Chapter 23. Managing Security for Red Hat JBoss BPM Suite Dashbuilder

23.1. Accessing Red Hat JBoss BPM Suite Dashbuilder

Dashbuilder is the Red Hat JBoss BPM Suite web-based user interface for Business Activity Monitoring. To access the Dashbuilder from Business Central, go to DashboardsProcess & Task Dashboards.

The displayed dashboard provides statistics on runtime data selected on the left. You can create your own dashboard in the Dashbuilder. To do so, display the Dashbuilder by clicking DashboardsBusiness Dashboards.

23.2. Managing security

To manage security, you can define custom authorization policies to grant or deny access to workspace, page, or panel instances per role.

Defined below is a list of the available roles for Dashbuilder:

  • admin: Administrates the Red Hat JBoss BPM Suite system. Has full access rights to make any changes necessary. Also has the ability to add and remove users from the system.
  • developer: Implements code required for process to work. Mostly uses the JBDS connection to view processes, but may use the web tool occasionally.:
  • analyst: Responsible for creating and designing processes into the system. Creates process flows and handles process change requests. Needs to test processes that they create. Also creates forms and dashboards.
  • user: Daily user of the system to take actions on business tasks that are required for the processes to continue forward. Works primarily with the task lists.
  • manager: Viewer of the system that is interested in statistics around the business processes and their performance, business indicators, and other reporting of the system and people who interact with the system.

Thanks to the permissions system, you can build a workspace structure with several pages, menus, and panels and define what pages and panels within a page will be visible for each role. You can also define special types of users and give them restricted access to certain tooling features, or even restricted access to a page subset.

23.3. Workspace permissions

Procedure: Accessing Workspace Permissions

  1. Log into Business Dashboards from Business Central (as described in the Accessing Red Hat JBoss BPM Suite Dashbuilder topic).
  2. Select the appropriate Dashboard from the Wokspace drop-down:

    Figure 23.1. Dashbuilder Workspace

    Dashbuilder Workspace for BPMS 6.0.2
  3. Click the Edit selected workspace properties button to access the Workspace Dashboard.
  4. Click the Permissions label to view the permission management screen.

    Figure 23.2. Permissions Screen

    Permission Management Screen for BPMS 6.0.2

Under the Permissions section is a list of allowed actions that are applied to the selected role:

  • Access: Permission to login into the application.
  • Administrate: Permission to access the toolbar and system configuration features.
  • Create pages: Ability to create new project pages.
  • Edit: Permission to change the workspace properties.
  • Clear: Ability to delete the workspace.
  • Edit permissions: Ability to grant/deny permissions.
  • Change allowed panels: Permission to restrict the type of panels that can be used in this workspace.

To assign a permission, you must select the target role and the list of actions allowed over the selected resource:

Figure 23.3. Permissions assignment

Permissions assignment image for BPMS 6.0.2
  • Target roles (who): What user will be granted/denied with the permissions defined.
  • Allowed actions: Depending on the type of the resource we can enable/disable what the user can do on this resource.
  • Reverse (optional): When we have a set of roles and we want to grant/deny a permission to all the roles but one.

By default, the full set of permissions go to the role admin. This makes it easy to create a user that can do everything as long as the role admin is assigned.

23.4. Page permissions

  1. To access Page permissions, locate the Pages drop-down under the jBPM Dashboard (or whatever Dashboard you selected).
  2. After expanding Pages, expand the Process dashboard option.
  3. Select the Page permissions option.

Figure 23.4. Page Permissions

Permission management screen for BPMS 6.0.2

Under the Permissions section is a list of allowed actions that are applied to the selected role:

  • Visualize: Permission to make the page visible.
  • Edit: Ability to change the page properties.
  • Clear: Ability to delete the page.
  • Edit permissions: Ability to grant/deny permissions for the page.

23.5. Panel permissions

  1. To access the Panel permissions page, expand the Panel instances option under the jBPM Dashboard (or whatever Dashboard you are using).
  2. Expand the Dashboard option and then expand the Process dashboard.
  3. Expand the Panels choice and select the appropriate process.
  4. Open the Panel permissions page.

Below is a screenshot of the permission management screen for a given panel (in this example, the Process dashboard):

Figure 23.5. Panel permissions configuration screen

Panel permissions for Dashbuilder in BPMS 6.0.2

Allowed actions are the following:

  • Visualize: Make the panel visible.
  • Edit: Change the panel properties.
  • Edit permissions: Ability to grant/deny permissions for the panel.