LSPS documentation logo
LSPS Documentation
Reference

Security Rights

A security role given to a person allows the person to perform actions based on the assigned security rights.

The following security rights are available:

Binary Security Rights

Binary rights govern the operations on binaries stored directly to database.

Security right Description
Binary:Add adding binary resources; allows the user to upload files directly to database (this is done from the ui::Upload components with Upload to memory set to false)
Binary:Delete removing binary resources
Binary:Read reading binary resources

Debugger Security Rights

Security right Description
Debugger:Manage managing debugger–setting, activating, deactivating the debug mode, and adding, updating and removing breakpoints

Document Security Rights

Document rights govern the access to the Documents uploaded as part of modules.

Security right Description
Document:Read reading documents
Document:Submit editing and submitting documents
Document:Writeimport document state

Exception Security Rights

Exception rights restrict the access to exceptions in model instance execution.

Security right Description
Exception:Read retrieving rollback information
Exception:Remove removing rollback info
Exception:Resend resending task data from the Exception Handling view

Expression Evaluation Security Rights

Security right Description
Expression:Evaluate evaluating expressions in runtime (in the Expression Evaluator)

Form Preview Security Rights

Form preview right serve to restrict access to Form preview

Mind that this feature should be disabled completely on other than development servers.

Security right Description
Form:Preview running form previews (note that you need the Model:Manage right to be able to preview forms)

Goal State Security Rights

Security right Description
GoalState:Update changing states of goals

Log Security Rights

Security right Description
Log:Read access to logs created by the Log task and log() function

Management Security Rights

Security right Description
Management:Login access to the management tools, the Management Console and Management perspective

Model Security Rights

Security right Description
Model:Delete deleting model instances
Model:Manage adding and uploading models to the repository and exporting uploaded models to archive files
Model:Read finding, reading, and updating models and GO-BPMN modules in the repository and reading resources (files) for a given model

Model Instance Security Rights

Security right Description
ModelInstance:Create creating model instances
ModelInstance:Notify notifying model instance from a Web Service
ModelInstance:Read retrieving model instance related information
ModelInstance:Suspend suspending running model instances
ModelInstance:Terminate finishes running model instances
ModelInstance:Update_Model changing the model for running model instances
ModelInstance:Writeimport XML model instance state

Person Security Rights

Security right Description
Person:Change_Own_Password changing own password (The person must not have Person:Manage either for the restriction to apply.)
Person:Manage managing general information and associations to modeled roles of persons
Person:Read retrieving person related information

Report Security Rights

Security right Description
Report:Dashboard_Management enables the definition of common dashboard tabs
Report:Read_All reading all available reports (this right overrides the security setting defined for the report)
Report:Read_Own reading reports, which the user is entitled to

Role Security Rights

Security right Description
Role:Manage managing role
Role:Read reading roles (read-only access)

Upload Schema Security Rights

Security right Description
Schema:DropCreate availability of drop-create strategy for business objects
Schema:Update updating strategy of business objects
Schema:Validate validating schema of business objects

Security Role Security Rights

Security right Description
SecurityRole:Manage adding, renaming, and removing security roles to/from the persistent storage and assigning rights to security roles and acquiring a set of all rights
SecurityRole:Read retrieving security roles and associated users

Settings Security Rights

Security right Description
Settings:Manage access to the Settings of Management Console and Application User Interface

Signal Security Rights

Security right Description
Signal:Remove removing a signal from the model instance queue
Signal:Send sending signals to model instances

Todo Security Rights

Security right Description
Todo:Delegate_All delegating any to-dos
Todo:Delegate_Own delegating to-dos of the particular person
Todo:Escalate_All escalating any to-dos
Todo:Escalate_Own escalating to-dos assigned to the particular user
Todo:Process getting, submitting and canceling a to-do
Todo:Read acquiring the list of to-dos meeting the given criteria (disables access to the Todo List)
Todo:Read_All reading all available to-dos (this right overrides the security setting defined for the to-do)
Todo:Read_Assignees displaying to-do assignees (in to-do details)
Todo:Read_Own reading to-dos, which the user is entitled to
Todo:Reassignreassigning to-dos
Todo:Reject rejecting to-dos
Todo:Undo_Reject cancelling to-do rejection
Todo:Write_Allimport XML to-do state

Context Security Rights

Security right Description
Variables:Update changing values of variables of the given context

Web Service Security Rights

Web Service rights serve to restrict access to data about the web services provided by the modules.

Security right Description
Webservice:Invoke platform specific right
Webservice:Read monitoring of current modeled Web Services

Monitoring Model-Instance Starting

Security right Description
AppRestart:Read read information about model instance starting (access to CLI-commands appRestartInfoExport, appRestartInfo
AppRestart:Clearclearing the model-instance start data by calling clearApplicationRestartData()

Technical and Deprecated Security Rights

Security right Description
Lock:Manage acquiring or releasing data locks
Testing:Allinternal security right; Do not assign this right to any users.