×

Please give details of the problem

Skip to content

Access Rights

This page summarises each user profile's access rights to RunMyProcess resources.

Note that ACCEPTANCE mode has the same rights as LIVE mode but based on the acceptance user list.

Projects

ADMIN USER ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT
DESIGNER SUPERVISOR OBSERVER TRANSLATOR USER
CONFIGURATION Read/Write/Delete Read/Write/Delete Read None Read Read None
VERSION CONFIGURATION Read/Write/Delete Read/Write/Delete Read None Read Read None
VERSION EXECUTION MODE Write None Write None None None None

Project vaults

ADMIN USER ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT
DESIGNER SUPERVISOR OBSERVER TRANSLATOR USER
LIVE EXECUTION Read/Write/Create/Delete None Read/Write/Create/Delete None None Read/Create None
ACCEPTANCE EXECUTION Read/Write/Create/Delete Read/Write/Create/Delete Read/Write/Create/Delete None None Read/Create None
TEST EXECUTION Read/Write/Create/Delete Read/Write/Create/Delete None None None None None

Web interfaces

ADMIN USER ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT
DESIGNER SUPERVISOR OBSERVER TRANSLATOR USER
LIVE EXECUTION MODE / PRIVATE None None Read/Write Read None Read/Write None
LIVE EXECUTION MODE / PUBLIC Read/Write Read/Write Read/Write Read/Write Read/Write Read/Write Read/Write
TEST EXECUTION MODE Read/Write/Delete Read/Write/Delete Read None None None None
DESIGN Read/Write/Delete Read/Write/Delete Read Read Read Read None
DICTIONARIES Read/Write/Delete None Read/Write/Delete None Read/Write/Delete None None

Processes

ADMIN USER ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT
DESIGNER SUPERVISOR OBSERVER TRANSLATOR USER
LIVE EXECUTION MODE / PRIVATE Execute None Execute None None Execute None
LIVE EXECUTION MODE / PUBLIC Execute Execute Execute Execute Execute Execute Execute
TEST EXECUTION MODE Execute Execute Execute None None None None
DESIGN Read/Write/Delete Read/Write/Delete Read None Read None None
DICTIONARIES Read/Write/Delete None Read/Write/Delete None Read/Write/Delete None None

Collections

ADMIN USER ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT
DESIGNER SUPERVISOR OBSERVER TRANSLATOR USER
LIVE EXECUTION MODE / PRIVATE / READ-WRITE Read/Write/Delete None Read/Write/Delete Read None Read/Write/Delete None
LIVE EXECUTION MODE / PRIVATE / READ-ONLY Read/Write/Delete None Read/Write/Delete Read None Read None
LIVE EXECUTION MODE / PUBLIC / READ-WRITE Read/Write/Delete None Read/Write/Delete Read ReadWrite/Delete Read/Write/Delete Read/Write/Delete
LIVE EXECUTION MODE / PUBLIC / READ-ONLY Read/Write/Delete None Read/Write/Delete Read Read None Read
TEST EXECUTION MODE / PRIVATE / READ-WRITE Read/Write/Delete Read/Write/Delete None None None None None
TEST EXECUTION MODE / PRIVATE / READ-ONLY Read/Write/Delete Read/Write/Delete None None None None None
TEST EXECUTION MODE / PUBLIC / READ-WRITE Read/Write/Delete Read/Write/Delete Read/Write/Delete Read/Write/Delete Read/Write/Delete Read/Write/Delete Read/Write/Delete
TEST EXECUTION MODE / PUBLIC / READ-ONLY Read/Write/Delete Read/Write/Delete Read Read Read Read Read
CONFIGURATION Read/Write/Delete Read/Write/Delete Read Read None Read None

Process reports

ADMIN USER ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT
DESIGNER SUPERVISOR OBSERVER TRANSLATOR USER
LIST TEST REQUESTS Read Read Read None None None None
LIST LIVE REQUESTS Read None Read None None None None
REPORT CONFIGURATION Read/Write Read/Write Read/Write None None None None
MODIFY EXECUTION / LIVE EXECUTION MODE Write/Resume None None None None None None
MODIFY EXECUTION / TEST EXECUTION MODE Write/Resume Write/Resume None None None None None
DELETE REQUEST Delete None None None None None None

Web interface reports

ADMIN USER ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT
DESIGNER SUPERVISOR OBSERVER TRANSLATOR USER
LIST LIVE INSTANCES Read None Read Read None Read None
LIST TEST INSTANCES Read Read Read None None None None
REPORT CONFIGURATION Read/Write/Delete Read/Write/Delete Read/Write/Delete None None Read None
DELETE INSTANCE / LIVE EXECUTION MODE Delete None None None None None None
DELETE INSTANCE / TEST EXECUTION MODE Delete Delete None None None None None

Custom lists

ADMIN USER ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT
DESIGNER SUPERVISOR OBSERVER TRANSLATOR USER
CONFIGURATION AND DATA / PRIVATE Read/Write/Delete Read/Write/Delete Read Read None Read None
CONFIGURATION AND DATA / PUBLIC Read/Write/Delete Read/Write/Delete Read Read Read Read Read

Uploaded files

Uploaded files are files that are uploaded during runtime. The access rights to uploaded files depend on the engine version being used.

info The uploaded file's engine version can be found in the uploaded file view (Category term="engine") or by using the FreeMarker method file_desc.

