Access control in business process and human task applications

IBM BPM, V8.0.1, All platforms > Securing IBM BPM and applications > Get started with security > Understanding elements of application security > Access control
Access control in business process and human task applications

Business Process Choreographer, which is installed as part of the IBM BPM installation, uses roles to determine the capabilities of the user on a production system.
The Business Process Choreographer roles are shown in Table 1.

Roles and default permissions
Roles Default permission If s
System Administrator User names, group names, or both, entered during configuration Has access to all business processes and all operations.
System Monitor All authenticated users Has access to read operations.
JMSAPIUser User name entered during configuration All Business Process Choreographer JMS APIs are run on behalf of this single user ID.
EscalationUser User name entered during configuration Used by the human task manager to process asynchronous API calls.
AdminJobUser User name entered during configuration
The user supplied must be a member of the Business Process Choreographer System Administrator role.
Administrative jobs (for example, the cleanup service or business process instance migration) are run on behalf of this single user ID.

The WebClientUser role, which is associated with the Bpcexlorer.ear file, can access the Business Process Choreographer Explorer. The default permission for this role is All Authenticated.

Access control

Related information:
Authorization roles for business processes
Authorization roles for human tasks

Roles	Default permission	If s
System Administrator	User names, group names, or both, entered during configuration	Has access to all business processes and all operations.
System Monitor	All authenticated users	Has access to read operations.
JMSAPIUser	User name entered during configuration	All Business Process Choreographer JMS APIs are run on behalf of this single user ID.
EscalationUser	User name entered during configuration	Used by the human task manager to process asynchronous API calls.
AdminJobUser	User name entered during configuration The user supplied must be a member of the Business Process Choreographer System Administrator role.	Administrative jobs (for example, the cleanup service or business process instance migration) are run on behalf of this single user ID.