu with the following options:
A role inherits the levels of permission of the group to which it belongs. After you create a role, you can specify different levels of permission for the role. Any changes you make to the levels of permission for a role are reflected in the group, and affect any other roles that belong to the group.
Creating a Role
The Create Role facility allows you to create a new role in the WebLogic Server security realm, and to map the role to a group in WebLogic Server. This facility is accessible only if WebLogic Process Integrator Studio is operating in a manageable realm.
To add a new role:
Figure 4-5 Role Dialog Box
Updating a Role
To update an existing role:
Figure 4-6 Role Dialog Box
Deleting a Role
Use the Delete Role dialog box to delete a role from the WebLogic Server security realm and WebLogic Process Integrator database.
To delete a role:
Figure 4-7 Delete Role Dialog Box
Changing the Mapping for Roles
You can change the group in a security realm to which a role is mapped. You might want to do this if you decide that you want the role to be mapped to a group that is different from the one you mapped the role to when you created the role.
When you create a new role, you can map the role to an existing WebLogic Server group or you can create a new group. For details, see Creating a Role.
To change the mapping for a role:
Figure 4-8 Role Mappings Dialog Box
A drop-down arrow appears to the right of the group name to be changed.
Setting Permissions for Roles
A role inherits the levels of permission for the WebLogic Server group to which it belongs. You can add and remove levels of permission for a role. Any changes you make to a role are also reflected in the group to which the role belongs.
To set the levels of permission for a role:
Figure 4-9 Permissions Dialog Box
The Permissions dialog box displays all the roles in the organization and the permissions currently assigned.
Maintaining Users
A user is an individual who has permissions to perform certain tasks. Use the Users feature to create, update, and delete users in a security realm in WebLogic Server. You can also add or remove users already defined in a security realm from organizations.
The User folder is located in the BEA WebLogic Process Integrator folder tree. Expanding it displays a list of users who have already been defined for the current organization. Double-clicking on an existing user displays the properties for that user.
Right-clicking the User folder displays a menu with the following options:
Figure 4-10 User Folder Menu Options
Right-clicking a user within the User folder displays a menu with the following options:
Figure 4-11 Users Menu Options
Adding a User to the Current Organization
The Add User facility adds a user that is already defined in the WebLogic Server security realm to the current WebLogic Process Integrator organization. This facility is accessible only if WebLogic Process Integrator Studio is operating within a manageable realm.
To add a user to the current WebLogic Process Integrator organization:
Figure 4-12 Add Users Dialog Box
Figure 4-13 User Dialog Box
The User dialog box contains the following fields:
Removing a User from the Current Organization
The Remove User facility removes a user that is already defined in the WebLogic Server security realm from the current organization. It does not remove the user from the security realm.
To remove a user from the current WebLogic Process Integrator organization:
Figure 4-14 Remove User Dialog Box
Creating a User
The Create User option adds a user to a WebLogic Server security realm, and is available only if the security realm is a manageable one.
To create a user in the security realm and WebLogic Process Integrator database:
Figure 4-15 Create User Dialog Box
Deleting a User
To delete defined users from the WebLogic Server security realm and WebLogic Process Integrator database:
Figure 4-16 Delete Users Dialog Box
A confirmation dialog box prompts you to confirm your selection.
Updating User Properties
To update user properties:
Setting Permissions for Users
A user inherits the levels of permission for the role to which it belongs. You can add other levels of permission to a user that are not defined for the role to which it belongs, but you cannot remove the permissions a user inherits from the role to which it belongs. Any permissions you add to a user are specific to the user, and are not reflected in the role to which the user belongs.
To set levels of permission for a user:
Figure 4-17 Permissions Dialog Box
The Permissions dialog box displays all the currently defined users, and the permissions currently assigned. If a permission is checked, but grayed out, you cannot remove that permission because it was inherited from the role to which the user belongs.
Administering Task Routing
Use the Routing feature to reroute currently assigned tasks from one user to another user or role for a specified, albeit temporary, period of time.
Right-click Routing in the folder tree to display a menu containing two options: Open and Close. Choose Open to display the Routing dialog box. The Routing dialog box contains a list of defined routings, showing users whose tasks were rerouted and the users or roles to whom the tasks were rerouted. The Effective and To dates represent the time period for which the tasks are rerouted.
Figure 4-18 Routing Dialog Box
Adding a Routing Specification To reroute a task:
Figure 4-19 Reroute Tasks Dialog Box
Note: When you assign to a User in Role, the system performs workload balancing by first reviewing the number of tasks assigned to all users in the role, selecting the user with the least number of assigned tasks, and assigning all of the rerouted tasks to this user.
