Process security (spec)

From RPM Wiki

Table of contents
1 Summary
2 Template setup

2.1 Staff users
2.2 Agent users

3 Basic form use

3.1 Staff

3.1.1 Process role permissions

3.2 Agent users

3.2.1 View
3.2.2 Edit
3.2.3 Start

4 Special form use

4.1 Form setup
4.2 Archive
4.3 Import

5 Reconciliation
6 History
[edit]

Summary

The security rules for process management

[edit]

Template setup

[edit]

Staff users

  • Security group: "processes.design"
  • Requires the "Process designer" privilege
[edit]

Agent users

  • n/a
[edit]

Basic form use

[edit]

Staff

  • Whole - See the process at all
  • Start - Start a form
  • View N - View forms, not a participant
  • View Y - View forms, is a participant
  • Add N - Add participants, not a participant
  • Add Y - Add participants, is a participant
  • Added - Be added as a participant
  • Info - Edit info, add/edit set forms (must always be a participant)
  • Other - Add/edit files, notes, actions (must always be a participant)


[edit]

Process role permissions

Permission Whole Start View N View Y Add N Add Y Added Info Other
Hidden No No No No No No No No No
Limited read Yes No No Yes No No Yes No Yes
Limited edit Yes No No Yes No Yes Yes Yes Yes
Limited Start Yes Yes No Yes No Yes Yes Yes Yes
Read Yes No Yes Yes No No Yes No Yes
Edit Yes No Yes Yes Yes Yes Yes Yes Yes
Start Yes Yes Yes Yes Yes Yes Yes Yes Yes
[edit]

Agent users

[edit]

View

  • Process must have agent user permission "May participate" of true.
  • Also
    • Manager: User or other agent user in agency must be a participant
    • Rep: User must be a participant
[edit]

Edit

Agent user must be able to see the form then they can

  • See fields with the agent user security of at least read
  • Edit fields with the agent user security of edit
  • Add to the shared notes
  • Upload files if the agency has the "Add files" permission
  • See files that aren't hidden
  • Delete files that aren't hidden and that were uploaded by
    • Manager: an agent user in user's agency
    • Rep: the user
  • Add actions for staff users in their agency
  • Add actions for staff users if the template permission "Add actions for staff users" is true
  • Edit the status level if the template permission "Change the status level" is true
[edit]

Start

The requirements to start a form are:

  • Process must have agent user permission "May participate" of true.
  • And process must also have agent user permission "Start forms" of true.
  • And agency must have "Start forms" permission
[edit]

Special form use

All staff only

[edit]

Form setup

  • Requires "processes.design"
[edit]

Archive

  • Requires edit access to the form and "processes.archive"
[edit]

Import

  • Requires edit access to the process and "processes.import"
[edit]

Reconciliation


[edit]

History

  • Venus: Process management added
  • Ceres: Permission improvement, option to allow agent users to add staff actions
  • Rockefeller: Per role process security
  • Ganymede: More role levels
Retrieved from "http://rpmsoftware.com/wiki/index.php/Process_security_%28spec%29"
  • This page was last modified 20:34, 18 Dec 2008.
  • This page has been accessed 766 times.