Skip navigation FileNet logo
Glossary  |  Help Directory  
  Help for Process Configuration Console
  Search  |  Index
Process Reference  
Process Configuration Console
Getting started
Isolated regions
Queues
  Manage user queues
  Configure work queues
    Create a work queue
    Modify queue properties
      Edit description
      Manage system fields
      Manage data fields
      Manage indexes
      Set security levels
      Define queue operations
    Move queues across servers
  Configure component queues
    Configure a component queue
    Define component queue operations
    Modify component queue properties
    Enable Content Engine operations
Rosters
VWServices
Process Engines
Workflow database
Events and statistics
   

Set security levels

You can set security levels on workflow rosters, work queues, user queues, and component queue. The security levels you set affect the user's access to the work items contained in the roster or queue. For more information about security levels, see About workflow security.

Important tips regarding security

The following are several items to be aware of when assigning access rights to workflow rosters and queues.

If... then...
the user is a member of the Process Engine administrators group (PEAdministrators by default for Workplace and SysAdminG for FileNet Web Services Client or Open Client), the user automatically has full rights to each roster and queue, even if you don't explicitly assign him access rights.
you do not assign anyone to a specific access right for a roster or queue, you give everyone this specific access right to the roster or queue.

CAUTION To give a specific access right to all users, leave the access right blank. Do not assign a group such as "Domain Users," which adversely affects database and memory usage.

TIP To prevent (nearly) everyone from accessing a roster or queue, assign at least one user to each possible access right for the roster or queue. For example, to prevent most access to a queue, assign the Query & Process access right to one member of the Process Engine administrators group, who has implicit access to the queue anyway.

To set security levels
  1. If the Properties dialog box is not already displayed, select the icon of the queue, roster, or event log you wish to modify and click Properties on the toolbar.
  2. Select the Security tab.
  3. By default when you create a roster or queue, all users have all rights, as shown in the All users text below the Selected users list. This text updates as you add or remove users from the Selected users list, to show you what rights all remaining users have, given the rights you have assigned to selected users.
  4. To grant an access right to one or more users, select those users and add them to the list of selected users. See Participant selection for information about selecting users.

    Right click a user and select the rights you want to assign.

    To revoke access rights, select one or more items from the Selected users list and click Remove remove icon.

  5. To change access rights already assigned, right-click on one or more items in the Selected users list. From the list, check or uncheck the access rights you want to change.
  6. Click OK when done.
  7. Click Commit Changes on the toolbar to apply this change to your isolated region. You can commit the changes immediately, or you can wait until you have finished all your changes.

    NOTE The commit process suspends all other database transactions within the isolated region until it finishes. We strongly recommend that you accumulate all changes and commit them once when you're done, or that you commit changes when the isolated region is relatively inactive. Avoid committing changes after every modification whenever possible.

   

Manage system fields

Manage data fields

Manage indexes

Define queue operations