Uploaded files with engine version prior to v5_23_5

Uploaded files with no engine version or with an engine version prior to v5_23_5 are ones that were uploaded before the 28th of October, 2019. These files have the following rights:

ADMIN USER ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT
DESIGNER SUPERVISOR OBSERVER TRANSLATOR USER
INSIDE A PROJECT FROM PROCESS/ PRIVATE Read/Write/Delete Read/Write/Delete Read/Write/Delete Read None Read/Write/Delete None
INSIDE A PROJECT OUTSIDE PROCESS/ PRIVATE Read/Write/Delete Read/Write/Delete Read/Write/Delete Read None Read None
UPLOADED FROM AN INSTANCE READABLE * BY THE USER IN LIVE/PRIVATE Read/Write/Delete None Read/Write/Delete Read None Read/Write/Delete None
UPLOADED FROM AN INSTANCE NOT READABLE * BY THE USER IN LIVE/PRIVATE Read/Write/Delete None Read/Write/Delete None None None None
UPLOADED FROM AN INSTANCE IN TEST/PRIVATE Read/Write/Delete Read/Write/Delete Read/Write/Delete None None None None
OUTSIDE A PROJECT/ PRIVATE Read/Write/Delete Read/Write/Delete Read/Write/Delete Read/Write/Delete Read/Write/Delete Read/Write/Delete None
PUBLIC Read/Write/Delete Read/Write/Delete Read/Write/Delete Read/Write/Delete Read/Write/Delete Read/Write/Delete Read
* See READ right for AppInstance

Uploaded files with engine version v5_23_5 or above

Uploaded files with an engine version v5_23_5 or above are ones that have been uploaded since the 28th of October, 2019. These files have a separate rights policy which is detailed below.

ADMIN USER ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT
DESIGNER SUPERVISOR OBSERVER TRANSLATOR USER
PRIVATE All rights in all execution modes. All rights in TEST mode. All rights in LIVE and ACCEPTANCE mode. Read in LIVE and ACCEPTANCE mode if the file was uploaded from a web interface instance, none otherwise. None See rights policy below. None
PUBLIC Read/Write/Delete Read/Write/Delete Read/Write/Delete Read/Write/Delete Read/Write/Delete Read/Write/Delete Read

Rights policy for USER profile:
The rights a USER has on a file depends on how the file was uploaded. Each case is considered below:

1. A file that has been attached via an upload/ attachment widget on a web interface:

Rights Rule
Read (+ Detach) Any user who can open a web interface instance (draft or manual task), either as a task assignee or read-only, can read the uploaded file(s) attached to it.
Read/Write/Delete (+ Detach) A user has write/delete privileges on an uploaded file only on the web interface instance that he uploaded the file on, and only while the instance is pending.

The user keeps the rights described above in the output variables of the manual task or the start event (draft).

2. A file created in a process instance:
A file can be created in a process instance by a variety of means; examples include the use of the create_file method, a PDF generation step or a file downloaded through a connector.

Rights Rule
Read/Write/Delete (+ Detach) The current user (P_user) at the time the file is created has Read/Write/Delete/Detach privileges on the file within the current process instance (and also in child process instances).
By default, no other user has any rights on the file.

3. A file exported from a report widget:

Rights Rule
Read The connected user who launched the export has Read rights to the generated file.
By default, no other user has any rights to the file.

4. A file uploaded manually from the IDE:

Rights Rule
None There are no user rights for this file.

5. A file exported from a collection:

Rights Rule
None There are no user rights for this file.

Sharing access rights on files
It is possible to add or remove access rights to a file by using FreeMarker methods at a user and/or lane level. The methods that allow you to do this are:

R_read_file_add_lane
R_read_file_add_user
R_read_file_remove_lane
R_read_file_remove_user
R_update_file_add_lane
R_update_file_add_user
R_update_file_remove_lane
R_update_file_remove_user

When using these methods in a process instance, the current user (P_user) is considered. If the current user has read access to a file then the user can share that read right, similarly if a user has write access to the file then the user can share that write access.

Versioned files

ADMIN USER ANONYMOUS OR AUTHENTICATED TO ANOTHER ACCOUNT
DESIGNER SUPERVISOR OBSERVER TRANSLATOR USER
PRIVATE Create/Read/Write/Delete Create/Read/Write/Delete None None None Read None
PUBLIC Create/Read/Write/Delete Create/Read/Write/Delete Read Read Read Read Read

Users

ADMIN USER
(without restriction)
USER
(with METADATA restriction)
ANYONE SELF ANYONE SELF
CONFIGURATION Create/Read/Inactivate/Delete None Read None Read
NAME Write None Write None Write
LANGUAGES Write None Write None Write
PASSWORD Write None Write None Write
PROFILE Write None None None None
PREFERENCES Read Read Read/Write Read Read/Write
METADATA Read/Write Read Read None None
OTHER RIGHTS Impersonate/LogAs None None None None

The LogAs right can only be granted by a user to its admin.