Try OpenEdge Now
skip to main content
Business Process Portal Administrator's Guide
Managing access control : Accessing access control parameters : Business Process Server resource hierarchy
 

Business Process Server resource hierarchy

The authorization process in Business Process Server is performed by the ACLManager. Actions are placed on the resource. The list of resource/action pairs associated with the user/group represent that user/group’s privilege. Actions define the type of task you can perform on the resource.
To better understand the application of permissions, Business Process Server resource hierarchies are grouped into five categories: Business Process Server, BPM Events, Management, Administration, and Dashboard. How these resources operate is explained as follows:

Business Process Server

Business Process Server resources belong to one of three hierarchies:
*Process instance resources. This hierarchy gives a user the right to perform operations on a process instance, i.e. BPServer.PI.Approval.App#1, while another user has the right to perform operations on BPSever.PI.Approval.App#2. Remember, a user with the right to perform operations on BPServer.PI.Approval as a resource inherits the right for all instances of Approval. Likewise, a user with the right to perform an operation on BPServer.PI, may perform that operation on all Business Process Server process template instances.
To use the process instance permissions, you must set the system.pi.checkacl parameter from the umacl.conf file to TRUE.
Figure 4. Resource hierarchy for process instances
*Dataslot resource. Consider the protection for the "salary" and "resume" dataslots of the Hiring#1 process instance. The resource names are BPServer.DS.Hiring.Hiring#1.salary and BPServer.DS.Hiring.Hiring#1.resume. A user with the rights to resource BPServer.DS.Hiring.Hiring#1 has the rights on all Hiring#1 dataslots, which includes "salary" and "resume."
Figure 5. Resource hierarchy for dataslot
*Process template resource. The shallowest of the Business Process Server hierarchies, this permission allows defining process templates as resources. Any template, such as Approval, Hiring or Timeoff can be protected as a resource in Business Process Server. You may reference these templates as BPServer.PT.Approval, BPServer.PT.Hiring, or BPserver.PT.Timeoff.
Figure 6. Resource hierarchy for process template
The resources protected in Business Process Server are summarized below:
Table 47. BP Server resources
Type
Name
Process Template
PTName
Process Instance
PTName.PIName
Data Slot
PTName.PIName.DSName

BPM Events

The resources protected in BPM Events are as follows:
Table 48. BPM Events resources
Type
Name
Infopad
infopadname

Management

The resources protected in the Management module of Business Process Portal are as follows:
Table 49. Management resources
Type
Name
Report
PTName.reportName
BPMSQLReport
fileName
ReportBuilder
reportTypeThe Report Types are:
*OEBPS. Internally created reports in the Management module.
*External. Reports from external reports sources, crystal, BPM SQL, etc.

Administration

The protected resources for Administration module users are:
Table 50. Administration resources
Type
Name
Application
appName
Modeler
modelername
Configuration
conffilename
Queue
queuename
Reusable Components
reusablecomponentName
Log
componentName
Server
servername
Group
groupname
User
username
Permission
permission1
1 This is a general, not a specific permission for this resource. You may name this permission anything but "mypermission."

The application resource types are:
*BPM Webflow
*OEBPS
The configuration resource file names are:
*BPMPortal
*BPMEvents
*BPMWebflow
*BPMProcessStore
*Email
*EventPublisher
*Log
*Portal
*OEBPS
The reusable components resource types are:
*BPMWebflow
*OEBPS
The log resource component names are:
*Archiver
*BPMPortal
*BPMEvents
*BPMWebflow
*BPMProcessStore
*EventPublisher
*OEBPS
The server resources are:
*Archiver
*BPMPortal
*BPMEvents
*Event Publisher

Dashboard

The resources protected in Dashboard are as follows:
Table 51. Dashboard resources
Type
Name
Dashboard Component
componentname

Actions

Actions are the type of task you can perform on the resource. For example, you may grant a permission to a group to start and stop a server in the Administration module. The resource is the server, stop and start are the actions, and Administration is the component. Unlike resources, actions are not hierarchical. The following table depicts all actions defined for all Business Process Server resources:
Table 52. Actions for resources
Component
Resource type
Actions
BP Server
Process instance
Any, Remove, Suspend, Resume, View, Update
BP Server
Process template
Any, View, Update
BP Server
Dataslot
Any, View, Update
BP Server
Infopad
Any, View, Update
Management
Report
Execute
Management
BPMSQLReport
Execute
Management
ReportBuilder
Any, Create, Update, Remove
Administration
Server
Any, Start, Stop, Suspend, Resume, View Status
Administration
Configuration
Any, View, Update
Administration
User
Any, View, Create, Remove, Update, Delegate
Administration
Group
Any, View, Create, Remove, Addmember, Removemember, Change Role, Update
Administration
Application
Any, Install, Uninstall, Suspend1, Resume1, Publish, Unpublish, Execute2
Administration
Queue
Any, View, Create, Remove, Addmember, Removemember, Update
Administration
Reusable Component
Any, Import, Export, Delete
Administration
Log
Any, View
Administration
Permission
Any, View, Create, Remove
Administration
Modeler
Any, View, Create, Update, Remove
Dashboard
Dashboard Component
View
1 You cannot suspend and resume a Web application.

2 The execute action protects a Web application from unauthorized execution. For example, in the Start step of the Web process, if an authenticated user is not authorized to execute the application, then they will receive an authorization failure error.

Note: In the Administration component, for the resource types User, Group and Queue, you can select Any User, Any Group and Any Queue option respectively.