In Integrify, permissions may be placed on almost any functional area with the system, by a system administrator, where a Role Permissions icon is made available:
In this article, we will focus on setting permissions on all Processes, Process Categories, or even a specific Process within a Category.
An Integrify system administrator has the ability to apply a permission on almost any functional area with the system. Permissions can also correspond to the Publish Status of process.
When assigning permissions in Integrify you are essentially defining “Who” can do things and “What” they can do. Integrify has nine permission settings to select from.
Below is a list of the available permission settings and their definition:
- ViewConfig – gives the user the ability to view the configuration settings for an item
- Edit – gives the users the ability to modify and save an item
- Create – allows users to create a new item
- Delete – allows users to remove an item
- Run – allows users to initiate/view an item. This permission applies to Processes, Reports, Tabs and Widgets
- Participate – allows users to contribute to an instances of an item. This permission applies to Processes.
- Grant – allows users to provide access and set permissions for specific items
- Manage – allows users to change an instance of an item. This permission applies to Processes and Groups
- Monitor – gives users the ability to view Requests (instances of a process) to which they may or may not be assigned. This permission applies to Processes.
Adding a New Role
Let’s start by navigating to our Processes from the left-side navigation pane.
You will be presented with a list of all categories for that contain your processes:
You will also notice that the Set Roles & Permissions icon is made available at the top of the process list and then for each individual category that contains a process. By selecting this icon, you may make a new role but it will have varying scope.
For instance, if we were to select the icon next to the Human Resources category, we could create a new role for that category and one which would be used by any process within that category.
Conversely, if we were to create a new role by selecting the icon in the actual Process Menu bar for the whole listing, we could create a role that could be used by any category or any process within those categories.
For this example, we will create a new Process Monitor role that may be used by any category and any process within those categories.
Start by selecting the Set Permissions icon in the Process Menu bar:
You should be presented with a new dialog similar to the following:
This dialog displays all of the roles that have been added at this level (your installation may vary).
To add the new Process Monitor role, select the Add Role button:
Add a new Name and optionally provide a description and select Add Role:
Once the role has been created you can find your role in the list and choose the Edit Permissions icon for the role:
You will be presented with a series of check boxes in the Role Permissions window:
These permissions determine what a user can do to a process. Also, you will notice that the permissions also correspond to the Publish Status (Development, Inactive, Production, etc.) of a process.
In this scenario, we are just looking to give specific users access to monitor processes that are in a Production publish status. It is possible, however, to grant a role access to view, edit, delete, monitor, etc for processes in Development, Testing, Production, or Inactive as well.
Note: In most monitoring scenarios, you will just be granting access to processes in a Production status.
As shown above, we are presented with the Production status options. We have selected the permission option and that is the Monitor.
Select the Save icon to save your setting:
The Monitor permission will enable the user to have access to the Monitor Requests menu item under the Actions navigation menu:
This will allow the users to view processes which they might not be assigned a task and review the task history.
Adding Users to Roles
Since this role has been created at the very top level of all of our processes, it is available to any category or process. Depending on where you add members to this role, it will dictate how much a particular user(s) can do. While roles are created at the top level only, users can be added to roles at any level, including all processes, specific categories of processes or by individual processes.
For instance, if you select the permissions/roles icon from the Process Menu bar and then add a member to that role, he/she will have access to monitor all processes in all categories.
However, if you wanted to just add a user(s) to monitor a specific category of processes, this can be done too.
Below, we have selected the permissions/role icon next to the Information Technology category in the process list:
These lists of roles are actually all roles that this category has inherited. Notice that the ability to edit a role is not available. This is an indicator that the role has been inherited somewhere above the category.
If you select the Members icon for the Process Monitor role here:
You will be presented with the following:
You can add either individual users or groups of user to be members of this role. If a user cannot be removed, it means they were granted this specific permission at a level higher than the level you are at now.
In the example above, Cole Buchman will be able to monitor any process that occurs in the Information Technology category.
If we were to navigate to a process within the Information Technology category and open the process, you will also notice the Set Roles & Permissions icon associated with the process:
If you would like to only allow someone to be a process monitor for just this particular process, select the Set Roles & Permissions icon and you will be presented with a list of roles for this process:
Notice that the same Process Monitor role that was created is inherited down to this process.
By selecting the members icon for the Process Monitor role we will be presented with:
We can see that Cole Buchman is a member of this role but we will not be able to remove him here.
However, we can add more users as monitors of this process:
Now, John Doe and Bruce Smith will have access to monitor just this process in this Information Technology category, whereas Cole Buchman has access to monitor ALL processes for the category.