Configuring User Access
User access is controlled in WCC applications using system actions and user access controls.
- System actions - These provide access control to services of components on the TIBCO ActiveMatrix BPM node. Specifying access to these services is modeled in the organization model that is built in TIBCO Business Studio.
Access to some functions in the application is controlled by system actions (some are controlled by a single system action, some are controlled by multiple system actions, whereas some are not controlled by system actions).
- User access controls - These are specified at the application level. There is a user access control for most functions in the application. User access controls are grouped into user access sets, which allow you to give access to a group of functions defined in the user access set.
Both system actions and user access sets are privilege driven. Users gain privileges by being members of groups and positions in the organization model. Privileges can also be mapped to system actions and user access sets. Therefore, a user’s privileges determine whether or not that user has access to a particular function, based on which privileges have been mapped to the system action and user access set that controls access to that function.
Note that system actions have the overriding control over access to functions, as follows:
- If a system action gives a user access to a particular function, the user access set can either give or deny access to that function.
- If a system action denies access to a particular function, the user access set cannot give access to that function.
If a user is denied access to a specific function, the UI corresponding to that function is removed from the application.
Also note that there is not a one-to-one correspondence between system actions in the organization model and the user access controls in the application. For a list of all system actions and how they map to the user access controls, see User Access Control to System Action Mapping.
For a more detailed description of system actions, see the “Security” chapter in the BPM Concepts guide.