Permission sets control access to specific Aegis features. You can use permission sets to allow or deny users the ability to perform particular actions at the global level, such as creating process workflows, or at the object level, such as modifying a specific process or providing input to a specific input form. Users and groups are not members of a particular permission set. Instead, you associate users and groups with permission sets at the global level, the object level, or both, by creating permission assignments. For more information about permission assignments, see Section 4.3, Managing Permission Assignments.
NOTE:When you update a permission set, the change filters down to all users and groups associated with it through permission assignments.
Aegis provides the following default permission sets, each of which is associated with a default Aegis group at the global level to determine product access. For more information about default groups, see Section 4.1.1, Default Groups.
User and group accounts associated with the Aegis Administration permission set can use the Configuration Console, the Workflow Designer, and the Operations Console. Aegis Administrators install, configure, manage, and maintain Aegis. Aegis Administrators may also be responsible for tasks not affected by permission sets, such as installing adapters for data sources and consulting with discipline experts.
User and group accounts associated with the Management permission set can enable developer functionality in the Workflow Designer and create, modify, and delete activity libraries.
User and group accounts associated with the All Denied permission set at the global level cannot log on to Aegis. User and group accounts associated with the All Denied permission set at the object level cannot view or modify a particular object, such as a process or a trigger.
User and group accounts associated with this permission set have minimal permissions so they can retrieve configuration information for Aegis services.
User and group accounts associated with the Process Authoring permission set can use the Configuration Console, the Workflow Designer, and the Operations Console. Process Authors create and maintain triggers and process workflows. They can also enable developer functionality in the Workflow Designer.
User and group accounts associated with the Process Operation permission set can use the Operations Console to manually trigger work items, monitor and supply input to active work items, and terminate work items. They can use the Configuration Console to view processes and workflow revisions.
User and group accounts associated with the Process Viewing permission set can use the Operations Console to view processes and associated work items, including activity details, related events, and supporting analysis.
If you create a new permission set for Process Authors, include the following minimum permissions:
Can Create/Delete Process
Can Modify Process
Can Modify Workflow Revision
Can View Process
Can View Workflow Revision
If you create a new permission set users that need access to the User Input Form, include the following minimum permissions:
Can View Process
Can View Workflow Revision
Can View Process Folder
Can Supply Input to Work Items
Can View Work Items
Can Log On to Aegis Web Console