You are viewing the documentation for Blueriq 13. Documentation for other versions is available in our documentation directory.
Authorization algorithms are available within the process module to assure a task can only be performed by users with the right role.
A represents the element Authorization algorithm which is used to create dynamic authorization for tasks. The element offers three possibilities to create the algorithm, using an external source, selecting roles, or using the 2-man rule.
External Source
When an external source is used, a technical engineer needs to create the algorithm and make it available at runtime. The external algorithm can result in one or more roles.
Selecting Roles
Roles can be connected directly by selecting them in the extenders at the right side of the page.
At runtime the authorization algorithm will be evaluated after starting a task using the service AQ_ExecuteTask. The algorithm will result in one or more roles, the user must have at least one of them to execute the task.
When there is no Routing algorithm connected to a task, the result of the Authorization algorithm will be stored in the process database under roles. This way users with insufficient rights will not see the tasks in their worklist.
Example
A user has the role: senior sales
Algorithm result | may execute task |
---|---|
senior sales | TRUE |
junior sales, senior sales | TRUE |
junior sales | FALSE |
A user has the roles: senior sales, salesmanager
Algorithm result | may execute task |
---|---|
senior sales | TRUE |
junior sales, senior sales | TRUE |
junior sales | FALSE |
junior sales, salesmanager | TRUE |
2-man rule
This expression box lets you provide a set of user ids that are not allowed to execute this task. Even if the user has the appropriate roles (see above), if its id provided here the user is not authorized to execute the task.
The most common scenario is that you store one or more ids of users that executed some earlier tasks in the profile of the process, and then provide these ids to the authorization algorithm for a specific task. This task is likely a review task.