Authorization
Authorization in A8Flow allows you to configure and manage user access to various resources, including data, process instances, and tasks. This feature ensures that only authorized users or groups can interact with specific elements within the platform.
Authorization assigns a set of permissions to an identity (user or group) for interacting with a given resource. To set up Authorization, navigate to Administration > Directory > Authorization.
Authorization Screen
The Authorization page lists all available Resources offered by A8Flow on the left panel. Select a resource to see the list of existing Authorization Rules associated with that resource.
Each rule defines access permissions for a specific user or group.
- (Authorization) Type: Shows the type of Authorization (Allow, Deny, or Global) available for the Member (User or Group).
- Member: Identifies the User or Group (also known as Identity).
- Permissions: Shows the resource-specific permissions available for the Member.
- Resource (ID): Shows the specific Resource ID(s) affected by the rule for the Member.
Creating A New Authorization Rule
To add a new authorization rule for a resource:
- Click on the specific resource from the Resource list.
- Then click the
CREATE
button at the top-right of the page.
The following "CREATE RULE" window will pop-up.
- Select the specifics (Type, Member, and Permission) and fill in the Resource (ID).
- Click on
CREATE
to confirm the rule.
(Authorization) Type
The Authorization Type overrides the settings of the other fields. For example, if an identity's type is set to "Deny", yet the Permission is set to "All", the identity will still be denied access to read, update, etc.
Type | Description |
---|---|
Allow | Grants access. |
Deny | Denies access. |
Global | Sets predefined access settings. |
Member
Select between a User or a Group. On selecting, all the respective Users or Groups will be listed. Select one from it.
Icon | Description |
---|---|
An individual is represented by a "single" profile icon. | |
A group is represented by a "double" profile icon. |
Permissions
Permissions define the way an identity is allowed to interact with the specific resources. Here is a list of all the available permissions corresponding to their respective resources:
RESOURCE (GENERAL PERMISSION) | READ | UPDATE | CREATE | DELETE | ACCESS |
---|---|---|---|---|---|
A8Data | ✔ | ✔ | - | ✔ | - |
App | ✔ | - | - | - | |
A8Astro | ✔ | ✔ | ✔ | ✔ | - |
A8Astro Connection | ✔ | ✔ | ✔ | ✔ | - |
Authorization | ✔ | ✔ | ✔ | ✔ | - |
Batch | ✔ | ✔ | ✔ | ✔ | - |
A8Config | ✔ | ✔ | - | - | - |
Dashboard | ✔ | ✔ | ✔ | ✔ | - |
Decision Definition | ✔ | - | - | - | - |
Decision Requirements Definition | ✔ | - | - | - | - |
Deploment | ✔ | - | ✔ | ✔ | - |
Filter | ✔ | ✔ | - | ✔ | - |
Group | ✔ | ✔ | ✔ | ✔ | - |
Group Membership | - | - | ✔ | ✔ | - |
Mining | ✔ | - | - | - | - |
Mobile App Package | ✔ | - | ✔ | - | - |
Org | ✔ | ✔ | ✔ | ✔ | ✔ |
Process Definition | ✔ | ✔ | - | ✔ | - |
Process Instance | ✔ | ✔ | ✔ | ✔ | - |
Report | ✔ | ✔ | ✔ | ✔ | - |
Solo Session | ✔ | ✔ | - | - | - |
Task | ✔ | ✔ | ✔ | ✔ | - |
Tenant | ✔ | ✔ | ✔ | ✔ | - |
Tenant Membership | - | - | ✔ | ✔ | - |
User | ✔ | ✔ | ✔ | ✔ | - |
Variable Group | ✔ | ✔ | ✔ | ✔ | - |
Variable Group ACL | ✔ | ✔ | - | ✔ | - |
RESOURCE (TASK PERMISSION) | READ | UPDATE | ASSIGN | WORK | |
Process Definition | ✔ | ✔ | ✔ | ✔ | |
Task | - | - | ✔ | ✔ | |
RESOURCE (INSTANCE PERMISSION) | READ | UPDATE | CREATE | DELETE | MIGRATE |
Decision Definition | - | - | ✔ | - | - |
Process Definition | ✔ | ✔ | ✔ | ✔ | ✔ |
RESOURCE (HISTORY PERMISSION) | READ | DELETE | |||
Batch | ✔ | ✔ | |||
Decision Definition | ✔ | ✔ | |||
Org | ✔ | - | |||
Process Definition | ✔ | ✔ | |||
Process Instance | ✔ | - | |||
Solo Session | ✔ | - | |||
Task | ✔ | - |
NOTE: Selecting "ALL" ensures that the identity gets all the available permissions for the Resource regardless of what other permission (option) is selected.
Resource (ID)
Enter the specific IDs of the resources to which you want to enable access — or use the wildcard '*' to grant access to all resources.
Editing Or Deleting An Existing Authorization Rule
Edit: To edit an existing rule, click on the "edit icon" of the respective rule on the resource screen. Delete: To delete an existing authorization rule, click the "delete icon". And confirm in on the pop-up screen.
Resources
- A8Data - Manages access to the A8Data's resources.
- App - Manages access to Apps.
- A8Asro - Manages access to Astro's Schema and Table resources.
- A8Astro Connections - Manages access to the Astro resources.
- Authorization - Manages access to this Authorization feature.
- A8Config - Manages access to A8Config settings.
- Decision Definition - Manages access to (DMN) Process Definition API controls.
- Deployment - Manages the deployment resources. Note: When a User deploys an API, the User by default will have access to Read, Delete it.
- Filters - Manages access to task-screen filters. (Resource ID: Filter ID)
- Group - Manages access to the group-management. (Resource ID: Group Name)
- Group Membership - Access to managing the members of a group.
- Mobile App Packages - Manages access to mobile app packages.
- Org - Manages access to other smaller features of A8Flow. (Example: API Key)
- Process Instance - Manages access to the process instances. Note: When a task is assigned to a User, by default the User will have the respective Read, Update acess for that instance).
- Task - Manages access to the tasks. Note: when a task is assigened to a Users, by default the User will have the respective read, update access to it.
- User - Manages access to the user-management resources. (Resource ID: UserID)
- Variable Group - Access to managing the variables group resources.
- Variable Group ACL - Manages permission to specific veriables and versions. Note: Can create a group of variables and manage them together.