Access Rights
This page summarises each user profile's access rights to RunMyProcess resources.
Note that ACCEPTANCE mode has the same rights as LIVE mode but based on the acceptance user list.
Projects
ADMIN | USER | ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT | |||||
---|---|---|---|---|---|---|---|
DESIGNER | SUPERVISOR | OBSERVER | TRANSLATOR | USER | |||
CONFIGURATION | Read/Write/Delete | Read/Write/Delete | Read | None | Read | Read | None |
VERSION CONFIGURATION | Read/Write/Delete | Read/Write/Delete | Read | None | Read | Read | None |
VERSION EXECUTION MODE | Write | None | Write | None | None | None | None |
Project vaults
ADMIN | USER | ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT | |||||
---|---|---|---|---|---|---|---|
DESIGNER | SUPERVISOR | OBSERVER | TRANSLATOR | USER | |||
LIVE EXECUTION | Read/Write/Create/Delete | None | Read/Write/Create/Delete | None | None | Read/Create | None |
ACCEPTANCE EXECUTION | Read/Write/Create/Delete | Read/Write/Create/Delete | Read/Write/Create/Delete | None | None | Read/Create | None |
TEST EXECUTION | Read/Write/Create/Delete | Read/Write/Create/Delete | None | None | None | None | None |
Web interfaces
ADMIN | USER | ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT | |||||
---|---|---|---|---|---|---|---|
DESIGNER | SUPERVISOR | OBSERVER | TRANSLATOR | USER | |||
LIVE EXECUTION MODE / PRIVATE | None | None | Read/Write | Read | None | Read/Write | None |
LIVE EXECUTION MODE / PUBLIC | Read/Write | Read/Write | Read/Write | Read/Write | Read/Write | Read/Write | Read/Write |
TEST EXECUTION MODE | Read/Write/Delete | Read/Write/Delete | Read | None | None | None | None |
DESIGN | Read/Write/Delete | Read/Write/Delete | Read | Read | Read | Read | None |
DICTIONARIES | Read/Write/Delete | None | Read/Write/Delete | None | Read/Write/Delete | None | None |
Processes
ADMIN | USER | ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT | |||||
---|---|---|---|---|---|---|---|
DESIGNER | SUPERVISOR | OBSERVER | TRANSLATOR | USER | |||
LIVE EXECUTION MODE / PRIVATE | Execute | None | Execute | None | None | Execute | None |
LIVE EXECUTION MODE / PUBLIC | Execute | Execute | Execute | Execute | Execute | Execute | Execute |
TEST EXECUTION MODE | Execute | Execute | Execute | None | None | None | None |
DESIGN | Read/Write/Delete | Read/Write/Delete | Read | None | Read | None | None |
DICTIONARIES | Read/Write/Delete | None | Read/Write/Delete | None | Read/Write/Delete | None | None |
Collections
ADMIN | USER | ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT | |||||
---|---|---|---|---|---|---|---|
DESIGNER | SUPERVISOR | OBSERVER | TRANSLATOR | USER | |||
LIVE EXECUTION MODE / PRIVATE / READ-WRITE | Read/Write/Delete | None | Read/Write/Delete | Read | None | Read/Write/Delete | None |
LIVE EXECUTION MODE / PRIVATE / READ-ONLY | Read/Write/Delete | None | Read/Write/Delete | Read | None | Read | None |
LIVE EXECUTION MODE / PUBLIC / READ-WRITE | Read/Write/Delete | None | Read/Write/Delete | Read | ReadWrite/Delete | Read/Write/Delete | Read/Write/Delete |
LIVE EXECUTION MODE / PUBLIC / READ-ONLY | Read/Write/Delete | None | Read/Write/Delete | Read | Read | None | Read |
TEST EXECUTION MODE / PRIVATE / READ-WRITE | Read/Write/Delete | Read/Write/Delete | None | None | None | None | None |
TEST EXECUTION MODE / PRIVATE / READ-ONLY | Read/Write/Delete | Read/Write/Delete | None | None | None | None | None |
TEST EXECUTION MODE / PUBLIC / READ-WRITE | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete |
TEST EXECUTION MODE / PUBLIC / READ-ONLY | Read/Write/Delete | Read/Write/Delete | Read | Read | Read | Read | Read |
CONFIGURATION | Read/Write/Delete | Read/Write/Delete | Read | Read | None | Read | None |
Process reports
ADMIN | USER | ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT | |||||
---|---|---|---|---|---|---|---|
DESIGNER | SUPERVISOR | OBSERVER | TRANSLATOR | USER | |||
LIST TEST REQUESTS | Read | Read | Read | None | None | None | None |
LIST LIVE REQUESTS | Read | None | Read | None | None | None | None |
REPORT CONFIGURATION | Read/Write | Read/Write | Read/Write | None | None | None | None |
MODIFY EXECUTION / LIVE EXECUTION MODE | Write/Resume | None | None | None | None | None | None |
MODIFY EXECUTION / TEST EXECUTION MODE | Write/Resume | Write/Resume | None | None | None | None | None |
DELETE REQUEST | Delete | None | None | None | None | None | None |
Web interface reports
ADMIN | USER | ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT | |||||
---|---|---|---|---|---|---|---|
DESIGNER | SUPERVISOR | OBSERVER | TRANSLATOR | USER | |||
LIST LIVE INSTANCES | Read | None | Read | Read | None | Read | None |
LIST TEST INSTANCES | Read | Read | Read | None | None | None | None |
REPORT CONFIGURATION | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | None | None | Read | None |
DELETE INSTANCE / LIVE EXECUTION MODE | Delete | None | None | None | None | None | None |
DELETE INSTANCE / TEST EXECUTION MODE | Delete | Delete | None | None | None | None | None |
Custom lists
ADMIN | USER | ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT | |||||
---|---|---|---|---|---|---|---|
DESIGNER | SUPERVISOR | OBSERVER | TRANSLATOR | USER | |||
CONFIGURATION AND DATA / PRIVATE | Read/Write/Delete | Read/Write/Delete | Read | Read | None | Read | None |
CONFIGURATION AND DATA / PUBLIC | Read/Write/Delete | Read/Write/Delete | Read | Read | Read | Read | Read |
Uploaded files
Uploaded files are files that are uploaded during runtime. The access rights to uploaded files depend on the engine version being used.
