Restricting Inspector actions for online Process Servers
You can limit Process Designer Inspector actions for specific Process Servers or environment types.
About this task
Someone with administrative authority for a process application
can use the Process Designer Inspector
to inspect a process from that process application on any connected
server. They can use the Inspector to stop the process or run tasks.
However, the organization can restrict Inspector actions on particular
connected servers. For example, an organization can allow only users
in the tw_admins group to use the Inspector on production servers.
Note: The following configuration steps should be completed
only on the IBM® Process
Center.
The configuration applies only to online Process Servers that are
viewed in the Process Designer Inspector.
Procedure
Example
Here is an example that restricts all of the Inspector actions on servers of type production:
<inspector>
<target-server type="production">
<default-action-policy>
<action type="ACTION_VIEW_INSTANCE">
<role>tw_admins</role>
</action>
<action type="ACTION_RUN_PROCESS">
<role>tw_admins</role>
</action>
<action type="ACTION_MANAGE_INSTANCE">
<role>tw_admins</role>
</action>
<action type="ACTION_RUN_TASK">
<role>tw_admins</role>
</action>
<action type="ACTION_CHANGE_VARIABLE">
<role>tw_admins</role>
</action>
</default-action-policy>
</target-server>
</inspector>
If an <action> type is not specified or is empty, there are no restrictions for the user on that action. The organization might determine that a process author can use the Inspector to view instances on a staging server but not allow the user to modify the running processes in any way. Assuming that a user has administrative rights to the process application, you can add the following lines to the 100Custom.xml file. You can add more roles for particular servers or types of server, as shown in this example:
<inspector>
<target-server name="my staging server">
<default-action-policy>
<action type="ACTION_VIEW_INSTANCE">
<!-- No Restrictions -->
</action>
<action type="ACTION_RUN_PROCESS">
<role>tw_admins</role>
<role>staging_admins</role>
</action>
. . .
</default-action-policy>
</target-server>
</inspector>