Create Roles for a Stage

Roles defined at the process level are automatically inherited by a stage. In addition, you can also define roles specific to a stage. Want to know more about roles? See Create Process Roles.

If there are conflicting permissions granted to a user at the process and stage levels, permissions granted at the stage level prevail within that stage.

To create a new role at the stage (or activity) level:

Click the Create Role link.
In the resulting pane, enter a suitable name for the role, for example, Nurse.
Click the Members field and select users to add to the role.
Click Add Permissions to create a new set of permissions for the role.
1. Enter a suitable name for the set in the Name field.
2. Click the Items field, select stages (or activities) for which you want the role and associated permissions to apply.
3. In the Actions field, select actions that users assigned to this role can perform on stages (or activities) selected previously. For a detailed description of all actions available for a stage or activity, see Stage or Activity Permissions.
4. You can also create a data condition to activate this set of permissions. Click Add Permission Condition and choose one of the available condition types from the resulting dialog box.
  - Simple: Select to define a simple condition based on a process variable’s value in the payload.
  - Decision: Select to define a condition based on a decision model. Choose the decision model and the service you want to use (only the models for which you’ve created a connector within the application show up in the drop-down menu), specify the process variable you want to pass as input to the model, and, finally, define a condition using the model’s output (body.interpretation) or problems array (body.problems). See Configure a Decision Sentry in a Dynamic Process.
  - REST: Select to define a condition based on a REST connector. You can also use OIC integrations of the type REST to define conditions.
    Specify the integration you want to use in the Integration field. If you choose a REST connector defined within the process application (that is, a native connector), specify a resource and an operation for it too. Map a process variable as input to the connector’s request body or parameter, and then define a condition using the connector’s response body.
  The following figure shows an example decision condition defined:
  
  Description of the illustration dmn-rest-sentries.png
  
  Note:
  
  In Decision and REST condition types, you can create multiple data triggers and form a logical expression using AND or OR operators. Click the drop-down arrow to switch between operators.
You can create more that one set of permissions for a particular role.
Click Create to save changes.

Use Edit or Delete to modify an existing role from the Roles tab.

The following figure shows a role created for a stage called Diagnosis:

Description of the illustration dp-stage-role.png

Note:

Adding members and permissions to a role in design time ensures that they’re retained for all deployments of the process application in runtime. If you require to temporarily assign users to a role or modify permissions in a particular deployment, you can accomplish this in runtime. See Override Roles Assigned to a Process.

Stage or Activity Permissions

The following table defines all permissions that can be granted to a user or group of users over a stage or activity.

Permission	Description
View	Users granted this permission can: View the stage or activity. View the executing instance of the stage or activity.
Update	Users granted this permission can enable, disable, start, and complete the stage or activity for a process instance.
All	Users granted this permission can perform all of the above actions.
None	Users assigned this permission cannot perform any actions on the stage or activity.