Setup

To set up security for the credit card approval process, the administrator will:

  1. Create users and groups.
  2. Define document classes.
  3. Define a workflow.
  4. Define publish template.
  5. Create folders.

1. Create users and groups in the configured authentication provider's directory service.

To simplify maintenance, create a group for each function, even if only one person performs the function. You then update the group membership when job assignments change. For this example, we'll create the following groups:

2. Define document classes in Enterprise Manager.

Create the CCAppls document class. Display the Default Instance tab, and add the groups, with the access rights indicated in the table below. Optionally and alternatively, you can associate the CCAppls document class with a security policy that will apply appropriate security to applications depending on the version status.

Group Access Rights for Document Class: CCAppls
CC_ApplsEntry View Properties
CC_Processors Modify Properties
CC_Analyst Modify Content
CC_Manager View Properties

Create the CCProcedures document class. Display the Default Instance tab, and add the groups, with the access rights indicated in the table below. Optionally and alternatively, you can associate the CCProcedures document class with a security policy to apply security appropriate to the procedure's version status.

Group Access Rights for
Document Class: CCProcedures
CC_ApplsEntry View Properties
CC_Processors View Properties
CC_Analyst View Properties
CC_Manager Modify Properties
Publish

3. Define the workflow using Process Designer.

Define the workflow used by applications processors and analysts.

Group Access Rights for Workflow Definition: CCAppls
CC_Processors View Properties
CC_Analyst View Properties

4. Define the publish template using Publishing Designer.

Define the publish template used by the manager.

Group Access Rights for Publish Template:
CCProceduresPublishing
CC_Manager View Content

5. Create folders using Enterprise Manager.

Create folders with the access rights indicated in the tables below.

Group Access Rights for Folder: /NewAppls
CC_ApplsEntry Add to Folder
CC_Processors Add to Folder
CC_Analyst View Properties
CC_Manager View Properties

Group Access Rights for Folders:
/ Approved and /Denied
CC_Processors Add to Folder
CC_Manager View Properties

Group Access Rights for Folder:
/Pending
CC_Processors Add to Folder
CC_Analyst View Properties
CC_Manager View Properties

Group Access Rights for Folder:
/ProceduresSource
CC_Manager Add to Folder

Group Access Rights for Folder:
/Procedures
CC_Manager Add to Folder
All other groups View Properties

Optionally, a folder can be the security parent for the contained objects (subfolder, documents, and custom objects). This requires configuration of the parent folder and each contained object.