Permissions determine the access that a user has to Process Manager. Permissions determine what users can view in the Process Manager portal and what functions they can perform. You can set permissions on two levels: users and groups. As a general rule, permissions are applied to groups in Process Manager.
When you apply permissions at the group level, the permission settings apply to each user that is a member of the group. When you use groups to apply permissions, you do not have to edit the permission settings for each group member. You can make the change at the group level and it is updated for every user that is a member of that group. By using groups, you greatly simplify user management and permission management.
Process Manager manages security by using Active Directory to obtain user authentication and authority information. When the user logs on, an Active Directory page grants them a session token. If this effort fails, the user is directed to another logon page that grants them a session token. This session token is the only item that is passed back and forth between the Web Service layer and the Process Manager user interface.
Within Process Manager, security is controlled as follows:
Any user of the portal that can log on. Users can also belong to groups and organizational units, and have permissions assigned to them.
Collections of users. Users can be members of multiple groups.
Groups are used to assign permissions more efficiently. Instead of assigning permissions to each user individually, you can specify the permissions for a group. The permissions for a group are then valid for each user that is a member of that group. Permissions are almost always granted at the group level in Process Manager, rather than at the user level.
Collections of users or groups. An organizational unit is generally a very large group. For example, an organizational unit may be a department, office, or division of a company.
Permissions control the access to and use of the Process Manager portal. What users can view, and what actions they can perform, are based on permissions.
For example, permissions may grant access to certain functions within Process Manager, such as the ability to create users. Permissions may also grant or deny access to view and edit articles in the knowledge base. Permissions control access to every function in Process Manager.
Managing permissions for users, groups, and organizational units can provide a high level of security within Process Manager. Permissions are hierarchical. The permission that is applied at the most specific level takes precedence. For example, a group is denied access to view a knowledge base article. However, a specific user within that group has permission to view the article. In this case, the user's specific permission overrides the group setting, and the user is able to view the article.
You can manage security at the page level within Process Manager. For any page, you can manage access to that page at the user, group, or organizational unit level.