Description of system operations
System operations to which you can manage access are described below.
User and role administration
The [Manage user list] operation gives permissions to add, modify and delete user accounts in the [Users and roles] section.
The [Manage user licenses] operation provides access to the license manager. The users that have permission to manage licenses can log into bpm’online and redistribute the licenses even if bpm’online has been locked due to exceeding the number of distributed licenses.
The [Change delegated permissions] operation allows delegating access rights from one user or role to another using the [Delegated permissions] detail. The users that do not have access to this operation cannot add users or roles to the [Delegated permissions] detail.
General access
General access operations refer to all records in all objects. General access is usually provided to system administrators.
The [View any data] operation enables users to view all records in all objects.
The [Add any data] operation enables users to add records to any object.
The [Edit any data] operation enables users to modify any record in any object of bpm’online.
The [Delete any data] operation enables users to delete any record in any object.
Access provided by these operations cannot be limited by any other specific restrictions of access to records, operations or columns in objects.
For example, if a user has access to the [View any data] operation, this user will be able to view records of all objects, even those in which the read operation is restricted.
Object permissions
Users who have access to the object permissions, can specify the modes of object management (by records, columns or operations). Modes of object administration can be specified both in the [Object permissions] section and in the object designer using the [Access rights] property group.
The [Enable/disable permissions to records in object] operation gives users permission to select the checkbox in the [Managed by records] column of the [Object permissions] section. This operation also provides users with permission to select the [Records] checkbox in the object properties of the object designer.
The [Enable/disable permissions to columns in object] operation gives users permission to select the checkbox in the [Managed by columns] column in the [Objects permissions] section. This operation also provides permission to select the [Columns] checkbox in the object properties of the object designer.
The [Enable/disable permissions to operations in object] operation gives users permission to select the checkbox in the [Managed by operations] column of the [Objects permissions] section. This operation also provides permission to select the [Operations] checkbox in the object properties of the object designer.
Operation permissions
The following system operations are used for granting users rights to distribute permissions to read, add, edit, and delete records in objects.
The [Change operation permissions in object] operation provides general ability to change permissions to view, add, edit and delete records in objects.
The [Change permissions to add records in object] operation enables users to select the checkbox in the [Add] column of the [Access to object] detail in the [Objects permissions] section.
The [Change permissions to edit records in object] operation enables users to select the checkbox in the [Edit] column of the [Access to object] detail in the [Object permissions] section.
The [Change permissions to delete records in object] operation enables users to select the checkbox in the [Delete] column of the [Access to object] detail in the [Object permissions] section.
The [Change permissions to read records in object] operation enables users to select the checkbox in the [Read] column of the [Access to object] detail in the [Object permissions] section.
Note
To be able to manage permissions to add, edit, delete and view records in objects, users must be granted access to the [Change operation permissions in object] operation. For example, to distribute access rights to delete records in objects, the user must have access to both the [Change operation permissions in object] and [Change permissions for deleting records in object] operations.
Columns, system operations and default permissions
The [Change access rights to column] operation allows users to include the object column to the list of administered columns. When access rights to the column are changed, this column is automatically added to the list of administered columns.
The [Change column permissions in object] operation enables users to change the access to separate columns in the objects that are managed by columns using the [Columns permissions] detail in the [Objects permissions] section.
The [Change default permissions] operation allows users to configure default permissions for the new records in objects that are managed by records using the [Default permissions] detail in the [Objects permissions] section.
The [Change system operation permissions] operation, enables users to grant access to system operations. The scope of rights granted by this operation includes the right to register additional system operations.
Access to special sections
The [Access to “Access rights” workspace] operation provides access to the [Users and roles], [Object permissions], and [Operation permissions] sections. The access to certain administering operations is granted separately.
The [Access to “Process design” section] operation provides users with the access to the [Process design] section, and enables them to add and modify business processes.
The [Access to “Change log” section] operation provides users with access to the [Change log] section.
The [Access to “System settings” section] operation provides users with access to the [System settings] section.
The [Access to “Lookups” section] operation provides access to the [Lookups] section.
The [Access to “Configuration” section] operation provides users with access to the [Configuration] section.
[View “Audit log” section] provides users with the permission to view the content of the “System operations audit log” section.
[Manage “Audit log” section] – the permission to view the content of the “System operations audit log” section and to archive the log.
Access to duplicates search
The [Duplicates search] operation gives users permission to search for duplicates in the [Accounts] and [Contacts] sections.
The [Duplicates processing] operation allows users to merge several duplicate records.
Access to integration settings
The [Access to mail exchange services] operation allows you to use Call Center functionality.
The [Access to Odata] operation provides user with access to external resources using Odata protocol.
General actions
[Email providers list setup] – the user can create a list of email servers used for receiving and sending email messages.
Note
Setting up the list of email providers is performed by selecting the [Set up list of email providers] option from the menu.
[Shared mailbox synchronization setup] – a user can manage access rights for mailboxes that have the [Shared email account] checkbox selected.
[Change access rights to record] – the operation enables users to change permissions to certain records in sections. To do this, the [Managed by records] checkbox must be selected in the corresponding section object.
[Ignore access check by IP address] – when a user who has access to this operation logs in to the system, the IP address restrictions will be ignored.
[Generate commands] – access to the [Generate metadata for command line macros] toolbar option. The operation allows you to update a list of macros available in the command line.
The [Force file unlock] operation provides users with the right to unlock the file that has been locked previously by another user on the [Attachments] detail.
The [Export list records] operation gives users the ability to save the list data in a CSV file. If a user does not have the permission to this operation, the [Export to Excel] action in sections and the “List” dashboard tile menu is disabled.
[Cancel running processes] – the permission to cancel a running business process in the process log.
[Access to workplace setup] – the permission to create and set up workplaces: managing section list available in the side panel.
[Access to comments] – the user can edit and delete comments on the feed messages.
[Permission to delete messages and comments] – the permission to delete messages and comments posted by other users in the [Feed] section, on the [Feed] tab of the communication panel, and on the [Feed] tab of the view and edit pages of the system sections. Users can edit and delete their own messages and comments even if they do not have access permissions to this system operation.
See also