Restricting access to debugging for services

Edit online

You might need to limit access to debugging functions in the Inspector in IBM® Process Designer. For services other than human services, you can control which users have the ability to debug services. To edit the settings, copy the code snippet and then make the necessary changes.

The settings are checked by the server that runs the service. They need to be applied to the configuration file of your IBM Workflow Center when you debug locally in your Process Designer. The configuration file of the online process server is checked when you run and debug on an online IBM Workflow Server.

Remember: The access restrictions do not apply to human services.

The following elements enable you to configure debugging functions for services.

Element Default setting Description

Element	Default setting	Description
`<enabled merge="replace">true</enabled>`	`true`	On Workflow Center: Establishes whether debugging of services is enabled. If set to `false` , when you attempt to debug a service in the Inspector in Process Designer, Business Automation Workflow simply runs the service without providing debugging feedback. On Workflow Server: Establishes whether running and debugging of services is enabled. If set to false, when you attempt to run or debug a service in the Inspector in Process Designer, Business Automation Workflow rejects the attempt.
`<enforce-debug-role merge="replace">true</enforce-debug-role>`	`false`	Establishes whether Business Automation Workflow users who don't belong to the Debug group (defined in the following setting) can access the debugging function. Only one user role can be defined. By default, this element is set to `false` , which allows users who don't belong to the Debug group to access debugging function. So, by default, all users have access to debugging for services. To limit access to users who are members of the Debug group, set this element to `true`. If enabled as false or `enforce-debug-role` is false, this setting has no effect. If enabled and `debug-role` is true, a user with this role has access to debugging functions. A user who isn't assigned this role won't have access to debugging functions and the service runs as it would normally.
`<debug-role merge="replace">debug</debug-role>`	`debug`	Specifies the group that users must be a member of so they can access the debugging function. Only one group can be defined. If one or both of the preceding settings is false (`enabled` and `enforce-debug-role`), then this setting has no effect. If both of the preceding settings are true, then A user who belongs to this role will have access to debugging functionality. A user who does not belong to this role will not have access to debugging functionality. If you do not specify any value for `debug-role` , debugging functionality is disabled.

<enabled merge="replace">true</enabled>

true

On Workflow Center: Establishes whether debugging of services is enabled. If set to false , when you attempt to debug a service in the Inspector in Process Designer, Business Automation Workflow simply runs the service without providing debugging feedback.

On Workflow Server: Establishes whether running and debugging of services is enabled. If set to false, when you attempt to run or debug a service in the Inspector in Process Designer, Business Automation Workflow rejects the attempt.

<enforce-debug-role
merge="replace">true</enforce-debug-role>

false

Establishes whether Business Automation Workflow users who don't belong to the Debug group (defined in the following setting) can access the debugging function. Only one user role can be defined.

By default, this element is set to false , which allows users who don't belong to the Debug group to access debugging function. So, by default, all users have access to debugging for services. To limit access to users who are members of the Debug group, set this element to true. If enabled as false or enforce-debug-role is false, this setting has no effect. If enabled and debug-role is true, a user with this role has access to debugging functions. A user who isn't assigned this role won't have access to debugging functions and the service runs as it would normally.

<debug-role merge="replace">debug</debug-role>

debug

Specifies the group that users must be a member of so they can access the debugging function. Only one group can be defined.

If one or both of the preceding settings is false (enabled and enforce-debug-role), then this setting has no effect.

If both of the preceding settings are true, then

A user who belongs to this role will have access to debugging functionality.
A user who does not belong to this role will not have access to debugging functionality.
If you do not specify any value for debug-role , debugging functionality is disabled.

You can use the following XML snippet to change the debug properties in the 100Custom.xml file:


<server>
	<debug>
         <enabled merge="replace">true</enabled>
         <enforce-debug-role merge="replace">true</enforce-debug-role>
         <debug-role merge="replace">debug</debug-role>
	</debug>
</server>

For information about the 100Custom.xml file's location and how to create, modify, and deploy it, see The 100Custom.xml file and configuration.