Security Rights
A security role given to a person allows the person to perform actions based on the assigned security rights.
The following security rights are available:
Binary Security Rights
Binary rights govern the operations on binaries stored directly to database.
Security right | Description |
Binary:Add | adding binary resources; allows the user to upload files directly to database (this is done from the ui::Upload components with Upload to memory set to false ) |
Binary:Delete | removing binary resources |
Binary:Read | reading binary resources |
Debugger Security Rights
Security right | Description |
Debugger:Manage | managing debugger–setting, activating, deactivating the debug mode, and adding, updating and removing breakpoints |
Document Security Rights
Document rights govern the access to the Documents uploaded as part of modules.
Security right | Description |
Document:Read | reading documents |
Document:Submit | editing and submitting documents |
Document:Write | import document state |
Exception Security Rights
Exception rights restrict the access to exceptions in model instance execution.
Security right | Description |
Exception:Read | retrieving rollback information |
Exception:Remove | removing rollback info |
Exception:Resend | resending task data from the Exception Handling view |
Expression Evaluation Security Rights
Security right | Description |
Expression:Evaluate | evaluating expressions in runtime (in the Expression Evaluator) |
Form Preview Security Rights
Form preview right serve to restrict access to Form preview
Mind that this feature should be disabled completely on other than development servers.
Security right | Description |
Form:Preview | running form previews (note that you need the Model:Manage right to be able to preview forms) |
Goal State Security Rights
Security right | Description |
GoalState:Update | changing states of goals |
Log Security Rights
Security right | Description |
Log:Read | access to logs created by the Log task and log() function |
Management Security Rights
Model Security Rights
Security right | Description |
Model:Delete | deleting model instances |
Model:Manage | adding and uploading models to the repository and exporting uploaded models to archive files |
Model:Read | finding, reading, and updating models and GO-BPMN modules in the repository and reading resources (files) for a given model |
Model Instance Security Rights
Security right | Description |
ModelInstance:Create | creating model instances |
ModelInstance:Notify | notifying model instance from a Web Service |
ModelInstance:Read | retrieving model instance related information |
ModelInstance:Suspend | suspending running model instances |
ModelInstance:Terminate | finishes running model instances |
ModelInstance:Update_Model | changing the model for running model instances |
ModelInstance:Write | import XML model instance state |
Person Security Rights
Security right | Description |
Person:Change_Own_Password | changing own password (The person must not have Person:Manage either for the restriction to apply.) |
Person:Manage | managing general information and associations to modeled roles of persons |
Person:Read | retrieving person related information |
Report Security Rights
Security right | Description |
Report:Dashboard_Management | enables the definition of common dashboard tabs |
Report:Read_All | reading all available reports (this right overrides the security setting defined for the report) |
Report:Read_Own | reading reports, which the user is entitled to |
Role Security Rights
Security right | Description |
Role:Manage | managing role |
Role:Read | reading roles (read-only access) |
Upload Schema Security Rights
Security right | Description |
Schema:DropCreate | availability of drop-create strategy for business objects |
Schema:Update | updating strategy of business objects |
Schema:Validate | validating schema of business objects |
Security Role Security Rights
Security right | Description |
SecurityRole:Manage | adding, renaming, and removing security roles to/from the persistent storage and assigning rights to security roles and acquiring a set of all rights |
SecurityRole:Read | retrieving security roles and associated users |
Settings Security Rights
Security right | Description |
Settings:Manage | access to the Settings of Management Console and Application User Interface |
Signal Security Rights
Security right | Description |
Signal:Remove | removing a signal from the model instance queue |
Signal:Send | sending signals to model instances |
Todo Security Rights
Security right | Description |
Todo:Delegate_All | delegating any to-dos |
Todo:Delegate_Own | delegating to-dos of the particular person |
Todo:Escalate_All | escalating any to-dos |
Todo:Escalate_Own | escalating to-dos assigned to the particular user |
Todo:Process | getting, submitting and canceling a to-do |
Todo:Read | acquiring the list of to-dos meeting the given criteria (disables access to the Todo List) |
Todo:Read_All | reading all available to-dos (this right overrides the security setting defined for the to-do) |
Todo:Read_Assignees | displaying to-do assignees (in to-do details) |
Todo:Read_Own | reading to-dos, which the user is entitled to |
Todo:Reassign | reassigning to-dos |
Todo:Reject | rejecting to-dos |
Todo:Undo_Reject | cancelling to-do rejection |
Todo:Write_All | import XML to-do state |
Context Security Rights
Security right | Description |
Variables:Update | changing values of variables of the given context |
Web Service Security Rights
Web Service rights serve to restrict access to data about the web services provided by the modules.
Security right | Description |
Webservice:Invoke | platform specific right |
Webservice:Read | monitoring of current modeled Web Services |
Monitoring Model-Instance Starting
Security right | Description |
AppRestart:Read | read information about model instance starting (access to CLI-commands appRestartInfoExport , appRestartInfo |
AppRestart:Clear | clearing the model-instance start data by calling clearApplicationRestartData() |
Technical and Deprecated Security Rights
Security right | Description |
Lock:Manage | acquiring or releasing data locks |
Testing:All | internal security right; Do not assign this right to any users. |