Authorization
Our platform has a rich access control system that allows you to model a wide range of possibilities on process management. This gives you enormous flexibility in defining your organization's business cases. We also understand that this flexibility inherently turns into a higher complexity so we have tried to model as simply as possible the whole authorization system.
In KuFlow we have modeled a system of roles and permissions that act on the different processes in your organization. Within an organization users can take different roles according to the needs of their work. The assignment of these roles grants characteristics on what the user can get to perform in an organization, however the possession of these roles does not imply that the user has access to the total set of resources it grants. In other words, the granting of these roles only represents the operations that the user can perform.
The configuration of the set of resources is achieved by assigning permissions that can be configured in the definition of the processes. At this point we must make the following appreciation. A process is composed of different tasks that are performed based on the governance defined in the workflow that controls it. This implies that different tasks can be performed by different actors, whether human (users) or automated (applications). However, a task is not an entity that can live outside a process, so since the actors that initiate the processes and those that perform the tasks may not be the same, it becomes obvious to have one set of permissions at the process level and another set of permissions at the task level.
We will see all this in the following sections of the documentation in a more schematic way. However, a word of advice, remember that roles are always granted at user level (in the Users section of the administrative part of the web) and permissions at process and task level (in the Processes section of the administrative part of the web).
To go more in depth
Take a look at how your ogranization users relate to the different roles provided by KuFlow as well as their possible ogranization into user groups.
In process definition, defining permissions is a critical part of defining who can instantiate processes, for example.
Consistent with the process permissions, it is of vital importance to define who can perform a certain task among other characteristics.
