WF-system Administrator guide

From RunaWFE
Jump to navigation Jump to search

RUNA WFE. Administrator’s Guide

Version 3.0


© 2004-2011, ZAO Runa. RUNA WFE is an open source system distributed under a LGPL license (http://www.gnu.org/licenses/lgpl.html).


RUNA WFE is an open source end-user oriented system for enterprise business process management, fully implemented in Java. Designed for large and middle-size enterprises.


Security System

The security system consists of subjects, objects and permissions to perform actions.

Subjects are granted permissions to perform actions with certain objects.

The types of subjects in the security system are as follows.

  • Executors
    • Actors
    • Groups of actors

The types of objects in the security system are as follows:

  • System
  • Executors
    • Actors
    • Groups of actors
  • Business process definitions
  • Business process instances

Note. There is only one object of the “System” type in the security system. The number of objects of other types is not limited.


Note. Permissions to perform actions are added up for each subject. If an executor is a member of a group of actors, the permissions explicitly granted to this subject (its “own permissions”) are added to the permissions granted to the group. The latter are called “inherited permissions”.

Types of Permissions

There are two types of permissions can be granted on any object:

  • Read
  • Update Permission

Permission on Objects by Object Type


“System” object:

  • Login
  • Create Executor
  • Deploy Definition
  • Change its password

“Process Definition” object

  • Start Process
  • Undeploy Definition
  • Redeploy Definition

“Process Instance” object

  • Stop Process

“Executor” object:

  • Update Executor

If the executor is a group of actors, the following permissions can be granted:

  • List Group
  • Add to Group
  • Remove from Group

Permission Type Descriptions and Default Values

The Administrators group is always present in the system. It cannot be deleted from the system, If the subject is Administrators group, its “own” permissions on the “Administrators Group” object cannot be changed. The Administrators group is always granted all possible permissions on every newly created Executor. This group also has all possible permissions on the “System” object.


An Administrator actor is a member of the Administrators group by default. An Administrator can be removed, but the system cannot operate normally with all its administrators deleted.


Only executors with the “Create Executor” on the “System” object can create new actors and groups of actors. A newly created Executor has a “Read” permission on itself, and if the executor is a group, it also has a “List Group” permission. The creator of an Executor and the Administrators are granted all possible permissions on the newly created Executor.


By default, a newly created Executor has no “Login” permission on the “System” object, which means that a newly created Executor cannot enter the system. For a newly created Executor to enter the system, it is necessary to grant the “Login” permission to this Executor and to set a password (or passwords for all members of the group).


Only an Executor with a “Read” permission on an object can read this object. Only an Executor with an “Update Permission” on an object can change permissions on this object. An actor with an “Update Executor” permission on an Executor can change the properties of this Executor or remove it altogether.


Note. To update an Executor, it is also necessary to have a “Read” permission on this Executor.


Only an actor with a “List Group” permission on a group can view the members of this group. Only an actor with a “Add to Group” permission on a group can add new members to this group. To remove an Executor from a group, a “Remove from Group” permission is required.


By default, a Process Definition Administrators group is present in the system. This group has privileges on business process definitions and instances. It cannot be removed, The members of the Process Definition Administrators are granted all possible permissions on newly created business process definitions and samples. By default the Administrators group is a member of the Process Definition Administrators group.


A business process definition can only be loaded into the system by an actor with a “Deploy definition” permission on the “System” object. The actor who loads a business process and the Process Definition Administrators group are granted all possible permissions on the business process loaded.


If user or any group that he/she is in has permission to change his/her password (this is set on "System" tab), than he/she can change his/her password whether he/she has permission to change his/her properties or not.

Working with Actors and Groups of Actors

How to Create a New Actor

In the Executors menu choose “Create Actor”, and the Create Actor page will appear.


WF-system Administrator guide ris1.png


On this page, fill in the fields and press “Apply”.

The “Name” field corresponds to the actor’s login and is mandatory. The rest of the fields are optional. The “Code” field corresponds to the employee number.


Each newly created actor requires a password (see “How to Change the Parameters of an Actor”) and permissions to enter the system (see “How to Grant Permissions on a System Object to an Executor”).


How to Change the Parameters of an Actor

In the “Executors” menu, click the Actor whose parameters need to be changed. A page will appear, where with appropriate permissions you can change the actor’s parameters and password.

In order to change his/her password it's sufficient to have permission to change the password (it's set on "System" tab). Also the password may be changed by anyone who has permission to change user's parameters.


WF-system Administrator guide ris2.png

How to Create a New Group of Actors

In the Executors menu, choose “Create Group”, and the Create Group page will appear.

On this page, fill in the fields and press “Apply”.

How to Change the Parameters of a Group of Actors

In the “Executors” menu, click the Group of Actors whose parameters need to be changed. A page will appear, where with appropriate permissions you can change the parameters of the Group of Actors.


How to Add an Actor to a Group of Actors

In the “Executors” menu click the Group of Actors to which you want to add a new Executor. In the Group Members table, choose “Add”. In the form that appears, check the Executors to be added to the group and choose “Add” (in the lower part of the page).

How to Grant Permissions on a System Object to an Executor

Open the “Add” menu. If the Executor is not in the table add it using the “Add” command in the upper part of the table. In the Executor line check the necessary positions and press “Add”.

How to Grant Permissions on an Executor to another Executor

Open the “Executors” menu and click the Executor on whom you want to give permissions. If the Executor to whom permissions need to be given is not in the “Permission Owners” table on the page that appears, it is necessary to add this Executor using the “Add” command. Then in the Executor line check the necessary positions and press “Apply”.


