The Business Automation Workflow REST
APIs use authorization roles to determine the actions that a user
can take on objects, such as processes, tasks, and user data.
Authorization roles
The following list includes
the roles that are used by the Business Automation Workflow REST
APIs:
- Business Automation Workflow administrators
- Users with wide-ranging privileges for actions on Business Automation Workflow objects
including users, groups, teams, tasks, and processes.
- Process application administrators (IBM® Process
Portal administrator
team)
- Users who can perform actions on instances or tasks in a specific
process application.
- Team managers
- Users who can perform actions on tasks and processes that are
accessible to the members of the managed team.
- Potential task owners
- Users who can work on a task in a process.
- Manager team of task team
- Users who can work on and reassign tasks assigned to members of
the managed team.
- Task owner
- The user who is assigned to or has claimed the task and is responsible
for completing it.
- Task collaborator
- A user whom was invited by the task owner to collaborate on the
task, that is, to provide relevant data but not complete the
task.
- Instance owners
- Users who can administer instances of a specific process.
Retrieve and delete user
data
The following actions facilitate
compliance with the EU's General Data Protection Regulation. For more
information, see .
Table 1. Eligible roles for actions on the personal information of Business Automation Workflow users
| Action |
Eligible roles |
Retrieve a list of personal information about
a Business Automation Workflow user
(GET)GET https://host:port/ops/std/bpm/users/{user_id}/personal_data
|
Business Automation Workflow administrator |
Delete personal information about a Business Automation Workflow user
(DELETE)DELETE https://host:port/ops/std/bpm/users/{user_id}/personal_data
|
Business Automation Workflow administrator |
Processes APIs
Table 2. Eligible roles
for actions on processes and process instances
| Action |
Eligible roles |
Retrieve a list of processes that the user is
allowed to see (GET)/bpm/processes
|
- Business Automation Workflow administrator
- Process application administrator
|
Start a new instance of a process (POST)/bpm/processes/{process-id}
|
Members of teams assigned to the Expose
to start option for the process |
Retrieve the details of a process instance (GET)/bpm/processes/{process-id}
|
- Business Automation Workflow administrator
- Process application administrator
- Instance owner
- Follower of the instance
- Tagged in the instance
- Members of teams assigned to the Expose Performance
Metrics option for the process
|
Delete a process instance (DELETE)/bpm/processes/{process-id}
|
- Business Automation Workflow administrator
- Process application administrator
- Instance owner
|
User tasks APIs
Table 3. Eligible roles
for actions on user tasks
| Action |
Eligible roles |
Retrieve a list of tasks that the user is allowed
to see (GET)/bpm/user-tasks
|
- Business Automation Workflow administrator
- Task owner
- Potential task owner for unclaimed tasks
|
Retrieve task details (GET)/bpm/user-tasks/{task-id}
|
- Business Automation Workflow administrator
- Process application administrator
- Instance owner
- Task team manager
- Task owner
- Potential task owner
- Collaborator
|
Claim a task (PUT)/bpm/user-tasks/{task-id}/claim
|
- Business Automation Workflow administrator
- Process application administrator
- Potential task owner if an owner is not assigned
|
Complete a task (PUT)/bpm/user-tasks/{task-id}/complete
|
- Business Automation Workflow administrator
- Process application administrator
- Instance owner
- Task owner
|