Security
Decision Center provides a security feature to control access to branches of decision services, and enable permissions on the different rule artifacts.
The feature is based on Decision Center groups (see Groups). Any user who signs in to the Business or Enterprise console must be a member of a group that is mapped to one of the predefined Decision Center roles. The predefined roles determine which features users can access in the consoles. For example, users belonging to a group with the privileges of the rtsAdministrator role have access to all the features.
Then, you can enable security so that branches of decision services are only visible to certain groups of users. You enable security in the Enterprise console (see Setting branch security), but once enforced, security applies to both consoles.
When you have enabled security, you must specify, for each group that can access the branch, what permissions they have to create, update, view, and delete which types of artifacts. This can be done in the Enterprise console, or from the Business console Administrator tab, which lets you set simplified permission profiles.
Branch security and decision governance
To use the decision governance framework (see Governance principles) with the Decision Center security feature, you must understand how both work and how they interact.
Releases and activities are types of branches, and as such are subject to the Decision Center security and permissions feature. You can enable security on individual branches to define which groups of users have access to them. When security is enabled on a branch, you specify the permissions of groups of users to create, view, update, and delete the different artifacts that are contained in the branch.
Releases, change activities, and validation activities are also artifacts of their parent branch, and as such are subject to permissions. You can, for example, give a group of users security access to a release but restrict their permission to view the validation activities of the release.
You can also give or restrict the permissions of a group of users to update the following properties of releases and activities:
| Property | Used to give or restrict permission to... |
|---|---|
| owner | Change the owner |
| targetDate | Change the due date |
| description | Change the goals |
| Name | Rename |
| Status | Proceed to approval, cancel, and reopen |
| approvers | Add or remove approvers and change their working status |
| authors | Add or remove authors in change activities or testers in validation activities, and change their working status |
- The states of releases and activities (for example, In Progress and Complete).
- The current user’s governance role as a participant in the release or activity (owner, author, tester, approver).
A user who has administrator privileges can do the operations of all the different governance roles. Similarly, users with these privileges have access to all the branches and have all the permissions on all artifacts. However, administrators cannot force state transitions that are not allowed by the decision governance framework.
- The state of the release is not Complete.
- You are the owner of the release.
- You have the Update/Release/Name permission on the release, or security on the release is not enforced.