|
The security of a process defines the permissions to access the process or its instances. The security configuration can be performed in the Process type. If, in the process type data, the "Block process security control editing" option is checked, the process security will be defined in the type.
After saving the changes (in the type), the security will be valid for all processes of this type and for new instances of these processes.
The security configuration can be performed in the following locations:
▪Process type: If the "Block process security control editing" option is checked in the process type data, the process security will be defined in the type. After saving the changes (in the type), the security will be valid for all processes of this type and for new instances of these processes. ▪Process data: Through the "Security" section, it is possible to configure process security; however, it is necessary for process editing to be enabled, in the case of a simplified revision, or for the process revision to have been created (in the case of an ISO9000 based or Workflow revision). ▪Record screen (PM022): After selecting the process, click on the arrow next to the edit button and click on the "Process security" option. Through this option, it is not necessary to enable process editing or create a revision to edit the process security. After saving the changes, the security will be valid for the process and for the new instances.
To be able to edit the process security, the user must have permission to edit or be the Responsible for the process.
|
If the "Block process security control editing" option is not checked in the type, the security can be configured in the process, as the permission inheritance options will be enabled:
Permission inheritance
|
Checked
|
Unchecked
|
Inherit security list from process type
|
Check this option for the process type security configuration to be applied to the process and to the instance (Workflow, Incident, or Problem).
|
If this option is not checked, during the instance execution (Workflow, Incident or Problem), the "Security" section will be displayed in the activity navigation panel, which will allow the instance access controls to be defined.
|
Enable starter to edit instance viewing permissions
|
Check this field so that the process starter can define the permissions (view, edit, delete, cancel, postpone and reactivate) of the instance for a user, team, organizational unit, department/position, position, functional role, process starter or starter leader. If this option is checked, during the execution of the activities under the responsibility of the starter, the "Security" section will be displayed in the activity navigation panel, which will allow the instance access controls to be defined. It is worth pointing out that the starter will have permission to edit the security even in activities assigned to groups (department, position or functional role) of which they are part.
Note: This option will only be enabled if the "Inherit security list of process in the instance" option is not checked.
|
If this option is not checked or if it is disabled, the instance permissions can be edited by the executors (including the starter), during activity execution, only if the "Inherit security list of process in the instance" option is not checked. Otherwise, the "Security" section will not be displayed in the activity navigation panel during the instance execution.
|
The fields from this listing will remain disabled if the "Inherit security list from process type" option is selected, or if in the process type in question, the "Block process security control editing" option is checked.
|
To define the process security list in a customized way, uncheck the "Inherit security list from process type" option and make sure the "Block process security control editing" option is unchecked in the process type. With both fields unchecked, the listing buttons will be enabled.
Click on the  button and, on the screen that will be opened, define the access controls for the process:
Access type
|
Select the user group that will have the access allowed or denied for the control configured in the "Controls" field.
|
Team
|
The members of a certain team will have access.
|
Organizational unit
|
Users in a particular organizational unit or organizational department will have access.
|
Department/Position
|
Users who perform a particular role in a department of the company will have access.
|
Position
|
Users who hold a specific position will have access.
|
User
|
A specific user will have access.
|
Functional role
|
Users who have a specific functional role in the company.
|
All
|
All system users will have access.
|
Process starter
|
User who started the process will have access. Only the controls related to the "process instance" will be available in the Control section.
|
Process starter leader
|
The leader of the user who started the process will have access. Only the controls related to the "process instance" will be available in the Control section.
|
Permission profile
|
Select the permission profile that will be given to the user group selected in the "Access type" field:
|
Filters
|
Fill out the fields to facilitate searching for the groups that will have access to the process.
|
User
|
This filter allows locating the users recorded in the system. This field will be enabled by selecting the "User" option for the Access type.
|
Department
|
This filter allows locating the organizational units and departments recorded in the system. This field will be enabled by selecting the "Organizational unit", "Department/Position" or "User" options for the Access type.
|
Position
|
This filter allows locating the user positions recorded in the system. This field will be enabled by selecting the "Position", "Department/Position" or "User" options for the Access type.
|
Team
|
This filter allows locating the teams recorded in the system. This field will be enabled by selecting the "Team" option for the Access type.
|
Functional role
|
This filter allows locating the functional roles recorded in the system. This field will be enabled by selecting the "Functional role" option for the Access type.
|
To search for the groups, click on the  button on the toolbar or press ENTER on the keyboard. The respective user groups will be displayed in the list of records on the selection screen. Select those that will have access permission to the process and click on the  button to add the group to the process security.
|
