Access Rights in Bizagi Studio
From Business Process Management, BPM and Workflow Automation Wiki | BizAgi BPMS
<keywords content="keywords"> access to, block users, block access, restrain access, restrain use, restrict access, restrict control </keywords>
|
Applies to .NET EDITION |
Contents |
Access Rights in Bizagi Studio
With Bizagi BPM Suite you can have a collaborative environment where you and other co-workers can work simultaneously on your processes. If you have several processes in your project you might need to restrict accesses to some elements to prevent the users modifying one process, to affect others.
You can grant users or groups specific user rights to create, modify and have full control of certain elements in Bizagi Studio.
By default all Bizagi projects are created with no security, that is, no access rights are configured. Enable Bizagi Studio Security and make sure the right people have access to the correct elements.
You can either ALLOW or DENY each permissons. When someone has been Denied to Modify an element, he or she will not be able to see the it nor its elements.
As soon as an element has any type of Security (either to deny or to allow), Bizagi will assume that the element is restricted and only users with Create, Modify or Full Control access will be able to modify it. All others will be restricted.
What you need to do in Bizagi
To grant access rights in Bizagi Studio you need to enable the security feature and define for each element the necessary permissions.
In a brief summary, configuring access rights in Bizagi is done by:
1. Enabling the Security feature by assigning project's Administrators
2. Granting access to a process.
Enabling Bizagi Studio Security
To enable access rights in Bizagi Studio you must define one or more project's Administrators.
As soon as Administrators are configured all other users will lose access to Bizagi Studio Security's configuration. To include an Administrator go to the Bizagi Studio Security option and add a user.
The window displayed to add a user works in the same way as when you grant permissions in Window's folders.
You can include several users to the Administrators group. Make sure Include is checked only for the users who will be administrators.
Important: Users MUST belong to the domain where the project is hosted to be able to include them in the Bizagi Studio Security settings.
Granting access to a process
On the following image we will grant access to the process called Claims and Complaints.
Keep in mind that access rights are granted to each element individually, so you should specify who has access rights.
To grant access rights you should be an Administrator, or have Full Control permissions over an item.
1. Right click on the element where you want to grant access rights and select Security.
2. A new window will be displayed where you should add a user or a group and select the permissions or restrictions desired.
3. Give each user and group the desired access rights.
When user's have been Denied, they will not be able to see the elements on Bizagi Studio, in the Modules view.
Entites and its components (forms, business rules, attributes) will be visible in the Forms Designer and the elements can be used but not modified.
Global Business rules and Functions can be viewed thgough the fourth step of the process wizard, but will not be available to be modified.
If a user does not have access rights over any element, and tries to open or modify it, the following window will be displayed.
Creating groups
Bizagi offers the possibility to create groups of users to organize your projects and help you grant access rights faster.
Generally, using groups is preferable, because it takes less time and effort to administer group-based security.
If you add some one as a member of a group, he/she will automatically get the same access rights as the rest of users in the group.
1. In the Bizagi Studio Security window click on the add button located on the bottom left corner. This will display a window where you can enter the group's name and a description. When you are finished click on OK.
2. Click on the new group to add users to it. If there are users already added to the Administrators group they will be added automatically.
Select Include for those users that should belong to the group.
Important: Users who have Exclude checked will be treated as if they did not exist in the group.
Adding a user or a group to a group
To include a user or a group to an existing group, click on the group's name and then click on Add User/Add Group.
Search for the user or select the group and click on OK.
Make sure Include is checked for all those users/groups who should belong to the group.
Important: Administrators group will not be available to include within another group.
Resources with Security
Security can be assigned to applications, processes, entities, global expressions and global functions.
The specific actions vary depending upon the type of resource. There are three types of actions:
Create
Modify
Full Control.
Access rights are inherited. If the node above has certain permissions, the child node will have them as well, unless the child node has specific permissions of its own.
The following lists describe the resources and the actions relating to each of them.
Applications and processes security
| Resource | Create | Modify | Full Control |
| Applications main node | Create new applications | n/a | n/a |
| Applications | Create new processes and sub-processes | Is visible and modifiable | Create, modify and manage Security |
| Processes | n/a | Is visible and modifiable | Create, modify and manage Security |
| Process versions | n/a | Is visible and modifiable | Create, modify and manage Security |
- Access rights are inherited. If someone has Modify permissions over an application, then the user will also have permissions over all the process related to that application and all its elements: forms, business rules, expressions, etc. Everything contained in the hierarchical tree.
- New processes will inherit the security configuration given to their application.
Entities security
| Resource | Create | Modify | Full Control |
| Entities main node | Create new entities | n/a | n/a |
| Application entities | n/a | Is visible and modifiable | Create, modify and manage Security |
| Master entities | n/a | Is visible and modifiable | Create, modify and manage Security |
| Parameter entities | n/a | Is visible and modifiable | Create, modify and manage Security |
- Most projects have entities that are that are crucial for the proper functioning of the process, and any uncontrolled changes can affect its development. You can give access permissions to those entities where you consider necessary to restrict changes.
- Access rights are inherited. If someone has Modify permissions an entity then the user will also have permissions over all its related elements: attributes, forms, values, queries, expressions. Everything contained in the hierarchical tree.
- When someone has been Denied the Modify permissions over an entity, the user will not be able to modify any of its elements. However the entity's elements will be available to be used but NOT modified.
Global Business Rules security
| Resource | Create | Modify | Full Control |
| Applications | n/a | Is visible and modifiable | Create, modify and manage Security |
| Global Functions | n/a | Is visible and modifiable | Create, modify and manage Security |
| Global Expressions | n/a | Is visible and modifiable | Create, modify and manage Security |
- When someone has been Denied to Modify permissions over an expression or a function, the user will not be able to modify it. However the it will be available to be used but NOT modified.
Administrators and non-Administrators
- Only Administrators have access to the inclusion of additional users and groups in the Bizagi Studio Security option.
- They will be able to grant rights for all elements that handle security in Bizagi Studio.
- They will always have access rights over all elements that handle security in Bizagi Studio.
- Users that are NOT Administrators will not be able o grant rights for elements that handle security in Bizagi Studio, unless they have Full Control permissions over a certain resource.
- Users that are NOT Administrators will be able to create or modify elements that handle security in Bizagi Studio, according to the configuration given by Administrators.
Additional considerations
- When you configure Bizagi Studio Security, users and groups will be automatically filled with the users that are already part of the project's Bizagi Administrator Group. This group is configured through the server's Management tools, as described in the Work_on_a_remote_server article.
When you add users to any element in Bizagi Studio Security they will be automatically included in the Bizagi Administrators Group.
If you delete any user from Bizagi Studio Security they will NOT be deleted from the e Bizagi Administrators Group.
- When a user has been restricted (denied) to access an element, but is able to use it (like forms, or business rules), when attempting to edit it he or she will receive a message:
You are not authorized to modify this element. Please contact your project administrator
The same applies for the the results of the Search option. These will return all the items that match a condition, But if a user does not have permissions over one of them a window will inform about it.
Related Articles
<comments />
