Rights policies protect access to process and task instance operations. They can be performed on the server and client side so a GUI Client component may limit the offered buttons, menus etc. to the actual permitted operations.

The following rights are defined for process instances and can be granted to individual users or groups:

The following rights are defined for task instances and can be granted to individual users or groups:

The policies are not directly accessible, checks must be performed via WfInstance.hasPermission(), which checks the rights of the current session's user.

Customized rights policies must never access any client or server specific classes, as it will be executed on both sides. It may provide a client and a server-specific implementation of an interface, that gives access to client or server specific classes. Logging must be done to the generic logging facility defined by com.coremedia.workflow.common.Common.

Interface to implement

Rights policies must implement the interface WfRightsPolicy.

Default implementation

If you only want to adapt the default policy to your needs, subclass the default rights policy AclRightsPolicy and override the appropriate methods.

Defining the policy in the workflow definition

Defining your own rights policy in the workflow definition is quite simple. You only need to add the policyClass attribute to the <Rights> tag as shown in Example 5.8, “Integrate own rights policy in the workflow definition”. This class must be available in the classpath of the Workflow Server and the client. That means you need a runtime dependency on this JAR file in your client application module and Workflow Server web application in the workspace.

<Workflow>
  <Process name="TestWorkflow" startTask="FirstOne">
    <Rights policyClass="myPackage.MyOwnRightsPolicy">
      <!-- ... more elements and attributes ... -->
    </Rights>
    .
    .
  </Process>
</Workflow>