Required roles for actions on BPEL process instances

Access to the BusinessFlowManager interface does not guarantee that the caller can perform all of the actions on a process. The caller must be logged on to the client application with a role that is authorized to perform the action.

The following table shows the actions on a process instance that a specific role can take.
Table 1. Required roles for actions on BPEL process instances
Action Caller's principal role
Reader Starter Administrator
createMessage x x x
createWorkItem x
delete x
deleteWorkItem x
forceTerminate x
getActiveEventHandlers x x
getActivityInstance x x
getAllActivities x x
getAllWorkItems x x
getClientUISettings x x x
getCustomProperties x x x
getCustomProperty x x x
getCustomPropertyNames x x x
getFaultMessage x x x
getInputClientUISettings x x x
getInputMessage x x x
getOutputClientUISettings x x x
getOutputMessage x x x
getProcessInstance x x x
getVariable x x x
getWaitingActivities x x x
getWorkItems x x
restart x
resume x
setCustomProperty x x
setVariable x
suspend x
transferWorkItem x
Note: If process administration is restricted to system administrators, then instance-based administration is disabled. This means that administrative actions on processes, scopes, and activities are limited to users in the BPESystemAdministrator role. In addition, reading, viewing, and monitoring a process instance or parts of it can only be performed by users in the BPESystemAdministrator or BPESystemMonitor roles. For more information about this administration mode, see Alternative administration modes for BPEL processes.
Parent topic: Developing applications for BPEL processes