Rights policies protect access to process and task instance operations. They can be performed on the server and client side so a GUI Client component may limit the offered buttons, menus etc. to the actual permitted operations.
The following rights are defined for process instances and can be granted to individual users or groups:
Read and write variables exported by the processes client view
Create new process instances
Start process instances
Suspend and resume process instances
Abort process instances
The following rights are defined for task instances and can be granted to individual users or groups:
Read and write variables exported by the tasks client view
Reject, accept, cancel and complete a task instance
Assign, delegate and skip a task instance
Retry the last transaction of an escalated task instance
The policies are not directly accessible, checks must be performed via
WfInstance.hasPermission()
, which checks the rights of the current
session's user.
Customized rights policies must never access any client or server specific classes, as it will
be executed on both sides. It may provide a client and a server-specific implementation of an
interface, that gives access to client or server specific classes. Logging must be done to the
generic logging facility defined by com.coremedia.workflow.common.Common.
Interface to implement
Rights policies must implement the interface WfRightsPolicy.
Default implementation
If you only want to adapt the default policy to your needs, subclass the default rights policy AclRightsPolicy and override the appropriate methods.
Defining the policy in the workflow definition
Defining your own rights policy in the workflow definition is quite simple. You only need to
add the policyClass
attribute to the <Rights>
tag as shown in
Example 5.11, “Integrate own rights policy in the workflow definition”. This class must be available in the classpath
of the Workflow Server and Site Manager.
That means you need a runtime dependency on this JAR file in your Site Manager application
module and Workflow Server web application in the workspace.
<Workflow> <Process name="TestWorkflow" startTask="FirstOne"> <Rights policyClass="myPackage.MyOwnRightsPolicy"> <!-- ... more elements and attributes ... --> </Rights> . . </Process> </Workflow>
Example 5.11. Integrate own rights policy in the workflow definition