Create Roles for a Stage
Roles defined at the process level are automatically inherited by a stage. In addition, you can also define roles specific to a stage. Want to know more about roles? See Create Process Roles.
If there are conflicting permissions granted to a user at the process and stage levels, permissions granted at the stage level prevail within that stage.
To create a new role at the stage (or activity) level:
-
Click the Create Role link.
-
In the resulting pane, enter a suitable name for the role, for example, Nurse.
-
Click the Members field and select users to add to the role.
-
Click Add Permissions to create a new set of permissions for the role.
-
Enter a suitable name for the set in the Name field.
-
Click the Items field, select stages (or activities) for which you want the role and associated permissions to apply.
-
In the Actions field, select actions that users assigned to this role can perform on stages (or activities) selected previously. For a detailed description of all actions available for a stage or activity, see Stage or Activity Permissions.
-
You can also create a data condition to activate this set of permissions. Click Add Permission Condition and choose one of the available condition types from the resulting dialog box.
- Simple: Select to define a simple condition based on a process variable’s value in the payload.
- Decision: Select to define a condition based on a decision model. Choose the decision model and the service you want to use (only the models for which you’ve created a connector within the application show up in the drop-down menu), specify the process variable you want to pass as input to the model, and, finally, define a condition using the model’s output (body.interpretation) or problems array (body.problems). See Configure a Decision Sentry in a Dynamic Process.
- REST: Select to define a condition based on a REST connector. You can also use OIC integrations of the type REST to define conditions.
Specify the integration you want to use in the Integration field. If you choose a REST connector defined within the process application (that is, a native connector), specify a resource and an operation for it too. Map a process variable as input to the connector’s request body or parameter, and then define a condition using the connector’s response body.
The following figure shows an example decision condition defined:
Description of the illustration dmn-rest-sentries.pngNote:
In Decision and REST condition types, you can create multiple data triggers and form a logical expression using AND or OR operators. Click the drop-down arrow to switch between operators.
You can create more that one set of permissions for a particular role.
-
-
Click Create to save changes.
Use Edit or Delete to modify an existing role from the Roles tab.
The following figure shows a role created for a stage called Diagnosis:
Note:
Adding members and permissions to a role in design time ensures that they’re retained for all deployments of the process application in runtime. If you require to temporarily assign users to a role or modify permissions in a particular deployment, you can accomplish this in runtime. See Override Roles Assigned to a Process.Stage or Activity Permissions
The following table defines all permissions that can be granted to a user or group of users over a stage or activity.
Permission | Description |
---|---|
View |
Users granted this permission can:
|
Update |
Users granted this permission can enable, disable, start, and complete the stage or activity for a process instance. |
All |
Users granted this permission can perform all of the above actions. |
None |
Users assigned this permission cannot perform any actions on the stage or activity. |