Understanding Operation Workflow Security
Various types of users may perform blend operations. One type of user could be a wine-maker, who creates new operations and can delete operations that are still at a draft status or move operations from draft to active status. Another type of user may be an operator, who has permission to enter results and record actual values against active operations, but who should not be able to close operations.
To ensure that only authorized personnel perform certain activities, you can attach users to permissions based on the job roles that they perform. Operation workflow security defines under which set of conditions a user is allowed to perform a certain action. You use the Operation Security program (P31B922) to set up user permission levels for each configured operation that might occur in a blend facility. You define permissions not only by configured operation and blend facility, but also by user action and workflow status. Workflow statuses provide more details about an operation status, such as Planned or Active. You can define multiple workflow statuses for each operation status.
To set up operation security, you must associate users with a specific permission type. Permission types are stored in the Permission Type UDC table (H95/PT). You can then associate the users with a specific security definition. You can add or remove users from the permission list.
You set up permissions by exclusion, that is, the system excludes the users on the permission list from the user action for which you are setting up workflow security. For example, you can set up a permission list that excludes any user associated with the list from promoting a particular configured operation to any workflow status in a specific blend facility.
Once you have set up operation workflow security, the system validates the permissions of each user to set up and maintain operations. When you enter operation header information, the system validates the workflow status you entered and whether you have permission to enter operations at the blend facility as soon as you submit the information. If you do not have permission, the system issues an error and does not save the information.
When you attempt to edit an operation at a blend facility and at a workflow status for which you do not have permission, the system prevents you from editing the operation, but it does enable you to view the operation details. The system also prevents you from promoting an operation to a status for which you do not have permission. For example, the operation permission list can be set up to prevent users from closing an operation.
The system validates user permissions by first determining the permission list to which the user belongs. The system uses the permission type that you set up for the configured operation to identify the permission list. Then the system performs a predefined hierarchical search to determine whether the user has permission to create, edit, or promote an operation. The search sequence proceeds by substituting *All for every component of the permission list, as illustrated by this table:
Permission List |
Configured Operation |
Configured Operation Status |
Winery |
Action |
|---|---|---|---|---|
Operator |
Tank-to-tank |
Draft |
XYZ |
Add/Edit and Promote |
Operator |
*All |
Draft |
XYZ |
Promote |
Operator |
*All |
*All |
XYZ |
Promote |
Operator |
*All |
*All |
*All |
Add/Edit and Promote |
If you use operation workflow security, the system enforces it for related processes, such as:
Speed operation updates.
Expense spreading.
Global administration operations.
Creating operations from work orders and work order templates.
Creating operations from the Inventory by Vessel View form.
Grower operations.
The system does not enforce operation workflow security when rolling forward changes to succeeding operations in the dependency chain.