Security Rights
A security role given to a person allows the person to perform actions based on the assigned security rights.
The following security rights are available:
Binary Security Rights
Binary rights govern the operations on binaries stored directly to database.
| Security right | Description |
| Binary:Add | adding binary resources; allows the user to upload files directly to database (this is done from the ui::Upload components with Upload to memory set to false) |
| Binary:Delete | removing binary resources |
| Binary:Read | reading binary resources |
Debugger Security Rights
| Security right | Description |
| Debugger:Manage | managing debugger–setting, activating, deactivating the debug mode, and adding, updating and removing breakpoints |
Document Security Rights
Document rights govern the access to the Documents uploaded as part of modules.
| Security right | Description |
| Document:Read | reading documents |
| Document:Submit | editing and submitting documents |
| Document:Write | import document state |
Exception Security Rights
Exception rights restrict the access to exceptions in model instance execution.
| Security right | Description |
| Exception:Read | retrieving rollback information |
| Exception:Remove | removing rollback info |
| Exception:Resend | resending task data from the Exception Handling view |
Expression Evaluation Security Rights
| Security right | Description |
| Expression:Evaluate | evaluating expressions in runtime (in the Expression Evaluator) |
Form Preview Security Rights
Form preview right serve to restrict access to Form preview
Mind that this feature should be disabled completely on other than development servers.
| Security right | Description |
| Form:Preview | running form previews (note that you need the Model:Manage right to be able to preview forms) |
Goal State Security Rights
| Security right | Description |
| GoalState:Update | changing states of goals |
Management Security Rights
Model Security Rights
| Security right | Description |
| Model:Delete | deleting model instances |
| Model:Manage | adding and uploading models to the repository and exporting uploaded models to archive files |
| Model:Read | finding, reading, and updating models and GO-BPMN modules in the repository and reading resources (files) for a given model |
Model Instance Security Rights
| Security right | Description |
| ModelInstance:Create | creating model instances |
| ModelInstance:Notify | notifying model instance from a Web Service |
| ModelInstance:Read | retrieving model instance related information |
| ModelInstance:Suspend | suspending running model instances |
| ModelInstance:Terminate | finishes running model instances |
| ModelInstance:Update_Model | changing the model for running model instances |
| ModelInstance:Write | import XML model instance state |
Person Security Rights
| Security right | Description |
| Person:Change_Own_Password | changing own password |
| Person:Manage | managing general information and associations to modeled roles of persons |
| Person:Read | retrieving person related information |
Report Security Rights
| Security right | Description |
| Report:Dashboard_Management | enables the definition of common dashboard tabs |
| Report:Read_All | reading all available reports (this right overrides the security setting defined for the report) |
| Report:Read_Own | reading reports, which the user is entitled to |
Role Security Rights
| Security right | Description |
| Role:Manage | managing role |
| Role:Read | reading roles (read-only access) |
Upload Schema Security Rights
| Security right | Description |
| Schema:DropCreate | availability of drop-create strategy for business objects |
| Schema:Update | updating strategy of business objects |
| Schema:Validate | validating schema of business objects |
Security Role Security Rights
| Security right | Description |
| SecurityRole:Manage | adding, renaming, and removing security roles to/from the persistent storage and assigning rights to security roles and acquiring a set of all rights |
| SecurityRole:Read | retrieving security roles and associated users |
Settings Security Rights
| Security right | Description |
| Settings:Manage | access to the Settings of the Management Console and Application User Interface |
Signal Security Rights
| Security right | Description |
| Signal:Remove | removing a signal from the model instance queue |
| Signal:Send | sending signals to model instances |
Todo Security Rights
| Security right | Description |
| Todo:Delegate_All | delegating any to-dos |
| Todo:Delegate_Own | delegating to-dos of the particular person |
| Todo:Escalate_All | escalating any to-dos |
| Todo:Escalate_Own | escalating to-dos assigned to the particular user |
| Todo:Process | getting, submitting and canceling a to-do |
| Todo:Read | acquiring the list of to-dos meeting the given criteria (disables access to the Todo List) |
| Todo:Read_All | reading all available to-dos (this right overrides the security setting defined for the to-do) |
| Todo:Read_Assignees | displaying to-do assignees (in to-do details) |
| Todo:Read_Own | reading to-dos, which the user is entitled to |
| Todo:Reassign | reassigning to-dos |
| Todo:Reject | rejecting to-dos |
| Todo:Undo_Reject | cancelling to-do rejection |
| Todo:Write_All | import XML to-do state |
Context Security Rights
| Security right | Description |
| Variables:Update | changing values of variables of the given context |
Web Service Security Rights
Web Service rights serve to restrict access to data about the web services provided by the modules.
| Security right | Description |
| Webservice:Invoke | platform specific right |
| Webservice:Read | monitoring of current modeled Web Services |
Technical and Deprecated Security Rights
| Security right | Description |
| Lock:Manage | acquiring or releasing data locks |
| Testing:All | internal security right; Do not assign this right to any users. |
