System Actions

System actions provide access control to services of components on the TIBCO ActiveMatrix BPM node. Specifying access to these services is modeled in the organization model that is built in TIBCO Business Studio.

The table below lists the names, parent components, and default value of all defined system actions.

  • Name is the name of the system action.
  • Required to execute lists the web service operations (and Service Connector methods, which use the same names) that require the system action.
  • Component identifies the BPM component that owns this system action:
    • BDS - Business Data Services
    • BRM - Business Resource Management
    • DAC - Deadline and Calendar
    • DE - Directory Engine
    • EC - Event Collector
    • PE - Process Manager
    • WSB - Workspace
  • Default value is the system-wide default value applied to this system action:
    • Allowed - The system action can be performed by any user without authorization.
    • Denied - The system action cannot be performed by any user unless they have the correct authorization.

Both the component and the system action name must be specified when using certain Directory Services API SecurityService operations (for example, listActionAuthorisedEntities and listAuthorisedOrgs).

System action names and components
System action Required to execute Comp. Default value
accessGlobalDataScripts getAuditInfo

getCaseModel

BDS Denied
administerGlobalDataScripts notifyDDLExecution

updateDBScripts

BDS Denied
applicationConfiguration

This is used in the Workspace application to control access to the Configuration Administrator.

This system action is also needed to call deleteUserSettings and saveUserSettings in the following situation:

  • The restrictUserSettings property in the de.properties file is set to true (the default) (for more information, see "Configuration of the TIBCO ActiveMatrix BPM Directory Engine" in the TIBCO ActiveMatrix BPM Administration guide), and
  • you are deleting or saving a user setting that is either managed by the Workspace Configuration Administrator or is defined as part of a system view.
WSB Denied
autoOpenNextWorkItem deleteOrgEntityConfigAttributes (1)

setOrgEntityConfigAttributes

BRM Allowed
browseModel getCalendarReferences

getOrgModel

listOrgModelVersions

DE Allowed
bulkCancelProcessInstances cancelProcessInstances PE Denied
bulkPurgeProcessInstances n/a(5) PE Denied
bulkResumeProcessInstances resumeProcessInstances PE Denied
bulkSuspendProcessInstances suspendProcessInstances PE Denied
cancelProcessInstance cancelProcessInstance PE Denied
cancelWorkItem Not currently used BRM Allowed
cmisAdmin deleteDocument

deleteOrphanedFolders

unlinkDocument

BDS Denied
cmisUser createDocument

findDocuments

getDocumentContent

getDocumentMetadata

getFolderContent

linkDocument

moveDocument

BDS Allowed
changeAllocatedWorkItemPriority setWorkItemPriority BRM Allowed
changeAnyWorkItemPriority setWorkItemPriority BRM Denied
closeOtherResourcesItems closeWorkItem (only when closing a work item allocated to another user) BRM Denied
createGlobalData createCase BDS Allowed
createResourceAdmin createResource

updateResource

DE Denied
deleteGlobalData deleteCaseByCID

deleteCaseByRef

BDS Denied
deleteCalendars deleteCalendarEntries

purgeCalendarEntries

DAC Denied
deleteLDAPAdmin deleteContainer DE Denied
deleteResourceAdmin deleteContainer

deleteResource

purgeDeletedResources

DE Denied
executeBusinessService cancelBusinessService

cancelPageFlow

injectBusinessServiceEvent

injectPageFlowEvent

startBusinessService

startPageFlow

updateBusinessService

updatePageFlow

BIZSVC Allowed
exportLDAPAdmin exportResources DE Denied
haltedProcessAdministration getAvailableProcessInstanceVariables

ignoreProcessInstance

ignoreProcessInstances

resumeHaltedProcessInstance

resumeHaltedProcessInstances

retryProcessInstance

retryProcessInstances

setAvailableProcessInstanceVariables

PE Denied
handleProcessMigration clearMigrationRules

getMigrationPoints

isSetMigrationRule

listMigrationRules

setMigrationRules

unsetMigrationRules

PE Denied
importLDAPAdmin importResources DE Denied
LDAPAdmin(2) executeLdapQuery

getCandidateDetail

getLdapEntry

listAttributeNames

listCandidateResources

listContainers

listLdapConnections

saveContainer

setExtensionPoints

setCandidateQueries

DE Denied
listBusinessServices listPageFlows

listBusinessServices

listCaseAction

listCategories

queryBusinessServices

queryCategories

BIZSVC Allowed
listProcessTemplateAuditTrail Not currently used EC Allowed
manageDataViews createDataView

editDataView

deleteDataView

BDS Denied
openOtherResourcesItems openWorkItem (3) BRM Denied
openWorkItemAuditTrail Not currently used EC Allowed
organizationAdmin(4) setExtensionPoints DE Denied
pendWorkItem pendWorkItem BRM Allowed
purgeProcessInstances
 n/a(5) PE Denied
queryAudit comment

