8.5 Navigation Access Permissions

The Navigation Access Permissions page allows you to set the access permissions for some of the navigation items within the User Application. It allows you to control access to three of the main header tabs with the application: Roles and Resources tab, Identity Self-Service tab, and Work Dashboard tab. In addition, it allows you to define permissions for lower-level navigation items within the Provisioning and Security, Roles and Resources, and Work Dashboard areas of the application.

NOTE:The Compliance and Administration tabs cannot be configured through the Navigation Access Permissions page. The Compliance tab is only visible to Compliance Administrators, and the Administration tab is only visible to Security Administrators, Domain Administrators (such as the Role Domain Administrator and Resource Domain Administrator), and Configuration Administrators.

To define navigation access permissions:

  1. Select Navigation Access Permissions on the RBPM Provisioning & Security tab.

    The Navigation Access Permissions page displays.

  2. Click on the Name drop-down list to see the navigation items for which you can define permissions:

    The navigation areas appear in bold. Within each area, you can see the items.

  3. Select the navigation item for which you want to define permissions.

  4. Select one or more trustees for the navigation item. When a trustee logs on to the User Application, the navigation item is displayed. Otherwise, the navigation item is hidden. You can add users, groups, roles, and containers as trustees.

    Each navigation item has a set of default trustees that is suitable for the services that can be accessed through the navigation item.

    Make a Process Request By default, the Make a Process Request navigation item is shown on the Work Dashboard. To hide the Make a Process Request item, remove all trustees for this item. If you remove all trustees, only Configuration Administrators will be able to see the item. To show the Make a Process Request item on the Work Dashboard again, select Make a Process Request and choose the users, groups, roles, or containers that you want to be able to access the item.

  5. To make the currently selected navigation item the default for the navigation area, select Check to make this the default navigation item for selected area.

    The Check to make this the default navigation item for selected area control is not available for navigation items within the Work Dashboard area.

  6. Click Save.

    If you add a user as a trustee for a navigation item, and this user is a member of a container that was previously added as a trustee, this user will have access to the navigation item, but will not be added to the list of trustees.

NOTE:If a user does not have access to the default tab (or to the default menu item within a navigation area), the User Application will attempt to display a tab (or menu item) for which the user has authorization. If the user has not been given authorization for any tab or menu item, the default page will display. If the user is not authorized for the default page, or if the user goes directly to an unauthorized bookmark, an error message is displayed indicating that the user does not have the proper authorization.

If the user has been authorized to access a tab, but nothing under the tab, the page will still show and an error message will be displayed indicating that the user does not have the proper authorization. Conversely, if the tab has not been authorized, the tab will not show. However, if the user is authorized to access menu items under the tab, the user will be able to access these menu items by using bookmarks.

Proxy Mode When a user is in proxy mode, the navigation access permissions for menu items on the Dashboard will show the proxied user's permissions, not the permissions for the logged in user. For all other navigation, the menu items will be controlled by the permissions set for the logged in user. The Manage control (for selecting a user, group, role, or container) is not available in proxy mode, even if a user is proxying for a user that is a Domain Administrator or Domain Manager.