System and method for providing complex access control in workflows
First Claim
1. A system for providing complex access control in workflows, comprising:
- a computer, including one or more microprocessors;
a workflow process, executing on the computer, which includes a plurality of tasks, wherein each task includes a plurality of task contents, and is associated with a plurality of task actions to be performed on each of the plurality of task contents;
a workflow manager that includes a graphical user interface, wherein the graphical user interface enables displaying a first configurable matrix for controlling access to a plurality of task contents for the particular task, and a second configurable matrix for controlling access to the plurality of task actions for the particular task,wherein each of the first configurable matrix and the second configurable matrix includes one or more logical roles and one or more application roles,wherein each logical role defines a responsibility of a particular user for the particular task, and is selected from the group consisting of a creator, an assignee, an owner, a reviewer, and an approver,wherein each application role defines a responsibility of one or more users within an enterprise environment, andwherein the graphical user interface further enables displaying each member in each of the one or more logical roles, and each member in each of the one or more application roles in both the first configurable matrix and the second configurable matrix;
wherein the work flow manager is configured toreceive a state of the particular task in real-time during execution of the particular task from an external source using a service configured for the graphical user interface,determine, based on the state of the particular task, that one or more task contents in the first configurable matrix and one or more task actions in the second configurable matrix are not selectable,receive one or more selections of task contents in the first configurable matrix, and one or more selections of task actions in the second configurable matrix, wherein each of the selections corresponds to a logical role or an application role, andcontrol access to the particular task based on the selections of task contents and task actions.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for providing complex access control in workflows. The system comprises a computer, including a computer readable storage medium and processor operating thereon. The system also comprises at least one business process which includes a plurality of tasks. Each task is associated with a task state which changes during execution of the task. The system further comprises a plurality of logical roles. Each logical role defines a responsibility based on the task state and a member of that logical role. Additionally, the system comprises a configurable matrix of access controls that is used to control access to the plurality of tasks based on the plurality of logical roles.
133 Citations
20 Claims
-
1. A system for providing complex access control in workflows, comprising:
-
a computer, including one or more microprocessors; a workflow process, executing on the computer, which includes a plurality of tasks, wherein each task includes a plurality of task contents, and is associated with a plurality of task actions to be performed on each of the plurality of task contents; a workflow manager that includes a graphical user interface, wherein the graphical user interface enables displaying a first configurable matrix for controlling access to a plurality of task contents for the particular task, and a second configurable matrix for controlling access to the plurality of task actions for the particular task, wherein each of the first configurable matrix and the second configurable matrix includes one or more logical roles and one or more application roles, wherein each logical role defines a responsibility of a particular user for the particular task, and is selected from the group consisting of a creator, an assignee, an owner, a reviewer, and an approver, wherein each application role defines a responsibility of one or more users within an enterprise environment, and wherein the graphical user interface further enables displaying each member in each of the one or more logical roles, and each member in each of the one or more application roles in both the first configurable matrix and the second configurable matrix; wherein the work flow manager is configured to receive a state of the particular task in real-time during execution of the particular task from an external source using a service configured for the graphical user interface, determine, based on the state of the particular task, that one or more task contents in the first configurable matrix and one or more task actions in the second configurable matrix are not selectable, receive one or more selections of task contents in the first configurable matrix, and one or more selections of task actions in the second configurable matrix, wherein each of the selections corresponds to a logical role or an application role, and control access to the particular task based on the selections of task contents and task actions. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for providing complex access control in workflows, comprising:
-
providing, on a computer including one or more microprocessors, a workflow process which includes a plurality of tasks, wherein each task includes a plurality of task contents, and is associated with a plurality of task actions to be performed on each of the plurality of task contents; displaying, in a graphical user interface of a workflow manager, a first configurable matrix for controlling access to a plurality of task contents for the particular task, and a second configurable matrix for controlling access to the plurality of task actions for the particular task, wherein each of the first configurable matrix and the second configurable matrix includes one or more logical roles and one or more application roles, wherein each logical role defines a responsibility of a particular user for the particular task, and is selected from the group consisting of a creator, an assignee, an owner, a reviewer, and an approver, wherein each application role defines a responsibility of one or more users within an enterprise environment, and wherein the graphical user interface further enables displaying each member in each of the one or more logical roles, and each member in each of the one or more application roles in both the first configurable matrix and the second configurable matrix; receiving, at the workflow manager, a state of the particular task in real-time during execution of the particular task from an external source using a service configured for the graphical user interface, determining, based on the state of the particular task, that one or more task contents in the first configurable matrix and one or more task actions in the second configurable matrix are not selectable, receiving one or more selections of task contents in the first configurable matrix, and one or more selections of task actions in the second configurable matrix, wherein each of the selections corresponds to a logical role or an application role; and performing, via the workflow manager, control access to the particular task based on the selections of task contents and task actions. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium, including instructions stored thereon which when read and executed by a computer cause the computer to perform the steps comprising:
-
executing, on a computer including one or more microprocessors, a workflow process which includes a plurality of tasks, wherein each task includes a plurality of task contents, and is associated with a plurality of task actions to be performed on each of the plurality of task contents; displaying, in a graphical user interface of a workflow manager, a first configurable matrix for controlling access to a plurality of task contents for the particular task, and a second configurable matrix for controlling access to the plurality of task actions for the particular task, wherein each of the first configurable matrix and the second configurable matrix includes one or more logical roles and one or more application roles, wherein each logical role defines a responsibility of a particular user for the particular task, and is selected from the group consisting of a creator, an assignee, an owner, a reviewer, and an approver, wherein each application role defines a responsibility of one or more users within an enterprise environment, and wherein the graphical user interface further enables displaying each member in each of the one or more logical roles, and each member in each of the one or more application roles in both the first configurable matrix and the second configurable matrix; receiving, at the workflow manager, a state of the particular task in real-time during execution of the particular task from an external source using a service configured for the graphical user interface, determining, based on the state of the particular task, that one or more task contents in the first configurable matrix and one or more task actions in the second configurable matrix are not selectable, receiving one or more selections of task contents in the first configurable matrix, and one or more selections of task actions in the second configurable matrix, wherein each of the selections corresponds to a logical role or an application role; and performing, via the workflow manager, control access to the particular task based on the selections of task contents and task actions. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification