Skip to main content

Authorization

Authorization in A8Flow allows you to configure and manage user access to various resources, including data, process instances, and tasks. This feature ensures that only authorized users or groups can interact with specific elements within the platform.

Authorization assigns a set of permissions to an identity (user or group) for interacting with a given resource. To set up Authorization, navigate to Settings > Authorization.

Authorization

Authorization Screen

The Authorization page lists all available resources offered by A8Flow. Here, you can configure the following Authorization parameters for these resources:

Authorization

  • (Authorization) Type: Sets the type of Authorization (Allow, Deny, or Global) for the Member.
  • Member: Identifies the User or Group (Identity).
  • Permissions: Sets the resource-specific permissions for the Member.
  • Resource (ID): Enables the Resource's ID-specific Authorization.

(Authorization) Type

The Authorization Type overrides the settings of the other fields. For example, if an identity's type is set to "Deny", yet the Permission is set to "All", the identity will still be denied access to read, update, etc.

TypeDescription
AllowGrants access.
DenyDenies access.
GlobalSets predefined access settings.

Member

Select between a User or a Group. On selecting, all the respective Users or Groups will be listed. Select one from it.

Member Icons
IconDescription
AuthorizationAn individual is represented by a "single" profile icon.
AuthorizationA group is represented by a "double" profile icon.

Permissions

Permissions define the way an identity is allowed to interact with the specific resources. Here is a list of all the available permissions corresponding to their respective resources:

RESOURCE
(GENERAL PERMISSION)
READUPDATECREATEDELETEACCESS
A8Data--
App---
A8Astro-
A8Astro Connection-
Authorization-
Batch-
A8Config---
Dashboard-
Decision Definition----
Decision Requirements Definition----
Deploment--
Filter--
Group-
Group Membership---
Mining----
Mobile App Package---
Org
Process Definition--
Process Instance-
Report-
Solo Session---
Task-
Tenant-
Tenant Membership---
User-
Variable Group-
Variable Group ACL--
RESOURCE
(TASK PERMISSION)
READUPDATEASSIGNWORK
Process Definition
Task--
RESOURCE
(INSTANCE PERMISSION)
READUPDATECREATEDELETEMIGRATE
Decision Definition----
Process Definition
RESOURCE
(HISTORY PERMISSION)
READDELETE
Batch
Decision Definition
Org-
Process Definition
Process Instance-
Solo Session-
Task-

NOTE: Selecting "ALL" ensures that the identity gets all the available permissions for the Resource regardless of what other permission (option) is selected.

Resource (ID)

Enter the specific IDs of the resources to which you want to enable access — or use the wildcard "*" to grant access to all resources.


Resources

  • A8Data - Manages access to the A8Data's resources.
  • App - Manages access to Apps.
  • A8Asro - Manages access to Astro's Schema and Table resources.
  • A8Astro Connections - Manages access to the Astro resources.
  • Authorization - Manages access to this Authorization feature.
  • A8Config - Manages access to A8Config settings.
  • Decision Definition - Manages access to (DMN) Process Definition API controls.
  • Deployment - Manages the deployment resources. Note: When a User deploys an API, the User by default will have access to Read, Delete it.
  • Filters - Manages access to task-screen filters. (Resource ID: Filter ID)
  • Group - Manages access to the group-management. (Resource ID: Group Name)
  • Group Membership - Access to managing the members of a group.
  • Mobile App Packages - Manages access to mobile app packages.
  • Org - Manages access to other smaller features of A8Flow. (Example: API Key)
  • Process Instance - Manages access to the process instances. Note: When a task is assigned to a User, by default the User will have the respective Read, Update acess for that instance).
  • Task - Manages access to the tasks. Note: when a task is assigened to a Users, by default the User will have the respective read, update access to it.
  • User - Manages access to the user-management resources. (Resource ID: UserID)
  • Variable Group - Access to managing the variables group resources.
  • Variable Group ACL - Manages permission to specific veriables and versions. Note: Can create a group of variables and manage them together.

Creating A New Authorization Rule

To add a new authorization rule to a resource:

Authorization

  • Click on the specific resource from the Resource list.
  • Then click the CREATE button at the top-right of the page.

The following "CREATE RULE" window will pop-up.

Authorization

  • Select the specifics (Type, Member, and Permission) and fill in the Resource (ID).
  • Click on CREATE to confirm the rule.
Remember

Use "*" to enable access to all the collections within the resource.

Editing Or Deleting An Existing Authorization Rule

Authorization

Edit: To edit an existing rule, click on the "edit icon" of the respective rule on the resource screen. Delete: To delete an existing authorization rule, click the "delete icon". And confirm in on the pop-up screen.