Working with Business Process Definitions

Yow to Deploy a New Business Process

Open the “Process Definitions” menu and choose “Deploy Definition”. On the page that appears, select the process type from a list of existing types (or enter a new one), enter the path to the process definition file and click “Execute”. If the process definition contains no errors, it will be loaded into the system.


WF-system Administrator guide ris3.png


How to Undeploy a Business Process

In the “Process Definitions” menu check the processes to be undeployed and click “Undeploy”. The marked processes will be removed from the system together with their instances.


How to Grant Permissions on a Process Definition to an Executor

In the “Process Definitions” menu select the line with the required business process and execute the “Properties command” there. On the page that appears click “Permission Owners”. A page will appear with a table of permissions on the process definition.


WF-system Administrator guide ris4.png


If the Executor to whom permissions need to be given is not in the table, add this Executor using the “Add” command. Then in the Executor line check the necessary positions and press “Add”.


Note. The table of Executor permissions on the process definition has two fields that are not in the list of permissions on the “Process Definition” object (see “Security System”):

  • Read Instance
  • Cancel Instance

A checked box in this field means that by default this actor will be granted permissions on any newly created instance of this business process (Read Instance or Cancel Instance, as the case may be).


How to Redeploy a Business Process Definition

In the “Process Definitions” menu find the line with the appropriate business process definition and click “Properties” there. On the page that appears in the Redeploy Definition section, enter the path to the process definition file and click “Execute”. If the process definition contains no errors it will be loaded into the system.


WF-system Administrator guide ris5.png


Note. All the existing instances of the business process will continue to run according to the old definition, but newly created instances will correspond to the new one.


Note. Permissions for the new process definition will be the same as for the old one.


Working with Business Process Instances

Viewing the State and Values of Business Process Variables

In the “Process Instances” menu find the line with the appropriate business process instance and click on this line.


WF-system Administrator guide ris6.png


A page will appear with the name of the Action being executed by the process, the values of all process variables, the swimlane table and a link to the table of permissions on the process instance (“Permission Owners”).


How to Cancel a Business Process

In the “Process Instances” menu, find the line with the appropriate business process instance and click on this line. On the page that appears click “Stop”.


WF-system Administrator guide ris7.png

Working with bot stations and bots

How to view the bot stations list

Enter the «Bot Stations» menu:

WF-system Administrator guide ris8a.jpg

click the bot station name:

WF-system Administrator guide ris9a.jpg

You can edit bot's parameters after clicking on the bot's name

WF-system Administrator guide ris10a.jpg

How to add bot and a task for bot

If a user obtains permission to create bots, then he would have an "add bot" command in the botstation properties and an "add task" command in bot's properties. Every bot has a login (which should match with a login on one of the executors) and a password (which should also match). A task has a task name, task handler name and configuration. The task name is an arbitrary string. A task handler name is the name of the class that implements TaskHandler interface. The name of the task handler should be chosen from the drop down list. (This list is formed from all the classes names that implement TaskHandler interface and placed in .jar files, that are enumerated in common_settings.properties file in wfe.bots.jar.filename property value). The configuration is a text file with the task handler parameters set for the particular task.

An example of System Setup

The same setup is used in the demo configuration.


Enter the system as Administrator. (By default the password at initial install is “wf”.)


On the page corresponding to the “Executors” menu item create the following groups:

  • manager
  • human resource
  • bookkeeper
  • staff
  • all

Create the following actors:

  • julius
  • nero
  • cleopatra
  • octavia
  • tiberius
  • marcus
  • gaiua
  • attila
  • caligula

Set passwords for all demo logins – 123


The final configuration should look as follows.


WF-system Administrator guide ris8.png


Enter actors into the following groups:


Group Group Members
manager
  • julius
  • nero
human resource
  • cleopatra
  • octavia
bookkeeper
  • tiberius
  • caligula
staff
  • marcus
  • gaiua
  • attila
all
  • julius
  • nero
  • cleopatra
  • octavia
  • tiberius
  • caligula
  • marcus
  • gaiua
  • attila


For the group “all” you should get the following:

WF-system Administrator guide ris9.png

On the page of the “System” menu item give the login permission to the group “all”.


WF-system Administrator guide ris10.png


Give the members of the “all” group a “Read” permission and a “List Group” permission on the “staff”, “manager”, “human resource” and “bookkeeper” groups.


Give the members of the “all” group a “Read” permission on every actor.

An example for actor “julius”:


WF-system Administrator guide ris11.png


WF-system Administrator guide ris12.png

On the page of the “Process Definitions” menu item load test business processes on the system engine. Files:

  • Hello World.par
  • TimerDemo.par
  • Report.par
  • Overtime Work.par
  • Vacation.par
  • Businesstrip.par

Open the properties of “Hello World”, “TimerDemo”, “Vacation” processes and give the members of the “all” group the following permissions on these processes: “Read”, “Read Instance” and “Start Process”. For the “Report”, “Overtime Work”, “Businesstrip” processes, give the “Read” and “Read Instance” permissions to the group “all” and the “Start Process” permission to “manager”.

Example: Permissions on the “TimerDemo” process:


WF-system Administrator guide ris13.png


WF-system Administrator guide ris14.png


The configuration is ready for work.

Retrieved from "https://runawfe.org/index.php?title=WF-system_Administrator_guide&oldid=65"