getCaseAudit

getCommentAudit

getChart

getChartData

getProcessInstanceAudit

getWorkItemAudit

EC Allowed
queryProcessInstance decodeProcessId

getActivityInstanceStatus

getParameterValue

getProcessInstanceStatus

getProcessInstanceSummary

listProcessInstanceAttributes

listProcessInstances

listProcessInstances

queryDone

queryFirstPage

queryHaltedProcessInstances

queryLastPage

queryNextPage

queryPreviousPage

queryProcessInstanceCount

queryProcessInstanceCountAlt

queryProcessInstances

queryProcessInstancesAlt

PE Allowed
queryProcessTemplate getStarterOperationInfo

listProcessTemplateAttributes

listProcessTemplates

listServices

listStarterOperations

queryApplications

queryProcessTemplateCount

queryProcessTemplates

queryProcessTemplatesAlt

PE Allowed
readCalendars calcDeadline

getCalEntries

getCalendar

getCalendarReferences

listCalendars

resolveReferences

DAC Allowed
readGlobalData getCaseModelBasicInfo

readCase

navigateCase

navigateCaseByCriteria

findAllCases

findCaseByCID

findCaseByExample

findCaseByCriteria

getCaseReferencesForDataView

getDataViewDetails

getDataViewCategories

BDS Allowed
readParameters Not currently used by any public API

Controls viewing and editing resource attributes in the Organization Browser

DE Allowed
readPushDestinations Not currently used any public API

Controls viewing and editing push destinations in the Organization Browser

DE Allowed
reallocateToOfferSet reallocateWorkItem (6)

reallocateWorkItemData

BRM Denied
reallocateWorkItemToWorld reallocateWorkItem

reallocateWorkItemData

BRM Denied
rescheduleWorkItem rescheduleWorkitem BRM Denied
resolveResource findResources

getResource

lookupUser

getDeletedResources

DE Allowed
resourceAdmin createResource

deleteContainer

deleteResource

listCandidateResources

setCandidateQueries

updateResource

purgeDeletedResources

DE Denied
resumeProcessInstance resumeProcessInstance PE Denied
scheduleWorkItem Not currently used by any public API BRM Allowed
setDeadlineExpiration setDeadlineExpiration PE Denied
setPriority setPriority PE Denied
setResourceOrderFilterCriteria(7) getResourceOrderFilterCriteria

setResourceOrderFilterCriteria

BRM Denied
showProcessInstanceAuditTrail Not currently used EC Allowed
skipWorkItem skipWorkItem BRM Denied
startAndCancelAdHocActivity runAdhocActivity

cancelAdhocActivity

PE Allowed
startBusinessService This system action is no longer used. It is superceded by the executeBusinessService system action. WSB Allowed
startprocess createProcessInstance PE Allowed
suspendProcessInstance suspendProcessInstance PE Denied
suspendWorkItem Not currently used by any public API (There is no means to suspend a work item -- you can suspend a process instance, which causes associated work items to become suspended -- but no separate function for work items.) BRM Allowed
updateGlobalData updateCase

linkCase

unlinkCase

BDS Allowed
userAdmin(8) deleteUserSettings

getUserSettings

listUserSettingIds

saveUserSettings

DE Allowed
viewWorkList addCurrentResourceToView

deleteCurrentResourceFromView

deleteWorkListView

getAllocatedWorkListItems

getEditableWorkListViews

getPublicWorkListViews

getViewsForResource

getWorkListItems

getWorkListItemsForView

getWorkListViewDetails

unlockWorkListView

BRM Denied
viewGlobalWorkList getWorkListItems (when requesting for all resources)

getWorkListItemsForGlobalData

getWorkListItemsForView (when requesting for all resources)

BRM Denied
workItemAllocation allocateAndOpenNextWorkItem

allocateAndOpenWorkItem

allocateWorkItem

unallocateWorkItem

BRM Denied
writeCalendars copyCalendar

renameCalendar

saveCalendar

saveCalendarEntry

saveCalendarReferences

setCalendarReferences

DAC Denied
writeParameters Not currently used by any public API

Controls editing resource attributes in the Organization Browser

DE Allowed
writePushDestinations updatePushDestinations DE Denied
(1) This system action is required only if you are using these operations to set or to delete the WorkItemAutoOpen attribute.

(2) For certain DirectoryService operations, this system action gives the caller access to all organizations, regardless of the organization relationships that are set up. For more information, see Overriding Organization Relationships.

(3) This system action is required only when opening a work item allocated to another user.

(4) This system action is used to override organization relationships when calling OrgModelService operations. Users possessing this system action can see all organizations when calling OrgModelService operations that return organization elements, regardless of the organization relationships that are set up. For more information, see Overriding Organization Relationships .

(5) Completed process instances are automatically purged from the system.

(6) The reallocateWorkItem and reallocateWorkItemData operations allow you to reallocate work items to users in the original offer set if you have the reallocateToOfferSet system action, or to any user in the organization model if you have the reallocateWorkItemToWorld system action.

(7) Only the setResourceOrderFilterCriteria system action at the organization model level is used; the scoped setResourceOrderFilterCriteria system action (i.e., the one at the group, organization unit, and position level) is not currently used.

(8) Note that the userAdmin system action appears as "User Settings" in TIBCO Business Studio, rather than "User Admin". When passed in API calls, pass "userAdmin".