LSPS Documentation
A security role given to a person allows the person to perform actions based on the assigned security rights.
The following security rights are available:
| Security right | Description |
|---|---|
| Binary:Add | adding binary resources |
| Binary:Delete | removing binary resources |
| Binary:Read | reading binary resources |
| Debugger:Manage | managing debugger–setting, activating, deactivating the debug mode, and adding, updating and removing breakpoints |
| Document:Read | reading documents |
| Document:Submit | editing and submitting documents |
| Exception:Read | retrieving rollback information |
| Exception:Remove | removing rollback info |
| Exception:Resend | resending task data from the Exception Handling view |
| Expression:Evaluate | evaluating expressions in runtime (in the Expression Evaluator) |
| Form:Preview | running form previews (note that you need the Model:Manage right to be able to preview forms) |
| GoalState:Update | changing states of goals |
| Lock:Manage | acquiring or releasing data locks |
| Model:Delete | deleting model instances |
| Model:Manage | adding and uploading models to the repository and exporting uploaded models to archive files |
| Model:Read | finding, reading, and updating models and GO-BPMN modules in the repository and reading resources (files) for a given model |
| ModelInstance:Create | creating model instances |
| ModelInstance:Notify | notifying model instance from a Web Service |
| ModelInstance:Read | retrieving model instance related information |
| ModelInstance:Suspend | suspending running model instances |
| ModelInstance:Terminate | terminating running model instances |
| ModelInstance:Update_Model | changing the model for running model instances |
| Person:Change_Own_Password | changing own password |
| Person:Manage | managing general information and associations to modeled roles of persons |
| Person:Read | retrieving person related information |
| Report:Dashboard_Management | enables the definition of common dashboard tabs |
| Report:Read_All | reading all available reports (this right overrides the security setting defined for the report) |
| Report:Read_Own | reading reports, which the user is entitled to |
| Role:Manage | managing role |
| Role:Read | reading roles (read-only access) |
| Schema:DropCreate | availability of drop-create strategy for business objects |
| Schema:Update | updating strategy of business objects |
| Schema:Validate | validating schema of business objects |
| SecurityRole:Manage | adding, renaming, and removing security roles to/from the persistent storage and assigning rights to security roles and acquiring a set of all rights |
| SecurityRole:Read | retrieving security roles and associated users |
| Signal:Remove | removing a signal from the model instance queue |
| Signal:Send | sending signals to model instances |
| Testing:All | internal security right; Do not assign this right to any users. |
| Todo:Delegate_All | delegating any to-dos |
| Todo:Delegate_Own | delegating to-dos of the particular person |
| Todo:Escalate_All | escalating any to-dos |
| Todo:Escalate_Own | escalating to-dos assigned to the particular user |
| Todo:Process | getting, submitting and canceling a to-do |
| Todo:Read | acquiring list of to-dos meeting the given criteria |
| Todo:Read_All | reading all available to-dos (this right overrides the security setting defined for the to-do) |
| Todo:Read_Assignees | displaying to-do assignees (in to-do details) |
| Todo:Read_Own | reading to-dos, which the user is entitled to |
| Todo:Reassign | reassigning to-dos |
| Todo:Reject | rejecting to-dos |
| Todo:Undo_Reject | cancelling to-do rejection |
| Variables:Update | changing values of variables of the given context |
| Webservice:Invoke | platform specific right |
| Webservice:Read | monitoring of current Web Services |