The Users section of the SMC is a centralized user access system where administrators can create, remove and manage Users and User Groups. User passwords may either be maintained by BPA Server 9 or authenticate to Windows/Active Directory. Created users and groups can be assigned specific roles, rights and views. For instance, certain users or groups can have access to build, edit or delete workflows and tasks but not have access to manually execute them, while others can view and execute workflows and tasks but cannot edit or delete them. Unlimited users or groups can be created, each with their own set of abilities.
The Users section contains the following folders:
Users - Allows for the creation and management of users. See Creating and Managing Users for more details.
User Groups - Allows for the creation and management of user groups. See Creating and Managing User Groups for more details.
The concept of Users and User Groups is a means of providing access and security to objects and items encompassed in AutoMate BPA Server 9. Because items such as workflows, tasks, conditions, agents and users are securable objects, access to them can be regulated by the User or User Group that governs access to BPA Server 9 objects. This system is modeled after the Windows File Security system.
There are two types of permissions that can be assigned to a User/User Group; Item Permission and System Permission.
For more on Item Permissions, see Item Permissions.
For more on System Permissions, see System Permissions.
When resolving a user permission on an item, the system will look to see if the user or a group the user belongs to has permissions for the item. If there is a conflict among the user/group regarding whether the permission is granted or denied, the permission with the least privilege is used. If no user/group can be resolved for the item, the system looks at the permissions on the folder containing the item. The same logic applies at this level. If no user/group can be resolved at this level, the folder’s parent folder is inspected, and on up the folder structure until either the permission is resolved or the root folder is reached. If the permission hasn’t been resolved once the root folder is evaluated, the permission is denied.
When resolving a system permission for an action a user is attempted to perform, the User and all the User Groups that it is assigned to is searched for a "Grant" on that permission. If a single Grant is found, the action is allowed to proceed.
A system User Group is created by default by BPA Server 9, and cannot be modified or deleted, but it can be added and removed from an item.
The Creator system group will only grant permissions to the User that created the item. This group is associated with all items by default, and granted all permissions.
The Role field currently on the User dialog is superseded by the introduction of User Groups, and will no longer appear on user interfaces or documentation. To migrate between these two systems when Users already exist, Developer, Manager, and Administrator User Groups will be created by default. These groups can be renamed or deleted at will.
To mimic the behavior of BPA prior to 7.0.8 while allowing the benefit of full customization BPA 7.0.8 offers, the following assignments will be made by default:
All users assigned the Developer role will be assigned to the developer group.
All users assigned the Manager role will be assigned to the Developer and Manager groups.
All users assigned the Administrator role will be assigned to the Developer, Manager, and Administrator groups.
All workflows, tasks, conditions and the corresponding root folders will be associated with the Developer, Manager, and Administrator groups, with all permissions granted.
Agents and the corresponding root folder will be associated with the Administrator group, with all permissions granted.
Agent Groups and the corresponding root folder will be associated with the Administrator group, with all permissions granted.
Users and the corresponding root folder will be associated with the Administrator group, with all permissions granted.
User Groups and the corresponding root folder will be associated with the Administrator group, with all permissions granted.
Reports | Agents | Repository | Workflows | Calendar | Options
↑ Top of Page