Specific Instance Security within a Process

asked on April 13, 2018

For a specific process we are working with, we have a requirement that Forms instances be able to secure information to only allow the person currently working on the process to see the information. This is due to internal review procedures and security since they typically are related to staffing and personnel issues. Users at subsequent steps should be able to see information but users from prior steps not see information that was entered after their step. For the most part we've tested and this works as long as we do not use the default "Comments" box that is available.

The challenge is that if a user is not supposed to know that a specific instance exists, but they need to be able to monitor the status of other instances, how can we prevent them from seeing the information in a specific instance of a process?

So far, I've thought of 2 options but neither are exactly what we're looking for:

1. As a part of the main process, start a different process and pass information to that process. The user would then not have access to the second business process. The issue is that it still won't secure it in the second process if they're not supposed to see one of those processes.

2. Embed an IFRAME with the Web Client that displays a folder where all of the content will be stored for the process and secure it properly within the repository. Then the user would only be able to see the basic process information, but not the details of the process. This would then require a Full User license rather than just a Participant license.

We have a few processes which will need varying levels of security so we're trying to figure out what will work/fit best in each situation.

Is there an easier way to do this or other options available?

0 0

replied on April 15, 2018

Hi Josh,

For a user that is submitter of a process, he is not able to view instances in the process, except for the instances that are started by the user or have pending tasks for the user.

So for your challenge, is the user a process admin? Where could the user see the instances? On reports/monitoring page? If it's a report, you can use filters to hide certain instances.

0 0

replied on April 17, 2018

Hi Rui,

The user would be a Business Manager since they need to keep track of 99% of the instances but some instances they need to be restricted from completely. It depends on the nature of the process since it is more of an employee review process that the manager shouldn't be aware of if they are the subject of the review.

Any ideas?

0 0

replied on April 17, 2018

So you use the same process for all levels of employees? I feel that it might be better to use different processes for different levels. You may use the same entry process, but route to different processes for different level employees, similiar as your first thought.

But if it has to be one process, maybe you can remove the users' business manager role, and instead, give them rights on reports for tracking data, and set filters on the reports.

0 0

replied on April 20, 2018

I think we may end up using different processes for different levels of employees, but the challenge is that within a level of employee, there is a need to secure down who can see a particular instance and its details. That same issue still exists whether it is a single process or there are multiple processes.

Currently, all of the security is at the Process or Task level and there isn't anything at the overall Instance level that can be defined.

I hadn't thought about the rights on reports and filters. That may be an option for users to find where a process is at but filter out which ones they see in the report. I'll look into that some more and see if it'll do what we need.

0 0

Question

Question

Specific Instance Security within a Process

Replies

Sign in to reply to this post.