Permissions determine the access that a user has to Process Manager. Permissions determine what users can view in the Process Manager portal and what functions they can perform. You can set permissions on two levels: users and groups. As a general rule, permissions are applied to groups in Process Manager.
When you apply permissions at the group level, the permission settings apply to each user that is a member of the group. When you use groups to apply permissions, you do not have to edit the permission settings for each group member. You can make the change at the group level and it is updated for every user that is a member of that group. By using groups, you greatly simplify user management and permission management.
Process Manager manages security by using Active Directory to obtain user authentication and authority information. When the user logs on, an Active Directory page grants them a session token. If this effort fails, the user is directed to another logon page that grants them a session token. This session token is the only item that is passed back and forth between the Web Service layer and the Process Manager user interface.
Managing permissions for users, groups, and organizational units can provide a high level of security within Process Manager. Permissions are hierarchical. The permission that is applied at the most specific level takes precedence. For example, a group is denied access to view a knowledge base article. However, a specific user within that group has permission to view the article. In this case, the user's specific permission overrides the group setting, and the user is able to view the article.
See Managing permissions.