Authenticating Calls to BPM Web Services
Security policies are enforced on the endpoint of every TIBCO ActiveMatrix BPM service to ensure that access is restricted to authenticated users. Every API call to a TIBCO ActiveMatrix BPM service must be made using the identity of a user who is registered in the BPM organization model. An API call that does not meet this requirement will be rejected.
Calling ActiveMatrix BPM Web Services From the Openspace Gadget Dashboards
Because they run within an Openspace context, the Openspace gadget versions of the Process Monitor and Claim Breakdown dashboards automatically use the credentials of the currently logged in Openspace user for authentication whenever they call a BPM web service.
Authorization - whether that user has the necessary permissions required by the system actions needed to execute that particular call - is still checked. The dashboard code displays a suitable error message to the user if they do not have the necessary permissions.
For example, if you try and use the Process Monitor dashboard as tibco-admin, you will see the error message
This user is not a manager of a team, cannot display dashboard
because access to this dashboard is by default restricted to the EasyAs team leaders, Richard Creswell and Leon Court. (See Filtering the Data Visible in a Report Based on the Logged in User's Team Membership for details.)
Calling ActiveMatrix BPM Web Services From the Standalone Dashboards
The standalone versions of the Process Monitor and Claim Breakdown dashboards, as supplied, do not call BPM web services. You could modify them to implement the same functionality as the Openspace gadget versions (or indeed, any functionality available through the BPM web services), but the dashboard code itself would need to provide its own authentication mechanisms.
See "Authenticating Access to a TIBCO ActiveMatrix BPM Service" in the TIBCO ActiveMatrix BPM Developer's Guide for more information.