Permissions for Users and Groups
Understand how each permission affects access for users and groups.
Overview
Permissions allow users or group members to access features or perform certain actions in ProcessMaker Platform. For example, a user with appropriate permissions can:
Start or Cancel Cases
View and Edit Processes
View and Edit Screens
Create Decision Tables
View Task Assignments through the RESTful API, and more
Permissions are divided into two broad categories:
Process Permissions | Platform Permissions |
---|---|
Defined though the Designer tab | Defined through the Admin tab |
Apply to each process individually | Apply to the overall features and assets |
Configured by process designers | Configured by administrators |
Can be assigned to users or groups | Can be assigned to users or groups |
Permissions Override Rules
Super Admin: A Super Admin has full Process-level as well as Platform-level permissions.
Projects: There are no permissions defined on a Project-level, and User/Group permissions do not propagate within Projects. As a result, when users are added to a Project, they automatically gain unrestricted design access to edit all assets within that project only.
Process Permissions
Process permissions are configured by process designers through the options available from the Designer tab. Key Process permissions are as follows:
Start a Case
Cancel a Case
View and Complete Tasks
Reassign Tasks
Edit Data
Assigning Process Permissions
Process permissions are configured by a designer when creating a process as follows:
Platform Permissions
Platform Permissions are configured by administrators using the options available through the Admin tab.
Assigning Platform Permissions
Platform Permissions can be granted at two levels:
User-level: From user-level permissions, you can assign some or all permissions to a specific user. Instead of assigning individual permissions to a user account, you can also use the following options:
Super Admin: Select the Make this user a Super Admin option to grant unrestricted access to the entire ProcessMaker Platform instance. With this setting enabled, ProcessMaker Platform does not check permissions for the user account.
All permissions: Select the Assign all permissions to this user option to assign all permissions to that user account. With this setting enabled, ProcessMaker Platform still checks for permissions and allows access to features as per the enabled permissions. See Edit a User Account.
Group-level: These permissions apply to all members of a group. This simplifies managing permissions for multiple user accounts with the same permission requirements. Use the Assign all permissions to this group to grant all permissions to members of the group. See Edit a Group.
Use the Super Admin permission carefully, as this grants the user unrestricted access to all features and assets in ProcessMaker Platform.
Best Practices
Create groups based on user roles in your organization, then assign permissions to these groups so all members share the same permission set. For example, participants, designers, or administrators, are role-based groups.
Combine role-based groups into larger groups for overlapping permissions. For example, executive leadership, department managers, etc.
Sample Permissions Model for Role-Based Groups
Participants | Designers | Administrators |
---|---|---|
Description of Platform Permissions
Permissions are organized into categories. Permissions are described below by category and how each permission affects ProcessMaker Platform functionality. These permissions function identically in user accounts and groups.
Last updated