I would like to confirm Action Rights functionality.
Is Action Rights security based on the action name in the scope of the process or the action name for a client event.
For example, referring to the diagram.
We have two client events
- Awaiting initial QA
- Initial QA memo
The K2 role Data Entry is in the destination users for both. Therefore they have access to all actions described above.
Both activities have a Withdraw action. If we deny the Data Entry role access to the Withdraw action on the Initial QA memo client event, the Data Entry user will NOT have access to the Withdrawn action on Awaiting initial QA client event.
Therefore it seems to me that action rights are secured by action name in the scope of the specific process, is this correct?
