Defining Business Process Weaver Security Options
This topic discusses the options for Business Process Weaver security. Security can be set up at the business process definition level to manage security at the run control level, or security can be overridden at the run control level by authorized users or users within authorized roles.
|
Page Name |
Definition Name |
Usage |
|---|---|---|
|
BPW_PRCDEFN_SEC |
Define and modify security access at the process definition level. Only users who have access to the first step in the business process definition have permission to create a business process run control. See the Business Process Definition Page for more information. |
|
|
BPW_PRCRUN_SEC |
Define and modify security access at the business process run control level. Only the users who have access to the first step in the run control security data can run the process run control. See the Business Process Run Control Page for more information. |
Business Process Weaver uses Process Scheduler to schedule and execute batch programs. Business Process Weaver follows the same security model as Process Scheduler.
Process Group.
Before the Business Process is executed, the user’s access to the batch programs Process Group is verified.
Permission List.
The Process Profile permission defined in the Permission List for the user controls whether the user has access to view or update the Business Process. Users belonging to “Processscheduleradmin” have administrative capabilities for the Business Process.
There is also optional security set at the Business Process Definition level that allows you to control who can create and process run controls for the steps in a Business Process.
You can mark a Business Process Definition as Public, which means that anyone who can access the component can create a Run Control for the Business Process.
If you need to restrict who can create the Run Controls, you can set security on the Business Process Definition. The security can be inherited or set up when you create the Business Process Run Control.
Note: The system disables the Start Process button on the Business Process Weaver Run Control page when a user does not have access to the first step in the Business Process Weaver definition. A user must have access to both the first step in the definition and the first step in the run control security data to launch a business process.
Here are some examples where setting security might be needed:
Where the user who created the Business Process Definition wants to authorize others to create the Business Process run controls
Where one user creates the Business Process Run Control and wants another user to run it.
Where a Business Process crosses multiple functional areas and the steps will be run by different users. In this case, you can give the users or roles access to create run controls or run the processes for the steps for which they are responsible.
Use the Business Process Security page (BPW_PRCDEFN_SEC) to define and modify security access at the process definition level. Only users who have access to the first step in the business process definition have permission to create a business process run control.
Navigation:
Click the Security link on the Business Process Definition page.
This example illustrates the fields and controls on the Business Process Security page. You can find definitions for the fields and controls later on this page.
Field or Control |
Description |
|---|---|
Type of Security |
Select from these options:
|
Value |
Enter a role or user ID, depending on the selected type of security. |
All Steps |
Select this check box to indicate that the user or role has access to all of the business process steps in the process definition. |
Steps and Select |
Click the Select lookup icon to select from available steps in the process definition. The step descriptions appear in the Steps field. |
Use the Process Run Control Security page (BPW_PRCRUN_SEC) to define and modify security access at the business process run control level. Only the creator of the business process run control can define or modify the security access at the business process run control level.
The same fields appear on the page as on the Business Process Security page at the business process definition level.