Watch It
Roles are created in
SBM Composer
as part of a process app, which can comprise multiple applications. Roles span
the applications within the process app, and serve two functions:
- They are a named collection of privileges. The privileges secure user
actions and data access. For example, a role named User could be a collection
of privileges suitable for someone to whom items are assigned but who has no
administrative tasks. Someone with that role could be unable to execute some
transitions and view some fields on forms.
- They are a means to populate selection lists for
User,
Multi-User, and
Multi-Group fields. You associate roles with these fields in
SBM Composer.
The two functions can be connected or disconnected. When the functions
are connected, a role provides privileges and populates a selection list. When
the functions are disconnected, a role either populates a selection list with
no privileges, or only provides privileges.
Privileges fall into two broad categories:
- System privileges control a user's ability to deploy and promote
process apps, and perform actions that affect application configuration.
- Application privileges define what a user can view and act on within
an application. These privileges allow fine-grained control over items,
attachments, notes, reports, workflows, and fields.
Roles are distinct from groups, which are named collections of users.
Administrators can use groups to identify a set of users based on criteria
other than job function. A group could be created for a particular project, for
example, or for a division within the company. You can assign roles to a group.
Note: If you associate a user or group with a role, and the
role contains privileges that conflict with the user or group level of product
access, those privileges are not granted to the user or group.
Users and groups are associated with roles for particular projects in
the
SBM Application Administrator.
Note: When groups or users are copied, role assignments are copied with
them. Also, when groups or users are imported through LDAP using a template
group or user, the role assignments associated with the template are copied to
the new group or user.
Copyright © 2007–2015 Serena Software, Inc. All rights reserved.