Users, Groups, External Applications and Permissions
A process application role consists of users and/or groups, and permissions.
Users and Groups
Users and groups for your Process Automation instance are created in Oracle Identity Cloud Service (IDCS) or Oracle Cloud Infrastructure Identity and Access Management (IAM). Note that to create users and groups in IDCS or IAM, you have to be assigned the identity domain administrator or user administrator role.
See Manage Oracle Identity Cloud Service Users and Manage Oracle Identity Cloud Service Groups in Administering Oracle Identity Cloud Service.
See Managing Users and Managing Groups in Oracle Cloud Infrastructure documentation.
Once created, users and groups will be available to be assigned to application and global roles by Process Automation Designers during design and testing. If required, Process Automation Administrators can later update them for production in Workspace.
External applications
You can also authenticate and authorize an external application in a flow. In a business scenario that uses machine to machine flows, the process instance and decision services can handle requests that contain bearer tokens generated through the OAuth client credential flow. To use an external application in a flow, as a prerequiste, you must have an Oracle Cloud Infrastructure Identity and Access Management (IAM) application configured to authenticate a client using the client credentials grant. This results in a scoped bearer token that can access the Process Automation instance.
You can either use the default Oracle Cloud Infrastructure Identity and Access Management (IAM) application created for your Process Automation instance or create a new integrated application and configure it appropriately.
To initiate a Process Automation instance using the client credentials flow, add the external application to a role with Use permission.
Note:
You can perform GET and POST operations at all instances level, while you can perform only the GET operation on a specific instance.Permissions
Users, groups, and/or external applications added to a process application role have to be assigned one of four permissions, listed in the table below from least amount of access to the most. For example, Inspect grants the least control and Manage grants the most. Behind the scenes, permissions use a data access control (DAC) model.
Permission | Description | Target Users |
---|---|---|
Inspect |
Allows users to list tasks and processes, but not view their details. For example, users assigned the Inspect permission can review a list of pending tasks without going into individual tasks and seeing their details. |
Viewers Users who want to get an overview of pending tasks in a process application. |
Read |
Allows users to Inspect plus the ability to perform the following:
|
Reviewers Users who want to view details and review tasks and processes in a process application. |
Use |
Allows users to Read plus the ability to perform the following:
|
Users/Process Users Users who want to review as well as work on tasks and processes in a process application. |
Manage |
Allows users to Use plus the ability to perform the following:
|
Power Users and Process Application Administrators Users who want to have maximum permission for a process application.
|