Topic
  • 4 replies
  • Latest Post - ‏2012-11-19T17:43:41Z by SystemAdmin
HYDERABAD
HYDERABAD
72 Posts

Pinned topic Restrict User Access

‏2012-11-15T03:12:16Z |
Hi Folks,

After adding the user in tw_authors group,how can we restrict him from creating a new process application.

I heard we can do this from some configuration file or from WAS.

Please help me this issue.

Thanks in advance.

SANA
Updated on 2012-11-19T17:43:41Z at 2012-11-19T17:43:41Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    7615 Posts

    Re: Restrict User Access

    ‏2012-11-15T13:28:06Z  
    I was trying to test this out. But every time I added someone to tw_authors group, that user got rights to create process application and toolkit. And I am quite sure that rights for BPM can't be controlled at WAS level. WAS is fundamentally responsible for providing "authentication" infrastructure. "Authorization" part within BPM is controlled through combination of assignments with /ProcessAdmin and /ProcessCenter.

    Btw, what is the use case for which you want to add someone to tw_authors but dont want that person to be able to create process applications?Is this something to do with access to QA / Code review teams where you want those folks to be able to perform code reviews but not to be able to create any new apps?

    Ashish
  • HYDERABAD
    HYDERABAD
    72 Posts

    Re: Restrict User Access

    ‏2012-11-15T13:41:47Z  
    I was trying to test this out. But every time I added someone to tw_authors group, that user got rights to create process application and toolkit. And I am quite sure that rights for BPM can't be controlled at WAS level. WAS is fundamentally responsible for providing "authentication" infrastructure. "Authorization" part within BPM is controlled through combination of assignments with /ProcessAdmin and /ProcessCenter.

    Btw, what is the use case for which you want to add someone to tw_authors but dont want that person to be able to create process applications?Is this something to do with access to QA / Code review teams where you want those folks to be able to perform code reviews but not to be able to create any new apps?

    Ashish
    Thanks for your reply.

    The developers who are added in tw_authors group,create multiple process application with Weird names(eg: abcc_process app,asfasd_process app etc) and for ever single POC they create new process app and its difficult to handle this.

    So we want some mechanism to restrict this,we create the process app and then just do there POC's in the process we create.That is the reason we want to restrict them from creating the new process app.
  • SystemAdmin
    SystemAdmin
    7615 Posts

    Re: Restrict User Access

    ‏2012-11-16T04:31:17Z  
    • HYDERABAD
    • ‏2012-11-15T13:41:47Z
    Thanks for your reply.

    The developers who are added in tw_authors group,create multiple process application with Weird names(eg: abcc_process app,asfasd_process app etc) and for ever single POC they create new process app and its difficult to handle this.

    So we want some mechanism to restrict this,we create the process app and then just do there POC's in the process we create.That is the reason we want to restrict them from creating the new process app.
    Your problem is genuine and we faced similar issues in our team. But then this is what we realized -

    1. It is better to educate our developers on value of naming standards rather than creating restrictive policies around it. It was a matter of choice - either follow the standards or prepare for a restrictive set of usage. On our side we created some naming standards. And now we have much better situation. Every once in a while we do get some funny names in process applications / toolkits but then that's fine.
    2. Don't get too much hung up on names of Process Apps etc in Process Center. Developers will need to create some kind of quick test apps with names like AshishTestApp, GridTestingApp etc. After all process center is there work area. When they are finished with there R&D then ask them to delete those apps. BPM 8.0 provides this feature. Just ensure that apps that you are promoting to test / prod meet your naming guidelines.

    At least this is what we are doing in our projects.

    Ashish
  • SystemAdmin
    SystemAdmin
    7615 Posts

    Re: Restrict User Access

    ‏2012-11-19T17:43:41Z  
    Your problem is genuine and we faced similar issues in our team. But then this is what we realized -

    1. It is better to educate our developers on value of naming standards rather than creating restrictive policies around it. It was a matter of choice - either follow the standards or prepare for a restrictive set of usage. On our side we created some naming standards. And now we have much better situation. Every once in a while we do get some funny names in process applications / toolkits but then that's fine.
    2. Don't get too much hung up on names of Process Apps etc in Process Center. Developers will need to create some kind of quick test apps with names like AshishTestApp, GridTestingApp etc. After all process center is there work area. When they are finished with there R&D then ask them to delete those apps. BPM 8.0 provides this feature. Just ensure that apps that you are promoting to test / prod meet your naming guidelines.

    At least this is what we are doing in our projects.

    Ashish
    Also note that this problem is really mainly one for repository administrators. By design repository administrators can see all the Process Apps and Toolkits. This winds up making their view of the Process Center very cluttered. If you did not have this level of access, then you could only see the PA and TK that you had explicitly been given access to, so the "Cruft" of apps that you really don't care about would go away. We really just need the option to filter that Process Center view down to "Only stuff I have explicit rights to." Or the ability to turin on/off this Admin view in some manner. Then you would really not care what someone is doing in what is essentially their own space.

    Andrew Paier | Director of Special Operations | BP3 Global, Inc. www.bp-3.com