Updating a Task Routing Specification
To update a task rerouting specification:
Deleting a Task Routing Specification
To delete a task rerouting specification:
Refreshing the Task List
Click Refresh in the Routing dialog box to refresh the rerouting task list and display any changes that have been made since you first invoked the Routing dialog box.
Administering Business Calendars
The BEA WebLogic Process Integrator business calendar feature defines the operating hours for the current organization. Business calendars make possible business time-related calculations, such as "Set a task's due date to three business days from today."
Calendars can be associated with the following, as described in the sections indicated:
You can define and assign the same business calendar to organizations, users, roles, and actions. You can also assign different business calendars to users, roles, and actions within the same organization.
Calendar assignment within BEA WebLogic Process Integrator is hierarchical in nature. The hierarchy places time-related actions at the lowest level, followed by roles and users, and finally, organizations at the highest level. If a time-related action is not assigned a calendar, it will, by default, be assigned the calendar of the user or role to which it is assigned. If a user or role is not assigned a calendar, it will, by default, be assigned the business calendar (organization level). In other words, calendar assignment is made at the most detailed component level.
Business calendars are rule-based. The calendar facility leads you through the definition of each rule, much as the BEA WebLogic Process Integrator Expression Builder allows you to select from lists of functions, operators, variables, and so on in order to create an expression.
Creating a Calendar
To create a new calendar:
Figure 4-20 Calendar Properties Dialog Box
Figure 4-21 Rule Dialog Box
Figure 4-22 Days Dialog Box
Figure 4-23 Hours Dialog Box
Figure 4-24 Date Dialog Box
Figure 4-25 Month Dialog Box
Figure 4-26 Date Interval Dialog Box
New calendar rules are displayed in the Rules area of the Calendar Rules dialog box. Figure 4-27 Calendar Rules
Note: You can update or delete a calendar rule by highlighting the rule in the Rules portion of the Calendar Properties dialog box, clicking Update or Delete, and following the prompts.
Updating a Calendar
To update an existing calendar:
Deleting a Calendar
To delete an existing calendar:
Figure 4-28 Delete Calendar Dialog Box
Understanding Business Operations
The Business Operations facility enables you to display all Enterprise JavaBeans (EJBs) and Java classes that are registered in WebLogic Server, as well as their remote methods and parameters. Using the Business Operations facility, you can create customized actions that invoke existing applications or applications that are built specifically for the workflow.
EJBs and Java classes are software components that a workflow invokes to perform a business activity, such as checking the account balance of a customer. The workflow invokes the software component by calling one of its methods to perform the activity. In BEA WebLogic Process Integrator, a business operation represents the method call. The business operation connects the workflow to the software components that automate the business process.
You use the Business Operations facility to define the business operation, and the Perform Business Operation action to perform the method call. You can assign the results of the method call to a workflow variable.
Ideally, technical personnel with detailed knowledge about the software components would define Business Operations. Workflow designers would then use the Business Operations in the appropriate place in the workflow to perform the business activity invoked by the Business Operation.
Using the Business Operations Dialog Box
In the BEA WebLogic Process Integrator Studio main window, choose Business Operations from the Configuration menu. This displays the Business Operations dialog box.
Figure 4-29 Business Operations Dialog Box
The Business Operation dialog box (accessed from the BEA WebLogic Process Integrator Studio Configuration menu) contains the following:
Defining a Business Operation
To define a BEA WebLogic Process Integrator business operation, proceed as follows:
Figure 4-30 Define Business Operation Dialog Box
Defining Business Operations for Java Classes
To define a business operation for a Java class, proceed as follows:
Figure 4-31 Java Class Name Dialog Box
Figure 4-32 Method to Call Drop-down List
Figure 4-33 Parameter Dialog Box
Defining Business Operations for Session EJBs
To define a business operation for a Session EJB (Enterprise Java Bean), proceed as follows:
Figure 4-34 Define Business Operation: Session EJB
Figure 4-35 Parameter Dialog Box
Defining Business Operations for Entity EJBs
To define a business operation for an Entity EJB (Enterprise Java Bean), proceed as follows:
Figure 4-36 Define Business Operation: Entity EJB
Figure 4-37 Parameter Dialog Box
Once you have defined all of your business operations, click OK on the Define Business Operations dialog box to confirm your changes. The business operations are added to the list of valid business operations in the Business Operation dialog box.
You use the Perform Business Operation action to invoke a defined business operation. For more information, see Perform Business Operation.
![]() |
![]() |
![]() |
|
Copyright © 2001 BEA Systems, Inc. All rights reserved.
|