M301 ADMIN-PRIVILEGE
Last updated Dec 12, 2017

Grant Administrator Privilege of the Whole System

Anyone to make setting of the entire Workflow platform (BPM System) must has been registered authority of [System Administrator], or [User Manager]. Furthermore, to make registration of a new Business Process Definition (App), the manipulator must have been delegated an authority of [App Creator].

M301-1-en


a. System Administrator Authorization
Besides granting a System Privilege to an arbitrary user, you can set the whole system
b. User Manager Authorization
You can Add, Suspend a user account, Resetting a user’s password
c. App Creator Authorization
Add new Business Process Definition (App)
R3010 List of Authorization of System Privileges
  • Display of administration menu and control button differs according to the privilege you have
  • For example, you cannot add a User account in the case of having nothing but [System Administrator] authority
a. Minimize Privilege
Grant minimal privilege that is necessary for System Administration Business to the user
b. Forbid Account Sharing
Do not issue such accounts as “Administrator” or “root” that can be sharing
  • There are no such universal and extensive privileges that enable all System Settings or Business Definition
  • In the case of double login by same user account, the ongoing session is disconnected
a. Grant to one User
Select from registered User Accounts
b. Grant to Users in an Organizational unit
Select a registered [Organization] or [Role] to grant to all the belonging Users
  • To grant System Privileges, you need to have [System Administrator] authority
  • When granted to members of Organizational unit, the privilege will be lost at leaving from the [Organization]
  • In granting to Organizational unit, you can limit to the Leaders only
  • All Users can see their own privileges in [Account Settings] menu

M301-2-en
M301-3-en