Skip navigation FileNet logo
Glossary  |  Help Directory  
  Help for Process Configuration Console
  Search  |  Index
Process Reference  
Process Configuration Console
Getting started
Isolated regions
Queues
Rosters
  Create a roster
  Modify roster properties
    Manage system fields
    Manage data fields
    Manage indexes
    Set security levels
  Move rosters across servers
VWServices
Process Engines
Workflow database
Events and statistics
   

Set security levels

You can set security levels on workflow rosters, work queues, user queues, and component queues. The security levels you set affect the user's access to the work items contained in the roster or queue. For more information about security levels, see About workflow security.

Important tips regarding security

The following are several items to be aware of when assigning access rights to workflow rosters and queues.

If... then...
the user is a member of the Process Engine administrators group (PEAdministrators by default for Workplace and SysAdminG for FileNet Web Services Client or Open Client), the user automatically has full rights to each roster and queue, even if you don't explicitly assign him access rights.
you do not assign anyone to a specific access right for a roster or queue, you give everyone this specific access right to the roster or queue.

CAUTION To give a specific access right to all users, leave the access right blank. Do not assign a group such as "Domain Users," which adversely affects database and memory usage.

TIP To prevent (nearly) everyone from accessing a roster or queue, assign at least one user to each possible access right for the roster or queue. For example, to prevent most access to a queue, assign the Query & Process access right to one member of the Process Engine administrators group, who has implicit access to the queue anyway.

To set security levels

  1. If the Properties dialog box is not already displayed, select the icon of the queue, roster, or event log you wish to modify and click Properties on the toolbar.
  2. Select the Security tab.
  3. By default when you create a roster or queue, all users have all rights, as shown in the All users text below the Selected users list. This text updates as you add or remove users from the Selected users list, to show you what rights all remaining users have, given the rights you have assigned to selected users.
  4. To grant an access right to one or more users, select those users and add them to the list of selected users. See Participant selection for information about selecting users.

    Right click a user and select the rights you want to assign.

    To revoke access rights, select one or more items from the Selected users list and click remove icon.

  5. To change access rights already assigned, right-click on one or more items in the Selected users list. From the list, check or uncheck the access rights you want to change.
  6. Click OK when done.
  7. Click Commit on the toolbar to apply this change to your isolated region. You can commit the changes immediately, or you can wait until you have finished all your changes.

    NOTE The commit process suspends all other database transactions within the isolated region until it finishes. We strongly recommend that you accumulate all changes and commit them once when you're done, or that you commit changes when the isolated region is relatively inactive. Avoid committing changes after every modification whenever possible.