Manage roles and permissions in process automation

In Integrify, permissions are controlled by a system administrator. In this article, we will focus on setting these permissions.

You can assign permissions anywhere you see the Roles & Permissions icon. 

When assigning permissions in Integrify you are essentially defining “Who” can do things and “What” they can do. Integrify has nine permission settings to select from.

Below is a list of the available permission settings and their definition:

  • ViewConfig – gives the user the ability to view the configuration settings for an item

  • Edit – gives the users the ability to modify and save an item

  • Create – allows users to create a new item

  • Delete – allows users to remove an item

  • Run – allows users to initiate/view an item. This permission applies to Processes, Reports, Tabs and Dashboards.

  • Participate – allows users to contribute to an instances of an item. This permission applies to Processes.

  • Grant – allows users to provide access and set permissions for specific items

  • Manage – allows users to change an instance of an item. This permission applies to Processes and Groups

  • Monitor – gives users the ability to view Requests (instances of a process) to which they may or may not be assigned. This permission applies to Processes.

Adding a New Role

Let’s start by navigating to our Processes from the left-side navigation pane.

You will be presented with a list of all categories for that contain your processes:

You will also notice that the Set Roles & Permissions icon is made available at the top of the process list and then for each individual category that contains a process. You can only create roles at this top Process Category level. For the levels below this level, you can only assign roles.

For instance, if we were to select the icon next to the Human Resources category, we could only select a new role for that category.

Conversely, if we were to create a new role by selecting the icon in the actual Process Menu bar for the whole listing, we could create a role that could be used by any category or any process within those categories.

For this example, we will create a new Process Monitor role that may be used by any category and any process within those categories.

Start by selecting the Set Permissions icon in the Process Menu bar:

You should be presented with a new dialog similar to the following:

This dialog displays all of the roles that have been created (your installation may vary).

To add the new Process Monitor role, which will allow Monitor Permissions for a process, select the Add Role button:

Add a new Name and optionally provide a description and select Add Role:

Once the role has been created you can find your role in the list and choose the Edit Permissions icon for the role:

You will be presented with a series of check boxes in the Role Permissions window:

These permissions determine what a user can do to a process. Also, you will notice that the permissions also correspond to the Publish Status (Development, Testing, Production, Inactive, Any) of a process.

In this scenario, we are just looking to give specific users access to monitor processes that are in a Production publish status. It is possible, however, to grant a role access to view, edit, delete, monitor, etc for processes in Development, Testing, Production, or Inactive as well.

Note: In most monitoring scenarios, you will just be granting access to processes in a Production status.

As shown above, we are presented with the Production status options. We have selected the permission option and that is the Monitor.  

Select the Save icon to save your setting: 

The Monitor permission will enable the user to have access to the Monitor Requests menu item under the Actions navigation menu:

This will allow the users to view processes which they might not be assigned a task and review the task history.

Adding Users to Roles

Since this role has been created at the very top level of all of our processes, it is available to any category or process. Depending on where you add members to this role, it will dictate how much a particular user(s) can do.  While roles are created at the top level only, users can be added to roles at any level, including all processes, specific categories of processes or by individual processes.

For instance, if you select the permissions/roles icon from the Process Menu bar and then add a member to that role, he/she will have access to monitor all processes in all categories.

However, if you wanted to just add a user(s) to monitor a specific category of processes, this can be done too.

Below, we have selected the permissions/role icon next to the Information Technology category in the process list:

These lists of roles are actually all roles that this category has inherited. Notice that the ability to edit a role is not available. This is an indicator that the role has been inherited somewhere above the category.

If you select the Members icon for the Process Monitor role here:

You will be presented with the following:

You can add either individual users or groups of user to be members of this role.  If a user cannot be removed, it means they were granted this specific permission at a level higher than the level you are at now.

In the example above, Cole Buchman will be able to monitor any process that occurs in the Information Technology category.

If we were to navigate to a process within the Information Technology category and open the process, you will notice the Role Memberships icon associated with the process:

If you would like to only allow someone to be a process monitor for just this particular process, select the Role Memberships icon and you will be presented with a list of roles for this process:

Notice that the same Process Monitor role that was created is inherited down to this process.

By selecting the members icon for the Process Monitor role we will be presented with:

We can see that Cole Buchman is a member of this role but we will not be able to remove him here, because he was added at the top level.

However, we can add more users as monitors of this process:

Now, John Doe and Bruce Smith will have access to monitor just this process in this specific process, whereas Cole Buchman has access to monitor ALL processes.