Instance-based authorization roles for work baskets and business categories

IBM BPM, V8.0.1, All platforms > Securing IBM BPM and applications > Security in human tasks and BPEL processes > Authorization roles for human tasks
Instance-based authorization roles for work baskets and business categories

A work basket instance or business category instance is not assigned directly to a person, instead it is associated with predefined roles to which people are assigned. Anyone that is assigned to an instance-based role can perform the actions for that role. The association of users to instance-based roles is determined by people assignment.
In addition, when a work basket is defined in Business Space, task roles can also be defined for the tasks that are assigned to the work basket.

Instance-based roles for work baskets

These roles are authorized to perform the following actions. There is no default people assignment for any of these roles.

Instance-based authorization roles for work baskets
Role Authorized actions
Reader Members of this role can view the work basket settings.
Opener Members of this role can open the work basket and view its tasks.
Distributor Members of this role can distribute tasks from this work basket to one of its defined distribution targets.
Transfer initiator Members of this role can transfer tasks out of the work basket.
Appender Members of this role can add tasks to the work basket.
In addition to these roles, you can define custom roles for work baskets in Business Space that can be leveraged by your enterprise applications.
The following task roles can also be specified for a work basket. These roles extend any roles that are defined for the tasks in IBM Integration Designer. All the tasks in the work basket inherit these roles.

Instance-based authorization roles for tasks in work baskets
Work basket role Extends this task role Authorized actions
Task reader Reader Members of this role can view the properties of the tasks in the work basket, but they cannot work on them.
Task editor Editor Members of this role can work with the content of a task, but cannot claim or complete it.
Task potential owner Potential owner Members of this role can claim a task. If a potential owner is specified, then all users are considered to be members of this role.
Task administrator Administrator Members of this role can administer the tasks in the work basket.

Instance-base role for business categories

This role is authorized to perform the following actions. There is no default people assignment for this role.

Instance-based authorization role for business categories
Role Authorized actions
Reader Members of this role can view the business category settings.

Authorization roles for human tasks

Role	Authorized actions
Reader	Members of this role can view the work basket settings.
Opener	Members of this role can open the work basket and view its tasks.
Distributor	Members of this role can distribute tasks from this work basket to one of its defined distribution targets.
Transfer initiator	Members of this role can transfer tasks out of the work basket.
Appender	Members of this role can add tasks to the work basket.

Work basket role	Extends this task role	Authorized actions
Task reader	Reader	Members of this role can view the properties of the tasks in the work basket, but they cannot work on them.
Task editor	Editor	Members of this role can work with the content of a task, but cannot claim or complete it.
Task potential owner	Potential owner	Members of this role can claim a task. If a potential owner is specified, then all users are considered to be members of this role.
Task administrator	Administrator	Members of this role can administer the tasks in the work basket.