The Sample Application’s User Access File
The User Access sample application comes with its own userAccess.xml file that has been customized to illustrate how access to various parts of a WCC application can be specified, including access to custom menu items and toolbar buttons.
If you are running the User Access sample application from your local development environment, you can view and modify, as needed, the userAccess.xml file in the following location:
StudioHome\wcc\version\JSXAPPS\wccAccessSample\userAccess.xml
If you have deployed the User Access sample application to a runtime node, you must use the Configuration Administrator to view and modify, as needed, the userAccess.xml file.
For information about modifying user access, see Configuring User Access.
The userAccess.xml file that accompanies this sample application does not use the default access settings. Instead, various user access sets grant subsets of functionality based on privileges.
A special "All System Actions" privilege is granted through the version 0 organization model, which is always present on an ActiveMatrix BPM installation. This privilege is held by the system administrative user (tibco-admin), and by any other resources that have been placed into the version 0 "System Administrator" group. A “System Administrator” user access set in userAccess.xml grants most functionality to users that have this privilege.
The userAccess.xml file included with the User Access sample application contains six other user access sets.
- MinimalWorkList - This grants a subset of functionality under work views and work item lists. It omits the ability to save views from the work list menu. The user can choose to open the next work item, but not to select and open other work items in the list. The user is also not allowed to use the Auto Open feature or to skip, pend, or allocate items to another user. They can choose to allocate an individual work item to themselves. This prevents other users from viewing or opening the allocated work item, although this user cannot open it until it reaches the top of the list, making it the next item. They can also re-offer an item previously allocated to themselves.
- AdvancedWorkList - This grants most of the remaining work view and work item list functionality not granted by MinimalWorkList; it does not grant any functionality outside of work views and work lists.
- ProcessManager - This grants functionality related to business services, process views, and process instances.
- StartAnyBusinessService, StartFilteredBusinessServices and StartRemainingBusinessServices - These each grant access to one custom menu item, and one custom toolbar button, implemented in the sample application. The custom menu and toolbar buttons appear on the work item list.
Each user access set is granted to a user through a privilege of the same name. These privileges are not part of the default version 0 organization model, and therefore must be separately implemented and deployed as part of a custom organization model.
Accompanying this sample application is a sample organization model named AccessSample.om that includes definitions for the six privileges listed above, along with corresponding groups to which users can be assigned. This organization model can be temporarily deployed alongside your own organization model and processes in order to work with the sample application. Information about this organization model is provided in Granting the Required Privileges Through an Organization Model.