Configuring Access for Processes and Business Rules
You must ensure that users who are expected to run a process or business rule are granted the permissions they require. This includes not only permissions to access processes and business rules, but also permissions to access objects with which a process or a business rule interacts.
Who is the user who runs a process or a business rule?
Processes and business rules can be run indirectly, but there must always be a user account associated with the running of a process or a business rule.
- For a process specified by an integration, the user for that process and any business rule that it runs is the Run As user for the integration specified in Integrations
- For a process run as on-demand print job, the user for that process and the business rule that it runs is the user who is printing the label by using Print
A default role in Loftware designed to be assigned to Data Providers. role or its equivalent.
What are the basic permissions required?
At a minimum, the following permissions are required to use processes and run business rules. However, because processes and business rules may perform actions on other objects, additional permissions are typically required.
- To use a process, a user must have Read and Print permissions for Processes.
- If a business rule is associated with the process, then the user must also have Read and Print permission for Documents.
- To generate, view, and print status information about a job, a user must have Create, Read, and Print permissions for Jobs.
What other permissions are required?
If the process or the business rule performs actions on other objects, then the user who runs the process must have the necessary permissions to perform those actions on those objects. Most commonly, Read and Print permissions are required for folders containing objects such as label templates, layouts, and images.
Important: Access in Loftware Enterprise SP requires both role-based permissions Permissions that are assigned to a role and inherited by users who are members of a group to which that role is assigned or by users to whom the role is directly assigned. A user must have both a role-based permission and the corresponding object access permission to perform an action on an object. and object access permissions Permissions in Loftware associated with a specific object or with a folder that control what actions can be performed on that object or on objects within that folder. Each object has default permissions that can be overridden by exceptions for a specific group or user. A user must have both a role-based permission and the corresponding object access permission to perform an action on an object.. For a user to be able to perform an action on an object, the user must directly or indirectly be assigned a role that grants permission to perform that action on that type of object. Additionally, that particular object must either be in a folder that directly or indirectly grants the user access permission to perform that action on that type of object or else that particular object must directly or indirectly grant permission to the user to perform that action. There are several permissions that are only role-based or only object-based and do not require a corresponding permission. Examples include List permission for Folders and all permissions for Model Status (Auto Refresh), Tag Categories, and Devices.
For more information about configuring users and groups and about granting access to objects,