The uploaded file's engine version can be found in the uploaded file view (Category term="engine") or by using the FreeMarker method
file_desc
.
Uploaded files with engine version prior to v5_23_5
Uploaded files with no engine version or with an engine version prior to v5_23_5
are ones that were uploaded before the 28th of October, 2019. These files have the following rights:
ADMIN | USER | ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT | |||||
---|---|---|---|---|---|---|---|
DESIGNER | SUPERVISOR | OBSERVER | TRANSLATOR | USER | |||
INSIDE A PROJECT FROM PROCESS/ PRIVATE | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | Read | None | Read/Write/Delete | None |
INSIDE A PROJECT OUTSIDE PROCESS/ PRIVATE | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | Read | None | Read | None |
UPLOADED FROM AN INSTANCE READABLE * BY THE USER IN LIVE/PRIVATE | Read/Write/Delete | None | Read/Write/Delete | Read | None | Read/Write/Delete | None |
UPLOADED FROM AN INSTANCE NOT READABLE * BY THE USER IN LIVE/PRIVATE | Read/Write/Delete | None | Read/Write/Delete | None | None | None | None |
UPLOADED FROM AN INSTANCE IN TEST/PRIVATE | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | None | None | None | None |
OUTSIDE A PROJECT/ PRIVATE | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | None |
PUBLIC | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete |
* See READ right for AppInstance |
Uploaded files with engine version v5_23_5 or above
Uploaded files with an engine version v5_23_5 or above are ones that have been uploaded since the 28th of October, 2019. These files have a separate rights policy which is detailed below.
ADMIN | USER | ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT | |||||
---|---|---|---|---|---|---|---|
DESIGNER | SUPERVISOR | OBSERVER | TRANSLATOR | USER | |||
PRIVATE | All rights in all execution modes. | All rights in TEST mode. | All rights in LIVE and ACCEPTANCE mode. | Read in LIVE and ACCEPTANCE mode if the file was uploaded from a web interface instance, none otherwise. | None | See rights policy below. | None |
PUBLIC | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete | Read/Write/Delete |
Rights policy for USER profile:
The rights a USER has on a file depends on how the file was uploaded. Each case is considered below:
1. A file that has been attached via an upload/ attachment widget on a web interface:
Rights | Rule |
---|---|
Read (+ Detach) | Any user who can open a web interface instance (draft or manual task), either as a task assignee or read-only, can read the uploaded file(s) attached to it. |
Read/Write/Delete (+ Detach) | A user has write/delete privileges on an uploaded file only on the web interface instance that he uploaded the file on, and only while the instance is pending. |
The user keeps the rights described above in the output variables of the manual task or the start event (draft).
2. A file created in a process instance:
A file can be created in a process instance by a variety of means; examples include the use of the create_file method, a PDF generation step or a file downloaded through a connector.
Rights | Rule |
---|---|
Read/Write/Delete (+ Detach) | The current user (P_user ) at the time the file is created has Read/Write/Delete/Detach privileges on the file within the current process instance (and also in child process instances).By default, no other user has any rights on the file. |
3. A file exported from a report widget:
Rights | Rule |
---|---|
Read | The connected user who launched the export has Read rights to the generated file. By default, no other user has any rights to the file. |
4. A file uploaded manually from the IDE:
Rights | Rule |
---|---|
None | There are no user rights for this file. |
5. A file exported from a collection:
Rights | Rule |
---|---|
None | There are no user rights for this file. |
Sharing access rights on files
It is possible to add or remove access rights to a file by using FreeMarker methods at a user and/or lane level. The methods that allow you to do this are:
R_read_file_add_lane
R_read_file_add_user
R_read_file_remove_lane
R_read_file_remove_user
R_update_file_add_lane
R_update_file_add_user
R_update_file_remove_lane
R_update_file_remove_user
When using these methods in a process instance, the current user (P_user
) is considered. If the current user has read access to a file then the user can share that read right, similarly if a user has write access to the file then the user can share that write access.
Versioned files
ADMIN | USER | ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT | |||||
---|---|---|---|---|---|---|---|
DESIGNER | SUPERVISOR | OBSERVER | TRANSLATOR | USER | |||
PRIVATE | Create/Read/Write/Delete | Create/Read/Write/Delete | None | None | None | Read | None |
PUBLIC | Create/Read/Write/Delete | Create/Read/Write/Delete | Read | Read | Read | Read | Read |
Users
ADMIN | USER (without restriction) |
USER (with METADATA restriction) |
|||
---|---|---|---|---|---|
ANYONE | SELF | ANYONE | SELF | ||
CONFIGURATION | Create/Read/Inactivate/Delete | None | Read | None | Read |
NAME | Write | None | Write | None | Write |
LANGUAGES | Write | None | Write | None | Write |
PASSWORD | Write | None | Write | None | Write |
PROFILE | Write | None | None | None | None |
PREFERENCES | Read | Read | Read/Write | Read | Read/Write |
METADATA | Read/Write | Read | Read | None | None |
OTHER RIGHTS | Impersonate/LogAs | None | None | None | None |
The LogAs
right can only be granted by a user to its admin.
Please give details of the problem