You can set security levels on workflow
rosters, work
queues, user
queues, and component queues. The security levels you set affect the
user's access to the work items contained in the roster or queue. For
more information about security levels, see About
workflow security.
Important tips regarding security
The following are several items to be aware of when assigning access rights
to workflow rosters and queues.
If...
then...
the user is a member of the Process Engine
administrators group
(PEAdministrators by default for Workplace and SysAdminG
for FileNet Web Services Client
or Open Client),
the user automatically has full rights to each roster and queue,
even if you don't explicitly assign him access rights.
you do not assign anyone to a specific access right for a roster
or queue,
you give everyone this specific access right to the roster or queue.
CAUTION To
give a specific access right to all users, leave the access right blank.
Do not assign a group such as "Domain Users," which adversely
affects database and memory usage.
TIP To
prevent (nearly) everyone from accessing a roster or queue, assign at least
one user to each possible access right for the roster or queue. For example,
to prevent most access to a queue, assign the Query
& Process access right to one member of the Process Engine
administrators group,
who has implicit access to the queue anyway.
To set security levels
If the Properties dialog box is not already displayed, select the icon of the queue, roster,
or event log you wish to modify and click Properties on the
toolbar.
Select the Security tab.
By default when you create a roster or queue, all users have all rights, as shown in the
All users text below the Selected users list. This text updates
as you add or remove users from the Selected users list, to show you what rights all remaining
users have, given the rights you have assigned to selected users.
To grant an access right to one or more users, select those users and add them to the list
of selected users. See Participant selection for information about selecting users.
Right click a user and select the rights you want to assign.
To revoke access rights, select one or more items from the Selected
users list and click .
To change access rights already assigned, right-click on one or more items in the Selected
users list. From the list, check or uncheck the access rights you want to change.
Click OK when done.
Click Commit on the toolbar
to apply this change to your isolated region. You can commit the changes immediately, or you
can wait until you have finished all your changes.
NOTE The
commit process suspends all other database transactions within the isolated region
until it finishes. We strongly recommend that you accumulate all changes and commit
them once when you're done, or that you commit changes when the isolated region
is relatively inactive. Avoid committing changes after every modification whenever
possible.