Granting users and groups administrative access

You can provide users and groups with access to Process Designer and Process Center repository so that they can create new process applications and toolkits.

About this task

To manage user access to the Process Center repository, you must have administrative access to the repository. By default, IBM® Business Process Manager includes the user in the DeAdmin role, which provides administrative access to the Process Center repository. This default administrator can grant administrative access to other users.
Restrictions:
  • A user name cannot have more than 64 characters.
  • Specify unique user IDs for every user in the following groups:
    • WebSphere Application Server Virtual Member Manager (VMM) user repository security groups
    • Lightweight Directory Access Protocol (LDAP) user repository security groups
    • Internal IBM Business Process Manager custom user registries
  • You cannot create a new group using the Process Admin Console if a group was created in the past with the same group name in the WebSphere Application Server user registry, that is, by using the WebSphere Application Server admin console. Once a group has been imported from the WebSphere Application Server user registry into the IBM BPM system, it is kept in the IBM BPM database. If the group is deleted in the WebSphere Application Server user registry, the group gets marked as deleted in the IBM BPM database, but it is not actually deleted. Therefore, the group cannot be added using the Process Admin Console as a new group.
  • You cannot create a new user using the Process Admin Console if a user was created in the past with the same user name. Once a user has been created using the Process Admin Console, it is kept in the IBM BPM system. Even if the user is subsequently deleted, the user entry is not removed from the IBM BPM database and the internal authorization system.

Procedure

To add users and groups:

  1. In the Process Center console, click the Admin option.
  2. Select the Manage Users option, and then click Add Users or Add Groups.
  3. In the window, enter the name of the user or group that you want to add in the Search for Name field. You can enter part of the name and all accounts that match are displayed.
  4. Click the check box next to the users and groups that you want to add, and click Add Selected.
    Note: You must restart the server for Process Designer to recognize any new Websphere Application Server Virtual Member Manager (VMM) User repository security groups or LDAP User repository security groups. After you restart the server, click Add Group to see the new groups.

Results

The added users and groups now have access to Process Designer and Process Center repository, which gives them the ability to create new process applications and toolkits. When you create a process application or toolkit, you have the ability to grant access to other users. Administrators can also grant access to specific process applications and toolkits.
Note: Groups and users who are designated as Admin are able to manage user access to the entire Process Center repository as outlined in the preceding steps.
Parent topic: Managing access to the Process Center repository