Content Platform Engine process services groups

Edit online

Draft comment:
This topic only applies to BAW, and is located in the BAW repository. Last updated on 2025-03-13 12:15

You assign Content Platform Engine process services access rights to two main groups, the workflow system administration group and the workflow system configuration group. You use these groups to specify what process actions are available to users of your case management solution.

The following two groups have special access rights in the Content Platform Engine. During the configuration of the Content Cortex Platform, these groups are assigned to a Lightweight Directory Access Protocol (LDAP) group name.

Table 1. Content Platform Engine groups
Group	Description
Workflow system administration group	Required. Users in this group have full rights to all workflow rosters and queues, and can unlock work items locked by other users.
Workflow system configuration group	Recommended. If this group is assigned to an LDAP group, only users who belong to this group or the workflow system administration group can modify system configuration through the Process Configuration Console or through APIs.

If the workflow system configuration group is not configured, system administration group members and all users can manage roles. If the workflow system configuration group is configured, only the following users can manage roles:

workflow system configuration group members
users and groups with write permissions to the application space

The following table summarizes how solution assets map to securable entities in the Content Platform Engine.

Table 2. Case management to Content Platform Engine mapping
Content Platform Engine entity	Case management solution component
Queue	One queue per role in a solution
Roster	One roster per solution
Application space	One application space per solution

Event log data is included in the case history, which uses the same security as is applied to case instances.

If you do not assign anyone to an access right for a roster or queue, then everyone has that right. For example, if you do not assign anyone to the Query access right on the roster, then all users can Query. As soon as you assign at least one user or group to have Query rights, then only those users and the P8 Admin role can Query.

You must assign rights on the application space in order to modify role membership. If you do not assign any rights, then only the workflow system administration group and the workflow system configuration group can modify role membership.

Members of the workflow system administration group have full rights to everything, even if you do not explicitly assign rights to this group.