Navigation :

Required Roles

Depending on what role a user is assigned in the Limits Module, they have different permissions and can carry out different tasks. This page outlines the required roles in Limits.

ROLE_LIMITS

This role is required. The Limits Module creates the KPI (Key Performance Indicator) in the business after the limit definition is in the Approved status. ROLE_LIMITS is the default KPI owners and readers. KPIs are tagged with owner ROLE_LIMITS, so they can be distinguished from other KPIs created by other applications. The Limits Module deletes the KPIs by ROLE_LIMITS in the content server during startup, before consuming the initial load limit files.

Any user who has access to the Limits Module needs to be set up as ROLE_LIMITS, otherwise they can’t see the KPIs in the business cubes created by the Limits Module.

ROLE_USER

This role is required. The Limits Module creates the KPI (Key Performance Indicator) in the business after the limit definition is in the Approved status. ROLE_USER is the default KPI owners and readers.

ROLE_USERS

Group of ROLE_USER.

This role is used by BPMN in activiti. In the reference workflow implementation, ROLE_USERS can initiate the Straight-through and 4-eye workflows.

The value in the activiti:candidateStarterGroups tag is parsed in the Limits Module to map to ROLE_USERS.

For example, in the 4-eye BPMN file, USERS can start the workflow process. The Limits Module checks if the current user is ROLE_USERS.

<activiti:candidateStarterGroups="USERS">

ROLE_MANAGER

The Limits Module doesn’t use ROLE_MANAGER specifically.

ROLE_MANAGERS

Group of ROLE_MANAGER.

This role is used by BPMN in activiti.

The activiti security “MANAGERS” is parsed in the Limits Module to map to ROLE_MANAGERS.

<activiti:candidateStarterGroups="MANAGERS">

ROLE_ADMIN

The user with ROLE_ADMIN is able to access the RESTful endpoints or to issue the web service against the ActivePivot instances.

In the reference workflow implementation, ROLE_ADMIN can trigger the limit evaluation RESTful endpoint and the DLC.

ROLE_ACTIVITI_USER

The user with ROLE_ACTIVITI_USER is able to access to Activiti queries.

ROLE_ACTIVITI_ADMIN

A user with ROLE_ACTIVITI_ADMIN can update the process definition in Activiti at runtime. Currently, the reference workflow implementation doesn’t provide this functionality.

Default Users

user1/user1: ROLE_USER, GROUP_USERS, ROLE_ACTIVITI_USER, ROLE_CS_ROOT. In the Limits Module, user1 can create/update/delete a limit, and upload the limit file in the Limits Inventory widget.

manager1/manager1: ROLE_USER, GROUP_MANAGERS, ROLE_ACTIVITI_USER, ROLE_CS_ROOT. In the Limits Module, manager1 cannot create a limit nor upload the limit file in the Limits Inventory widget. If the limit definition has 4-eye workflow with MANAGERS as the examiner or approver, manager1 can approve any limit changes and approve the limit deletion.

manager2/manager2: ROLE_USER, GROUP_MANAGERS, ROLE_ACTIVITI_USER. Manager2 has the same permissions as manager1.

admin/admin: ROLE_ADMIN, ROLE_CS_ROOT, GROUP_USERS, GROUP_MANAGERS, ROLE_USER, ROLE_ACTIVITI_USER, ROLE_ACTIVITI_ADMIN