This option allows you to control access to different areas of your processes during execution, ensuring that the right people have the necessary privileges while preventing unauthorized actions.
Bizagi offers a Security Module that lets you define a schema of permissions on specific elements.
Security module has two main tabs:
•Authorization
•Authentication
Authorization
The Authorization component controls access to all pages in the Work Portal. These permissions and restrictions are defined by roles and user groups specified in the Organization component. Furthermore, the Security Settings Report feature within the Authorization component allows you to clearly and efficiently view configured permissions and authorizations within the platform.
You can configure the following options using the Authorization tab. For more information about how to configure them, refer to Authorization.
MENU |
DESCRIPTION |
|---|---|
Analysis
|
Allows or denies access to specific Process information in the various Process Analysis Tools. If access is denied for a specific Process, you can access the Reports menu, but cannot view that Process in the Business Activities Monitoring BAM, Sensors Analytics and Process and Task Analytics. |
Applications |
Allows or denies access to applications. These permissions are granted for each application individually. If permission is denied for a specific application, you cannot be able to create new cases of any processes that belong to that restricted application; nor can you view cases related to such processes in your Inbox. You can still be assigned to tasks of a Process that belongs to a restricted application, despite not having access rights to the application. For this reason, take care when implementing this restriction. |
Entities |
Allows or denies administration privileges for Parameter entities in the Work Portal. These permissions are granted for each entity individually. The administration privileges that can be set are: •Full Control: Permits total administration of an entity. If allowed, you can create new records of the specified entity as well as view and modify existing entities. •View Data: If allowed, you can view records of the entity only. Changes to data will not be permitted. •Modify: If allowed, you can view and modify the records of the entity, but not create new records. •Create: If allowed, you can create new records for the entity, but not modify existing records. |
Manage |
Allows or denies management of Alarms, Asynchronous Work Items, Cases, Default Users and Profiles. |
New Cases |
Allows or denies creation of new cases. These permissions are granted for each process individually. If permission is denied for a specific Process, you will not be able to create new cases of that Process; however, you may still be assigned to activities belonging to such a restricted process. |
Pages |
Controls access to the menu and submenus pages of the Work Portal. These permissions are granted for each page individually. IMPORTANT: In the Analysis menu, the permissions applied to All Reports cascade down to all sub-menus. This means that if access is denied in All Reports you will not be able to access any of its features or lower level directories (sub-menus). |
Policies |
Allows or denies access to policies. These permissions are granted for each policy individually. If access is denied for a specific policy, the restricted policy will not be visible in the Business Policies menu of the Work Portal; consequently, you will not be able to gain access to it. |
Queries |
Allows or denies access to case queries. These permissions are granted for each query individually. If access is denied for a specific query, the related form of the restricted query are not visible in the Queries menu of the Work Portal. |
Personas |
Allows or denies administration privileges for Persona entities in the Work Portal. These permissions are granted for each entity individually. The administration privileges that can be set are: •Full Control: Permits total administration of an entity. If allowed, you can create new records of the specified entity as well as view and modify existing entities. •View Data: If allowed, you can view records of the entity only. Changes to data will not be permitted. •Modify: If allowed, you can view and modify the records of the entity, but not create new records. •Create: If allowed, you can create new records for the entity, but not modify the existing records. |
Vocabularies |
Allows or denies administration privileges for global, application, or process vocabularies. The administration privileges that can be set are: •Full Control: Permits total administration of global, application, or process vocabularies; that is, if allowed, you will be able to create new global or process vocabularies, as well as view and modify existing ones. •View Data: If allowed, you will be able to view global, application, or process only. Changes to them will not be permitted. •Modify: If allowed, you will be able to view and modify global, application, or process vocabularies, but not to create new ones. |
To grant or restrict access to any menu, expand and select an element from the list. Then, click Add condition.
You can add a user group, a user role or a Persona. According to your choose, the available values are loaded in the Select one or more assignment group.
Once a group is selected, click Allow or Deny to configure the group's access.
Security Settings Report
The Security Settings Report feature allows users within the Management Console (MC) to clearly and efficiently view configured permissions and authorizations within the platform. This functionality provides transparency, improves efficiency, and enhances security by enabling administrators to manage permissions effectively and audit access comprehensively.
Permissions Overview
Permissions define what actions users, groups, or roles are allowed to perform within the system. They ensure secure access by granting or restricting functionalities based on predefined rules.
1.Permissions for User Groups: Useful for understanding collective access rights granted to teams or departments.
2.Permissions for Roles: Roles often represent functional responsibilities, such as "Admon Viewer," "App Editor," or "BA Business Administrator," and their permissions determine access to corresponding system areas.
3.Permissions for Individuals: Helps identify custom permissions that may not align with group or role-based assignments, ensuring no unnecessary privileges are provided.
Download Authorization Report
To download the authorization report click on the Download Authorization Report button.
A CSV (Comma-Separated Values) file containing the full report of permissions and authorizations will be downloaded.
This implementation enhances the management and auditing capabilities of the MC, ensuring users have access to actionable insights into their system’s security configuration by offering a clear and detailed view of authorizations, streamlining the process for administrators to manage permissions, and facilitating the identification of critical permissions while supporting access auditing
Report Details
The downloaded CSV report provides a detailed overview of assigned permissions, enabling efficient analysis and auditing of access rights across the system. The report includes the following fields:
•Object Type: The type of object the permission is applied to (e.g., Entity, ProcessClass, Vocabulary).
•Object Display Name: The display name of the object.
•Path MC: The navigation path within the MC’s authorization section.
•User Set: The type of user or user group assigned the authorization.
•User Set Display Name: The display name of the user or user group assigned the authorization.
•Permission Type: The type of permission assigned.
•Status: The permission status, either Allow or Deny.
This is an example of how the CSV report looks like:
Keep in mind that all permissions in Bizagi are allowed by default.. This report only includes information modified by the user. If a permission is not listed it is understood to be allowed by default.
Authentication
The Authentication component manages and validates user access to the Work Portal. Bizagi offers several types of authentication to support your business requirements.
The following Authentication types are available:
•Bizagi Authentication
•LDAP Authentication
•OAuth2 Authentication
•SAML 2.0 Authentication
•Multiple Authentication
|
When configuring Multiple Authentication from Management Console, it is mandatory to configure at least one Authenticator. |
To configure the Authentication type, start the Maintenance Window.
Last Updated 5/9/2025 5:46:36 PM