Work with Roles in Designer

Learn about working with roles in Oracle Cloud Infrastructure Process Automation Designer.

If you're an Oracle Cloud Infrastructure Process Automation administrator (assigned the ServiceAdministrator role in the IDCS application), learn about additional options in Work with Roles in Workspace.

Add a Local or Global Role

Adding a role means defining it. You can add members and permissions to a role right away or define them later. If you want to define privileges for your current application only, define a local role.

In Designer, open a process application.
Click Add in the upper corner. The Add component pane appears.
Expand Roles, and click New.
Under Create role options, complete these fields. Note that these entries can’t be changed later.
- Title: Enter a name that describes who is assigned the role or what they can do (for example, Subscriber or Approver).
- Identifier: You can leave this unique identifier that’s created for you, or change it. You can’t change this identifier later.
- Scope: Choose Application to use the role in this application only. Choose Global to allow this role to be used in other applications.
Click Create. The role is created.
Open the role from the Roles tab.
In the top portion, add users and/or groups to the role.
Search by groups or users, then enter characters in the search field. (Administrators can also select members later in Workspace.) You can assign a combination of users and groups to a role.

Typically designers add themselves while designing, to test using the role in Workspace.

Under Application Permission Level, choose a level. The default is Use.

Permission	Allows Users to...	Example Use
Inspect	List resources, but not read them	Allow a user to review of a list of pending tasks without going into individual tasks and seeing their details.
Read	View resource details, but not edit them	View details for tasks and structured and dynamic processes, including attachments and comments View structured and dynamic process definitions and task audits
Use	Perform actions on resources	Start a structured and dynamic process instance Complete an activity
Manage	Create, delete, or cancel resources (plus all above)	Withdraw, reassign, or release tasks Terminate structured or dynamic processes Use admin options in Workspace (Roles, Notification, and Credentials)

You can now use the role in structured and dynamic processes. See:

Link a Global Role to Your Application

You can link to a global role instead of creating a new one for an application. Linking means finding an existing global role and bringing it into your application to use in a structured or dynamic process, or to define permissions for this application.

Note that a global role must be activated (exist in an application that’s been activated) or created in Workspace to be available for linking.

In Designer, open a process application.
Click Add in the upper corner. The Add component pane appears.
Expand Roles, and click Global.
Under Link role options, click the Search field. Search for and select a global role to use in your application.
Click Link.
The role is added to your application. You can now use it in structured and dynamic processes, or to define permissions for this application. Administrators can change the global role’s members and permissions in Workspace.

Assign Roles to User Tasks in Structured Processes

When selecting assignees for user tasks, you have multiple options. When the task executes, users’ assigned tasks display under My Tasks in Workspace.

You can select assignees based on:

The role assigned to the swimlane
The selected assignee (user, role, or expression)

To select an assignee:

In Designer, open a process application.
In a structured process, open the Properties pane of an activity and make a selection in the Select Participants field.
1. Choose Current Lane Participants to assign based on the swimlane’s role.
  
  In the example below, users or groups assigned to the Approver role will be assigned the Approve subscription task.
  
  Description of the illustration roles-sp.png
2. Choose Individual Assignee under Assignees to select a specific assignee. Click Assign to, then choose a role, roles, or expression. Use the search field to search for specific user or role.
  
  In the example below, the user jcooper is assigned to the Approve subscription task.
  
  Description of the illustration roles-sp-assignee.png

Assign Roles to User Tasks in Dynamic Processes

When selecting assignees for user tasks, you can select a local or global role. When tasks execute in runtime, users’ assigned tasks display under My Tasks in Workspace.

Note that you can also assign a task directly to a specific user on the Users tab, or use an expression to specify the user.

In Designer, open a process application.
In a dynamic process, add or open a human task activity and edit its properties.
In the Properties pane, click Assign to under Assignees.
Click the Roles tab and select a local or global role for the task.
Note that tasks assigned to a role display under Team Tasks in Workspace. Task directly assigned (single-user assignment) display under My Tasks.

Enable Users to Start Your Application

A process application starts when its structured or dynamic process starts. Typically, a process starts by a user who selects the process under Start Requests in Workspace, and submits an associated form. In the process start, enable users to start the application.

When specifying who can start the process, you can specify:

Any authenticated user

This setting enables any authenticated user who can access Workspace or a Process Automation embeddable component (snippet) can start the process.
Any user with Use or Manage permission

To assign a role's permissions, see Add a Local or Global Role.

To specify who can start the process:

In Designer, open a process application.
Create or open a process.
An application can start with a structured or dynamic process.

See Create a Structured Process or Create a Dynamic Process.
Open the process start properties.
1. In a structured process, drag a Form Start or a Message Start activity onto the canvas as the process start. Select the start event and choose Open Properties.
2. In a dynamic process, click Start Process at the top of the canvas.
Select who can start the process.
1. In a structured process, select from the Assignee field of the Properties pane.
2. In a dynamic process, select from the Who can start the process? field in the Start Process dialog.
In either type of process, select one of these options:
- Any User with Use Permission: Allows any user assigned a role with Use or Manage permission to see and start the application. Note that in a structured process, a user does not need to be assigned to the swimlane to start the process.
- Any Authenticated User: Allows any user with access to Oracle Cloud Infrastructure Process Automation to see and start the application.

Remove Roles in Designer

You can remove a role if it is no longer needed in your application. Removing a role removes it from any dynamic or structured processes in which it is used.

Removing a role is different for application versus global roles:

You delete an application role from your application.
You unlink a global role from your application. The global role can still be used in other applications. Global roles must be deleted by administrators in Workspace administration.

To remove a role:

In Designer, open a process application.
Select the Roles tab. If you have application and global roles, notice that their icons are different.
Click for the role you want to remove, and choose Delete (for an application role) or Unlink (for a global role).
Confirm that you want to remove the role.
The role is removed.