You want your development team to create tasks and taskflows in
. The development team needs to view sample data in development, but you want to restrict access to production data.
Create a Developer role for the development team. Configure the role with all privileges for tasks and related assets, but only the Read privilege for connections.
Create a Development Team user group and add all members of the development team to the group.
Assign the Developer role to the Development Team group.
If possible, create development connections to sample data. If you have both development and production connections, configure the production connections so that the Development Team group does not have read permission for these connections. This prevents users in the Development Team group from using production connections in tasks.
After testing is complete and tasks are ready to move into production, have an administrator or other qualified user configure the tasks to use production connections.
Edit the Developer role and remove the privilege to run tasks. If development is complete for a task type, you can also remove the privileges to read and update the tasks. By removing the read privilege, you prevent users with the Developer role from accessing information about production tasks.
You have a reporting team that needs to run tasks in
, but does not have the technical knowledge to configure tasks safely.
Create a Reporter role for the reporting team. Configure the role with privileges to read and run tasks and taskflows, and privileges to read, create, and update schedules. Do not enable privileges to create, update, delete or set permissions on assets in the organization.
Create a Reporting Team user group and add all members of the reporting team to the group.
Assign the Reporter role to the Reporting Team group.
You want a security administrator who can assign roles and user groups and configure access control, but cannot create, edit, or run tasks.
Create a custom role called Security Administrator.
Edit the Security Administrator role and grant all privileges except the privileges to create, update, delete, and run tasks, connections, and schedules.
Assign the Security Administrator role to the security administrator.
You want to easily keep track of your organization administrators.
Create a user group called "Organization Administrators" and assign the Admin role to the group. Add all of your organization administrators to the group.
Your organization uses an OrderProcessing API to manage orders to a large supplier. This API consists of processes in
that include CreateOrder, ApproveOrder, and GetOrder. As an Admin, you want to restrict access to the ApproveOrder process to a few people.
Create a custom role called Approver. Configure the Run privilege for Application Integration Assets for the Approver role.
Create a user group called Order Approvers.
Assign the Approver role to the Order Approvers group.
Assign the Service Consumer role to the Order Approvers group. You must do this as the Service Consumer role can access and invoke processes.
Assign the users who need to be able to invoke ApproveOrder to the Order Approvers group.
In the Allowed Roles field of the ApproveOrder process, enter Approver.
Only members of the Order Approvers group will be able to invoke the ApproveOrder process.
You want an
developer to be able to perform all functions in the
Application Integration Console
except for viewing detailed process logs.
Create a role called Custom_Dev and configure the role with the following privileges:
service, go to the
tab, and enable all CRUD privileges for
Application Integration Assets
Go to the
tab and add the Development, Console Administration, Publish Application Integration Assets, View Application Integration Console, and View Application Integration Designer privileges to the role.