VA1
Scholar

Which Smartobject shows process instance permissions?

Given a K2 process instance ID, we would like to determine whether a specific user is authorized to access that instance. Access should be allowed when at least 1 of the following conditions are met

 

1. The user has a task assigned in the process instance
2. The user had actioned the process instance at some point i.e. Participated in the workflow
3. The user has View or View Participate or Admin rights on the process

 

Loosely speaking, this corresponds to process rights  but at a process *instance* level instead of a process *set* level. 

 

Any ideas appreciated. Thanks.

 

 

Labels: (1)
0 Kudos
Reply
12 Replies
SteveBarnard
Nintex Professional Services Expert

Re: Which Smartobject shows process instance permissions?

The best way to accomplish what you are asking here is by making use of a properly thought out category security model. You can read more about this here.

 

Take note of the different levels of permissions to be granted (i.e. view/execute etc).

0 Kudos
Reply
VA1
Scholar

Re: Which Smartobject shows process instance permissions?

Steve - I am not sure I understand your suggestion. The Category system can certainly be used to restrict access to smart objects but that wasn't my question. My question was about how to determine whether a given user has access to a specific process instance.

 

What am I missing?

0 Kudos
Reply
SteveBarnard
Nintex Professional Services Expert

Re: Which Smartobject shows process instance permissions?

Hi

Can you please clarify what you mean by access to a specific instance?
0 Kudos
Reply
VA1
Scholar

Re: Which Smartobject shows process instance permissions?

My original post on this thread outlined the specific requirements. 

0 Kudos
Reply
SteveBarnard
Nintex Professional Services Expert

Re: Which Smartobject shows process instance permissions?

A user will have "access" when a task is assigned to them or a group that they are in.

I would suggest granting participate permissions if the requirement is that they need to see the reporting data for instances in which they have participated.

I understand you are looking for a smart object to return this data for you - however using system smartobjects is not intended for usage outside of the management site (read. internal).

Permissions are granted at a category/item level, workflow level but not per instance specifically.
0 Kudos
Reply
VA1
Scholar

Re: Which Smartobject shows process instance permissions?

Steve - Understood. However, we are looking to implement this functionality as part of a internal API layer that mediates access between a React application UI and the K2 engine. So the service account that implements this API needs this ability to impersonate an end user and take actions on their behalf e.g. start a workflow, action it, check access to requested process instance, show me all workflows I participated in and so on.

 

Are you saying this is not possible?

0 Kudos
Reply
SteveBarnard
Nintex Professional Services Expert

Re: Which Smartobject shows process instance permissions?

In that case I would look at the Tasks smart objet and the Reporting Smartobjects for an OOB approach.
0 Kudos
Reply
VA1
Scholar

Re: Which Smartobject shows process instance permissions?

Would you mind pointing out specific smart objects in the Reporting category that may help here? And where can I find the Tasks smart object?

0 Kudos
Reply
SteveBarnard
Nintex Professional Services Expert

Re: Which Smartobject shows process instance permissions?

These can be surfaced by using the Rest API

0 Kudos
Reply