Within this posting I want to bring up a subject which is important for Blueworks Live (BWL) users to understand as it describes how it fundamentally works - We're talking about the security concept of BWL.
Maybe you already got a message like the one below when trying to open a source link (e.g. to a process):
Although you are logged in to BWL with success you don't have the permission to work with Blueworks Live. Now what about that?!
Basically, the security concept of BWL consists of two - let’s call it - levels
a) Account level
b) Space level
a) The Account level security
To be able to work with BWL you need a valid userID which is registered to an active BWL Account. With that registration you are able to login to the BWL server from your webbrowser and take actions at the BWL account.
With your registration, your userID is corresponding with the user type granted by the Account administrator when the userID was registered to a BWL account.
BWL knows four different user types:
Editors can create, modify, and share process Blueprints and Applications. They can launch and participate in work and have access to process communities.
Contributors can create and participate in work and view and comment on SHARED processes. They can NOT modify or create Process Blueprints.
Community members have limited access to Spaces, blogs, and activity streams. They can NOT participate in work or view shared Process Blueprints or Applications. Community Member Accounts are FREE.
Viewers can only view SHARED Process Blueprints. They can NOT participate in work and do NOT have access to Spaces, blogs, or activity streams.
Besides the above mentioned four user types there also exists the Account Administrator - the Account Administrator can manage all things related to the BWL Account itself (invite additional users, remove users, manage user types, change security on Account level, etc). This is the reason, why you should get in touch with the Account Administrator in case you have any BWL problems. The Account Administrator has the 'golden' key to fix most Account related problems
b) The Space level security
You may already know that BWL artifacts like Processes are stored in Spaces. Dependent on the user type you can create BWL Spaces and store your own Processes in it. The creator of such a Space is the Space Administrator in unison. As a Space Admin you can manage the access to the Space and of course the access to the Processes in it. For that every Space has a Space Participants list:
You can see the user or groups added to that list and the activities they are able to do.
Doc Debug has full access to the Space and all Processes in it, because he is the Space Administrator. His Secretary is also added to the list, she can access all Processes located in that Space but she can NOT manage the Space (copy/move Space or manage Participants list). The same user rights are valid for all userIDs of user type 'EDITOR'. As you can also see, users with user type CONTRIBUTOR can NOT see any Processes from that Space, although they are logged in to the BWL account. They don't have the correct/needed access rights on the Space.
Very often, the Space Administrators only grant access to their Space to dedicated users, all other users are NOT able to access the Space and the Processes in it. As a result you will get the pop-up message "You don't have permission to view this page" when trying to access it.
So, what can you do in such a situation? You have to get in touch with the Space Administrator (in most cases it is the person who provided the process link) and ask him to add you to the Space Participants list. If you cannot find out who the Space Administrator is, you can also contact the BWL support and provide the Process link you want to access. Based on the link, the support team is able to figure out the Account / Space name and provide the contact details of the Space Administrator.
Finally, I want to discuss another problem you may run into when trying to access BWL. When you try to log in with a valid userID and password you may get following exception:
Sometimes the exception also includes IP addresses (restriction is valid to IP a.b.c.d). The strange thing is, the log-in just worked when you worked from your companies location. But in the evening, from your home network, it failed.
The cause of that behavior is another security mechanism of BWL. Account Administrators can manage the access for BWL user based on IP addresses or address ranges.
As a result, only users from that specific IP address or address range can log-in to the BWL account. If you try to log in with the SAME userID/password but from ANOTHER IP address, the login will fail.
With that security restriction a company can ensure that only users from the company's network are able to log-in to the BWL account. From outside the company's network the access is denied.
I hope I was able to bring some more light into the area of BWL security. And if this does not help, take two of these and call me in the morning.