applies to version: 8.2.x; author: Jakub Okrzesik
When designing Workflows, you will often run into a situation where you need a select few users to have access to a specific document on a specific Step, without necessarily being assigned to any Task involving that document.
For example, users may encounter a situation where they have to look through a selection of documents (so they need read-only permissions) or supervisors who oversee a certain Task, and may sporadically need the permission to edit the documents their subordinates are in charge of.
For cases like these, adding global privileges on ‘Process’ or ‘Document type’ level is excessive – we should employ the Add/Remove privileges BPS Action instead.
After clicking ‘Edit’ on the relevant Step and adding an Action to the Action list, we can find these options in the Action type menu, under “Privileges”.
Note: This Action can only be used for: ‘On Entry’, ‘On Exit’, ‘On path’.
Configuring this Action is not particularly complicated, nonetheless it offers solutions for multiple scenarios. We can assign our users one of four privilege levels:
- Modification (no delete)
- Read-only (no attachments view)
Next we need to specify which users will receive privileges, there are multiple ways of doing this:
- Selecting certain users or groups, who will always receive privileges on this spot.
- Pointing to a Form field containing the desired users/groups (Note: If it is a Form field other than the “Person or group” type, it is necessary to also designate which column contains user logins or group IDs)
- Entering a relevant SQL query, which will return user logins or group IDs (the login or ID should be located in the first column of the retrieved data).
On the right side of the configuration window we can select whether the privileges assigned by this Action are revoked after completing the Path, or if they are kept even after the document reaches its Path’s destination.
The other options let us pinpoint on which element the privileges are modified:
- Dynamic – define whether the privileges should be given on the current/overriding/secondary element.
- Through an SQL query – The query should return the ID of the documents, for which the privileges should apply.
“Remove privileges” is an Action that lowers the permissions of the designated users to a specified level. Configuring the privilege level, users/groups and elements for this Action is identical to the “Add privilege Action”