System Actions
System actions provide access control to services of components on the TIBCO ActiveMatrix BPM node. Specifying access to these services is modeled in the organization model that is built in TIBCO Business Studio.
The table below lists the names, parent components, and default value of all defined system actions.
- Name is the name of the system action.
- Required to execute lists the web service operations (and Service Connector methods, which use the same names) that require the system action.
- Component identifies the BPM component that owns this system action:
- Default value is the system-wide default value applied to this system action:
Both the component and the system action name must be specified when using certain Directory Services API SecurityService operations (for example, listActionAuthorisedEntities and listAuthorisedOrgs).
System action | Required to execute | Comp. | Default value |
---|---|---|---|
accessGlobalDataScripts | getAuditInfo | BDS | Denied |
administerGlobalDataScripts | notifyDDLExecution | BDS | Denied |
applicationConfiguration |
This is used in the Workspace application to control access to the Configuration Administrator. This system action is also needed to call deleteUserSettings and saveUserSettings in the following situation:
|
WSB | Denied |
autoOpenNextWorkItem | deleteOrgEntityConfigAttributes (1) | BRM | Allowed |
browseModel | getCalendarReferences | DE | Allowed |
bulkCancelProcessInstances | cancelProcessInstances | PE | Denied |
bulkPurgeProcessInstances | n/a(5) | PE | Denied |
bulkResumeProcessInstances | resumeProcessInstances | PE | Denied |
bulkSuspendProcessInstances | suspendProcessInstances | PE | Denied |
cancelProcessInstance | cancelProcessInstance | PE | Denied |
cancelWorkItem | Not currently used | BRM | Allowed |
cmisAdmin | deleteDocument | BDS | Denied |
cmisUser | createDocument | BDS | Allowed |
changeAllocatedWorkItemPriority | setWorkItemPriority | BRM | Allowed |
changeAnyWorkItemPriority | setWorkItemPriority | BRM | Denied |
closeOtherResourcesItems | closeWorkItem (only when closing a work item allocated to another user) | BRM | Denied |
createGlobalData | createCase | BDS | Allowed |
createResourceAdmin | createResource | DE | Denied |
deleteGlobalData | deleteCaseByCID | BDS | Denied |
deleteCalendars | deleteCalendarEntries | DAC | Denied |
deleteLDAPAdmin | deleteContainer | DE | Denied |
deleteResourceAdmin | deleteContainer | DE | Denied |
executeBusinessService | cancelBusinessService | BIZSVC | Allowed |
exportLDAPAdmin | exportResources | DE | Denied |
haltedProcessAdministration | getAvailableProcessInstanceVariables | PE | Denied |
handleProcessMigration | clearMigrationRules | PE | Denied |
importLDAPAdmin | importResources | DE | Denied |
LDAPAdmin(2) | executeLdapQuery | DE | Denied |
listBusinessServices | listPageFlows | BIZSVC | Allowed |
listProcessTemplateAuditTrail | Not currently used | EC | Allowed |
manageDataViews | createDataView | BDS | Denied |
openOtherResourcesItems | openWorkItem (3) | BRM | Denied |
openWorkItemAuditTrail | Not currently used | EC | Allowed |
organizationAdmin(4) | setExtensionPoints | DE | Denied |
pendWorkItem | pendWorkItem | BRM | Allowed |
purgeProcessInstances | n/a(5) | PE | Denied |
queryAudit | comment | EC | Allowed |
queryProcessInstance | decodeProcessId | PE | Allowed |
queryProcessTemplate | getStarterOperationInfo | PE | Allowed |
readCalendars | calcDeadline | DAC | Allowed |
readGlobalData | getCaseModelBasicInfo | BDS | Allowed |
readParameters | Not currently used by any public API
Controls viewing and editing resource attributes in the Organization Browser |
DE | Allowed |
readPushDestinations | Not currently used any public API
Controls viewing and editing push destinations in the Organization Browser |
DE | Allowed |
reallocateToOfferSet | reallocateWorkItem (6) | BRM | Denied |
reallocateWorkItemToWorld | reallocateWorkItem | BRM | Denied |
rescheduleWorkItem | rescheduleWorkitem | BRM | Denied |
resolveResource | findResources | DE | Allowed |
resourceAdmin | createResource | DE | Denied |
resumeProcessInstance | resumeProcessInstance | PE | Denied |
scheduleWorkItem | Not currently used by any public API | BRM | Allowed |
setDeadlineExpiration | setDeadlineExpiration | PE | Denied |
setPriority | setPriority | PE | Denied |
setResourceOrderFilterCriteria(7) | getResourceOrderFilterCriteria | BRM | Denied |
showProcessInstanceAuditTrail | Not currently used | EC | Allowed |
skipWorkItem | skipWorkItem | BRM | Denied |
startAndCancelAdHocActivity | runAdhocActivity | PE | Allowed |
startBusinessService | This system action is no longer used. It is superceded by the executeBusinessService system action. | WSB | Allowed |
startprocess | createProcessInstance | PE | Allowed |
suspendProcessInstance | suspendProcessInstance | PE | Denied |
suspendWorkItem | Not currently used by any public API (There is no means to suspend a work item -- you can suspend a process instance, which causes associated work items to become suspended -- but no separate function for work items.) | BRM | Allowed |
updateGlobalData | updateCase | BDS | Allowed |
userAdmin(8) | deleteUserSettings | DE | Allowed |
viewWorkList | addCurrentResourceToView | BRM | Denied |
viewGlobalWorkList | getWorkListItems (when requesting for
all resources)
getWorkListItemsForView (when requesting for all resources) |
BRM | Denied |
workItemAllocation | allocateAndOpenNextWorkItem | BRM | Denied |
writeCalendars | copyCalendar | DAC | Denied |
writeParameters | Not currently used by any public API
Controls editing resource attributes in the Organization Browser |
DE | Allowed |
writePushDestinations | updatePushDestinations | DE | Denied |
(1) This system action is required only if you are using these operations to set or to delete the
WorkItemAutoOpen attribute.
(2) For certain DirectoryService operations, this system action gives the caller access to all organizations, regardless of the organization relationships that are set up. For more information, see Overriding Organization Relationships. (3) This system action is required only when opening a work item allocated to another user. (4) This system action is used to override organization relationships when calling OrgModelService operations. Users possessing this system action can see all organizations when calling OrgModelService operations that return organization elements, regardless of the organization relationships that are set up. For more information, see Overriding Organization Relationships . (5) Completed process instances are automatically purged from the system. (6) The reallocateWorkItem and reallocateWorkItemData operations allow you to reallocate work items to users in the original offer set if you have the reallocateToOfferSet system action, or to any user in the organization model if you have the reallocateWorkItemToWorld system action. (7) Only the setResourceOrderFilterCriteria system action at the organization model level is used; the scoped setResourceOrderFilterCriteria system action (i.e., the one at the group, organization unit, and position level) is not currently used. (8) Note that the userAdmin system action appears as "User Settings" in TIBCO Business Studio, rather than "User Admin". When passed in API calls, pass "userAdmin". |