Process Permissions

You can define very granular permissions for users to interact with your processes.

You can set the following process permissions for each app role you have defined:

  • start

  • pause

  • reassign

  • archive

Permissions for default app roles

By default the admin app role has all the permissions, and guest app role has no permissions.

Allow everything

true grants permissions for all actions. false does exactly the opposite of course.

# myProcess.yml

permissions:
  recruiter: true

Permissions on specific actions

true grants permissions for the specific action. false does exactly the opposite.

# myProcess.yml

permissions:
  recruiter:
    start: true
    pause: true
    archive: false
    reassign: false

Permissions on specific cases

For the pause, archive, and reassign options, you can limit which cases can be modified, by using the following filters:

  • own: Grants permissions on cases that have been initiated by the user.

  • assigned: Grants permissions on cases that have tasks currently assigned to the user. After the task is completed or reassigned, the user won’t be able to execute the action anymore.

  • any: Grants permissions on any case.

# myProcess.yml

permissions:
  recruiter:
    start: true
    pause:
      own: true       # can pause cases initiated by them
      assigned: true  # can pause cases with tasks assigned to them
    archive:
      own: true       # can only archive cases initiated by them
    reassign:
      any: true       # can reassign any case. It's the same as "reassign: true"

More information in the Process Permissions YAML Reference.