I would like to tell rather a “Caution” than a Tip, here.
Questetra BPM Suite has a feature of communal use of Options master data.
It is convenient to register options which are frequently used into an Options Master data. However, there is a weak point that “it is impossible to detect which Process definition adopts the Options Master” currently.
Also, there is another feature which publishing a Web form which automatically starts a new Process upon someone entering into the form. The feature is on assumption of being used as a simple inquiry form.
= Web document: M220 Auto Starting Triggered by Published Web Form Entry
Considering these features together, there is a risk that “confidential information to be opened to public”. The following is a conceivable scenario. (Note that this is not an instance that really happened.)
- System administrator has registered an Options Master of products list.
- A published Web form has been created, which contains a selection from the list.
- System administrator has added product names which are in development, not knowing the list is used in Web form.
- The name of under development product leaked to public through the inquiry Web form…
Because of the policy of Questetra BPM Suite that “each of the responsible person manages Business Process Definitions”, there could be possibilities that “Options Master to be used in the way the System administrator does not intend to”. I recommend you, System administrators, to occasionally check how the published Web forms are. You can see the list of published Web forms from the following menu.
[System Setting] > [Process Model External Connectivity] > [Message Start Event (Form)]
I would like to append my thoughts at the end.
“Options Master should be known in which Process Definition it is used”
“Published Web form should be controlled more by system administrator.”
|Another article - Hatanaka Akihiro||Application via Enterprise Portal (part 2)|