Using System Actions for Processing Work

System actions are actions that a user may wish to perform at runtime but that need to be authorized, or need to be restricted to users with a certain level of authority. These actions might include, for example, re-allocating work-items, skipping work-items, viewing another user’s work list, or administering resources.

This authorization is implemented by associating system actions with privileges within Organization Modeler.

  • Privileges can be assigned to any system action at the organization model level.
  • Privileges can also be assigned to some system actions at the level of the organization unit, position or group.

For example, in the following diagram the "View work list" system action has been associated with three different privileges, "X", "Y" and "Z", at three different levels - the organization model, organization unit A, and position 2.

This means that a user must hold privilege "X", "Y" or "Z" to view the work list of a user who holds Position 2.

If a user wants to view the work list of a user who holds Position 1, they must hold privilege "X" or "Y". This is because no privilege has been associated with Position 1, so any privileges associated with the parent entity are used instead. If privilege "Y" had not been associated with Organization Unit A, the user would instead need privilege "X", defined in the parent Organization Model.

Note: The Organization Admin system action allows users to see organization models other than the one they are part of, and allows them to view process instances started by members of these organizations.

As well as assigning different privileges at different levels, as shown above, qualifiers on the same privilege can be used to refine how access to a particular system action is controlled. (When comparing a required privilege to a held privilege, if either side is not qualified the comparison is positive. If both sides are qualified, the qualifications must match for the comparison to be positive.)

Controlling access to system actions by the application of (user-defined) privileges within the organization model provides an organization with a powerful and completely flexible way to customize and tailor users’ access to system functions.

For more information:

  • See the appropriate BPM Concepts Guide for an introduction to system actions.
  • See the TIBCO Business Studio Modeling User Guide for a list of system actions that can be associated with privileges and how to assign them.