IBM Business Process Manager widget security considerations

Depending on the widgets you use in Process Portal for your product, you might assign either administrative user group roles to control access to data in a widget, or you might assign an additional layer of role-based access for your widget.

As described in the following sections, the following widgets require you to consider security roles:

Business Rules
System Health
Security Roles
Business Calendars

Administrative group roles and widgets

You control access to data in widgets with administrative group roles and the users who are assigned to the administrative group roles. To see who is assigned to these roles, open the administrative console, select Users and groups > Administrative group roles, and select a group. The Roles list is displayed.

The Business Rules widget might require changes to the administrative group roles.

For the System Health widget, the following administrative roles all have monitoring permissions, allow access to the administrative console and, therefore, allow users assigned to those roles to access data in the System Health widget:

Monitor
Configurator
Operator
Administrator
Adminsecuritymanager
Deployer
iscadmins

Users who are mapped to those administrative group roles have access to the data in the System Health widget. Users who are not mapped to those roles cannot access the data in the System Health widget.

Widget role-based access

Some widgets have role-based access for their artifacts that business users created. In the Security Roles widget, you can assign users and groups to system roles or module roles that determine the level of access that members have for timetables in the Business Calendars widget. For more information about the Security Roles widget, see Security Roles widget in the IBM® Business Process Manager documentation.