Configuration properties for Process Portal action policies
Action policies for Process Portal restrict actions on business processes and tasks to certain user groups. Some of these policies have default groups assigned to them. You can change the default values to fit the needs of your Process Portal users.
The configuration properties for the action policies are contained
in the BPMActionPolicy configuration object. You can use the AdminConfig
object commands in the wsadmin tool to change the default security
group for an action policy. See Commands for the AdminConfig object using wsadmin
scripting.
Prerequisites
The following
conditions must be met:
- Run the command on the deployment manager node.
- If the deployment manager is stopped, use the -conntype none option to run the command in disconnected mode.
- If the deployment manager is running, you must connect with a user ID that has WebSphere® Application Server configurator privileges. Do not use the wsadmin -conntype none option.
Location
Start the wsadmin scripting client from the profile_root/bin directory.
List of action policies
The following table lists the action policies and the default security group that is assigned to them. The BPMActionPolicy configuration object is an array of pairs that match each action type with the roles that can perform the action.
| Action policy | Description | Default security group |
|---|---|---|
| ACTION_ABORT_INSTANCE | Permanently terminate a process instance. | tw_admins |
| ACTION_SUSPEND_INSTANCE | Temporarily deactivate a process instance. | tw_admins |
| ACTION_RESUME_INSTANCE | Resume a suspended process instance. | tw_admins |
| ACTION_ADD_COMMENT | Add comments to a process instance. | None; available to all users by default |
| ACTION_ADD_HELP_REQUEST | Request help from other process participants on a process instance or its related tasks. | None; available to all users by default |
| ACTION_RESPOND_HELP_REQUEST | Respond to help requests from other process participants. | None; available to all users by default |
| ACTION_ASSIGN_TASK | Assign a task to yourself so that only you can run the task. | None; available to all users by default |
| ACTION_ASSIGN_AND_RUN_TASK | Run a task that is assigned to a group of which you are a member. The task is automatically assigned to you. | None; available to all users by default |
| ACTION_REASSIGN_TASK | Assign a task to the group to which the task was previously assigned. | None; available to all users by default In addition, this policy is always available to members of a team of managers. |
| ACTION_REASSIGN_TASK_USER_ROLE | Assign a task to a different user or a group. | None; available to all users by default In addition, this policy is always available to members of a team of managers. |
| ACTION_CHANGE_TASK_DUEDATE | Change the due date of a task. | tw_admins In addition, this policy is always available to members of a team of managers. |
| ACTION_CHANGE_INSTANCE_DUEDATE | Change the due date of a process instance. | tw_admins |
| ACTION_CHANGE_TASK_PRIORITY | Change the priority of a task as needed to escalate or de-escalate the task. | tw_admins In addition, this policy is always available to members of a team of managers. |
| ACTION_MOVE_TOKEN | Move the token to any step in the business process definition. | tw_admins |
| ACTION_DELETE_TOKEN | Delete a token at any step in the business process definition. Required to delete ad hoc events. | tw_admins |
| ACTION_INJECT_TOKEN | Create a new token at any step in the business process definition. Required to initiate ad hoc events. | tw_admins |
| ACTION_USER_REFRESH | Refresh user fullname and group memberships by using the user or users REST API resource. | tw_admins |
| ACTION_VIEW_PROCESS_DIAGRAM | View a process diagram in the Gantt chart. | None; available to all users who have access to the process instance |
| ACTION_VIEW_PROCESS_AUDIT | View historical data about process variables. | tw_admins |
| ACTION_VIEW_CRITICAL_PATH | Use the Gantt chart to view the projected path
of a running process instance. Attention: The Allow
Projected Path Management option must be enabled for the
business process in Process Designer.
|
None; available to all users who have access to the process instance |
| ACTION_CHANGE_CRITICAL_PATH | Use the pages in the Gantt chart to change the
projected path of a running process instance, and adjust the due dates
of tasks in a process instance. Attention: The Allow
Projected Path Management option must be enabled for the
business process in Process Designer. In
addition, the user must also belong to the security group assigned
to the ACTION_VIEW_CRITICAL_PATH action policy.
|
tw_process_owners |
| ACTION_ADD_DOCUMENT | Add a document to a process instance. Attention: This action policy does not apply
to process instances that are based on cases.
|
None; available to all users by default |
| ACTION_UPDATE_DOCUMENT | Update a document that belongs to a process
instance. Attention: This action policy
does not apply to process instances that are based on cases.
|
None; available to all users by default |
| ACTION_DELETE_DOCUMENT | Delete a document from a process instance. Attention: This action policy does not apply
to process instances that are based on cases.
|
None; available to all users by default |
| ACTION_DELETE_INSTANCE | Delete a process instance. | tw_admins |
| ACTION_FIRE_TIMER | Manually fire a timer. | tw_admins |
Modifying the action policies contained in the BPMActionPolicy configuration object
The following
examples are shown using Jython scripts.
- Start the wsadmin scripting tool:
deployment_manager_profile\bin>wsadmin -lang jython -conntype none WASX7357I: By request, this scripting client is not connected to any server proc ess. Certain configuration and application operations will be available in local mode. WASX7031I: For help, enter: "print Help.help()" - Show defaults:
wsadmin>print AdminConfig.defaults('BPMPolicyAction') Attribute Type Default type String roles String - Show the BPMActionPolicy configuration ID:
wsadmin>print AdminConfig.list('BPMPolicyAction') (cells/Cell1/clusters/SingleCluster| cluster-bpm.xml#BPMPolicyAction_1365527262431) (cells/Cell1/clusters/SingleCluster| cluster-bpm.xml#BPMPolicyAction_1365527262432) (cells/Cell1/clusters/SingleCluster| cluster-bpm.xml#BPMPolicyAction_1365527262433) (cells/Cell1/clusters/SingleCluster| cluster-bpm.xml#BPMPolicyAction_1365527262434) (cells/Cell1/clusters/SingleCluster| . . - Determine the index for the attribute that you want to modify:
wsadmin>def getBPMPolicyAction(type): wsadmin> policyActions = AdminUtilities.convertToList(AdminConfig.list('BPMPolicyAction')) wsadmin> for policyAction in policyActions: wsadmin> if AdminConfig.showAttribute(policyAction, "type") == type: wsadmin> return policyAction wsadmin> wsadmin>print getBPMPolicyAction("ACTION_ABORT_INSTANCE") (cells/N1Cell/clusters/cluster1|cluster-bpm.xml#BPMPolicyAction_1363274323595) wsadmin>print AdminConfig.showAttribute(getBPMPolicyAction("ACTION_ABORT_INSTANCE"), "roles") tw_admins wsadmin>AdminConfig.modify(getBPMPolicyAction("ACTION_ABORT_INSTANCE"), [["roles", "newrole"]]) '' wsadmin>print AdminConfig.showAttribute(getBPMPolicyAction("ACTION_ABORT_INSTANCE"), "roles") tw_admins;newrole wsadmin>AdminConfig.modify(getBPMPolicyAction("ACTION_ABORT_INSTANCE"), [["roles", []]]) '' wsadmin>print AdminConfig.showAttribute(getBPMPolicyAction("ACTION_ABORT_INSTANCE"), "roles") [] wsadmin>AdminConfig.modify(getBPMPolicyAction("ACTION_ABORT_INSTANCE"), [["roles", "tw_admin"]]) '' wsadmin>print AdminConfig.showAttribute(getBPMPolicyAction("ACTION_ABORT_INSTANCE"), "roles") tw_admin
Attention: To save your changes, you must run the AdminConfig.save command
each time you modify a property.