MWS Role Permissions

Janardan_Kelkar2 · May 2, 2016, 8:29pm

We have an application deployed to MWS that allows users to upload files and start a new BPM process to process those files. Once the application starts the BPM process, the users then access the process instance and work on Tasks that the process creates.
To serve this requirement, i am creating a new role for these users , that would have access ONLY to the application page link and the process instance page link in the navigation pane on the left of the MWS screen.
When configuring the permissions on this role, i grant access to the Monitoring->Business->Process Instances as well as the custom page we have for the application. When i save these changes and apply, i see that the permissions on the Process Instance element are removed automatically. On more trial and error, i find that the permissions can only either set Grant to all elements under Monitoring and Administration or on none. I cant seem to be able to provide access to specific pages within them eg. Process Instances.

I am able to provide access to only our custom application, that works, so the users , when logging in, see the link to the application portlet in the navigation pane. However, there is no way for them to access the Process Instances without having access to everything under Monitoring and Administration.

Any suggestions ?

I am on MWS 9.9 with Fix3 installed.

Thanks,
Janardan.

Holger_von_Thomsen · May 3, 2016, 1:23pm

Hi Janardan,

sounds really strange.

Which Fixes for Monitor and Monitor UI are applied?

Maybe it is possible to put the users in the Role Monitor Users?
This should only have access to Monitoring part, but not the Administration part.

Another option might be to use DataLevelSecurity (DLS).
This needs to be configured in IS Admin UI for the WmMonitor package (reload it afterwards).

In MWS in the Role “My webMethods Administrators” add “All Processes” to the DLS config.
For your custom Role just add the process(es) you want your users to see.

Regards,
Holger

Janardan_Kelkar2 · May 3, 2016, 4:38pm

Hi Holger,

I do not have any fixes installed for monitor. I have already tried configuring DLS through both the Monitor package on IS as well as on the role configuration in MWS.
I tried to configure similar permissions in an 8.2 MWS installation (with Fix12) and it works, users logging into MWS can only see the ‘Monitoring->Business->Process Instances’ link and the link to our portlet application. None of the other links under Monitoring are visible. But trying to achieve the same results on 9.9 is not working.

Thanks,
Janardan.

Janardan_Kelkar2 · May 3, 2016, 5:39pm

Never mind, i probably had something missing in my installation. I dropped and recreated the DB components for MWS and the issue is now resolved.

Holger_von_Thomsen · May 3, 2016, 6:10pm

Glad to hear that you were able to solve this.