Role-based access to business process instances

Hi All,

I’m trying to give access to different business processes myProcess and orderProcess to separate users. Here is what I did so far:

  • in my environment, “configure servers” tab, “station settings”, I checked the “DLS enabled” checkbox. Then I deployed again my environment
  • I created a user test_user
  • I created a role test_role. in the “Data level security” for this role, I added my business process myProcess. I added my user test_user as a member of this role.
  • in MWS permissions management page, I gave access to process instances to test_role

Now when I run instances of my two business processes, and I log in with test_user, in the navigation panel I have access only to the “Process instances” page, which is what I want. But when I open this page, I can see instances for myProcess, but also to orderProcess, even though I didn’t add it to the role.

Any idea what I’m missing?

Thanks a lot for your help,

F.

Hi Francois,

I am currently preparing something similar for our application.

You have missed some important point:
Check the configuration of the WmMonitor-Package in the IS.
This one also has a checbox “Enable Data Level Security” which needs to be checked.
Reload the Package afterwards.
Otherwise the IS/WmMonitor will not honor the settings present in the Roles.

Rememeber to give the My webMethods Administrators Role the setting “Access to All Processes”, otherwise the Administrator will no longer see any of them.

Rest of the configuration you have described sounds reasonable so far.

I am not quite sure about the setting for the environment, which applies only to the analytic engine, but I will check this with my team.

Regards,
Holger

Hi Holger,

You’re right, I had missed this point.
Also there was the problem of my environment being defined with 2 IS.

After I had changed the WmMonitor configuration and removed one of the IS which was not used, data-level security worked like a charm !

Thanks a lot for your help,

François