IBM BPM, V8.0.1, All platforms > Administer the IT infrastructure > Manage IBM Process Servers > Modify the Process Admin Console settings and behavior

Restricting access to the Process Admin Console

You can restrict access to both default pages and pages that you add to the IBM BPM Process Admin Console.

If the Process Admin Console is open in a browser window or tab, close the window or tab.

To restrict access to pages that you add, be sure to select only those Participant Groups that contain the appropriate users when you add functions using services.

By default, only the internal tw_admins group has access to all pages of the Process Admin Console. For each page in the Process Admin Console, you can change the access restriction or grant access to additional users as described in the following procedure.


Procedure

  1. Open the INSTALL_ROOT\BPM\Lombardi\process-server\config\console.xml file in a text editor.
  2. Locate the item that corresponds to the page for which you want to change access restriction.

    For example, you may want to grant users in the internal tw_authors group access to the Process Monitor page. If so, you must find the following item: <item name="Process Monitor" link="cs_processmonitor/summary.lsw" codeType="JSP"><constraint type="role" value="tw_admins"/></item>

  3. Choose one of the following options for editing the constraints:
    Option Description
    Grant access to additional users Adding an additional constraint grants access to additional users.

    • Example: Add the following constraint: <constraint type="role" value="tw_authors"/>
    • Result: The item now has two constraints: <item name="Process Monitor" link="cs_processmonitor/summary.lsw" codeType="JSP"><constraint type="role" value="tw_admins"/><constraint type="role" value="tw_authors"/></item>

    Reduce access for existing users (if more than one constraint exists) Remove a constraint changes access restrictions for a particular page.

    • Example: Remove the tw_authors access from the constraint: <constraint type="role" value="tw_authors"/>
    • Result: The remaining constraint allows only the tw_admins to have access to the page: <item name="Process Monitor" link="cs_processmonitor/summary.lsw" codeType="JSP"><constraint type="role" value="tw_admins"/></item>

    Change the group of users who can access a page Changing the value changes the group of users who can access a page.

    • Example: Change the role value from tw_admins to tw_authors in the following example: <constraint type="role" value="tw_admins"/> to <constraint type="role" value="tw_authors"/>
    • Result: The constraints now give members of the internal tw_authors group to have exclusive access to the Task Cleanup page: <item name="Task Cleanup" link="cs_cleanup.lsw" codeType="JSP"><constraint type="role" value="tw_authors"/></item>

  4. Stop and restart the Process Server.


Results

Any user included in the internal tw_authors group should now be able to log in to the Process Admin Console and access the Process Monitor.

Modify the Process Admin Console settings and behavior