cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

PaPM - processes and teams

former_member682090
Explorer

on ‎2020 May 21 11:41 AM

0 Kudos
1,601

Hello experts,

I'm working on a PaPM 3.0 SP06 and I created two process templates where I assigned the activity of the first process( transfer structure function) to a performer TEAM01 and the activity of the second process to a performer TEAM02.

The TEAM01 contains the user USER01 and TEAM02 contains the USER02.

The two users have the only role /NXI/P1_EXECUTION_USER_ALL.

I have deployed the two processes but I'm' not able to segregate the processes to the correct users: when I log with USER01 I'm able to see and run also the process assigned to the team TEAM02 and vice-versa.

What I'm doing wrong?

Thank you for any help.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (4)

Answers (4)

JustineAngeles
Product and Topic Expert
Product and Topic Expert
‎2020 May 22 10:54 AM

Hello

thank you for your message. Actually RUN button, Launch, and/or Launch in excel are all not dependent on performer/reviewer groups, if you can recall even in the modeling environment if you choose run, there is no limitation that is happening just because you are part of a team or group. it will only be limited when a role assigned to your user got set to have this limitation.

So to summarize:

Performer / Reviewer teams or groups were designed and offered as part of PaPM workflow, having said so it is relevant for workflow statuses like submit, approve, reject, complete buttons, but never for the example functionalities mentioned above.

if you want to limit the authorization of a user with respect to Run then what you will need to enhance is the Role assigned to it. i hope this helped.

regards,

Justine

Show replies
Show replies
former_member672444
Explorer
‎2020 Jun 09 7:26 PM
0 Kudos

Hi Nathaniel,

I was just planning to implement this note and check if an option is enabled to achieve the comments here.

2904880 - FS-PER Rel 3.0 SP09: Display authorization in My Activies - authorization check doesn't work

1. By design visibility of Process/activities in My Activities to a user is controlled only by assignment of that user to a team(user group) (no authorization check) in Manage Teams application(or Assignment of user to user group). During the deployment of the process if there was no performer/reviewer teams assigned such process/activities will be visible to a user who is assigned to atleast one user group.The superfluous authorization check appearing to display the list of activities is now removed to reflect the above.

2. Within the My activities application ,authorization check is only performed when a user for whom a process/activity is visible clicks on Run/Launch/Launch in Excel button wherein the system will check if the user has Execute(for Run) or Analyse(for Launch buttons) authorizations on that specific Environment ,version,function. Authorization check for Analyse was missing earlier ,this has been added now.

Regards,

Alejandro

Show replies
Show replies
JustineAngeles
Product and Topic Expert
Product and Topic Expert
‎2020 Jun 16 7:02 AM

Hi Alejandro,,

To avoid confusion let me separate dual control with visibility of activities.

if an activity has been assigned with Performer (Group P1 for example) and Reviewer (Group R1 for example)

Visibility : only users assigned to these groups can see the activity.

Dual Control : dual control will kick in and can be used to Submit, Approve, Reject since Performer and Reviewer got filled.

Accessibility : You can control the Run, Launch buttons through roles.

if an activity has been assigned with Performer (Group P1 for example) and blank Reviewer (No group assigned)

Visibility: everyone can see the activity since Reviewer is blank, and blank Performer/Reviewer means everyone will be able to see the activity as long as the user has one assigned Group, regardless of which group. For example even group ZPAPM users can see the activity for this matter.

Dual Control: Will not kick in as having blank Reviewer/Performer tags the system to not perform Dual control

Accessibility: You can control the Run, Launch buttons through roles.

if an activity has been assigned with blank Performer (No group assigned) and Reviewer (Group R1 for example)

almost same as with the bullet "if an activity has been assigned with Performer (Group P1 for example) and blank Reviewer (No group assigned)" -- only difference is that the Performer is blank and Reviewer has been populated with a group

if an activity has no assigned Performer and Reviewer

same as with the bullet "if an activity has been assigned with Performer (Group P1 for example) and blank Reviewer (No group assigned)" -- only difference is that both Performer/Reviwer are blank.

if an activity has the same Performer (Group P1 for example) and Reviewer (Group P1 for example)

Visibility : only users assigned to P1 can see the activity. no other groups can see it

Dual Control : dual control will kick in and can be used to Submit, Approve, Reject since Performer and Reviewer got filled. BUT it is not allowed for User A to do submit and also perform Approve or Reject just because he is part of P1 as reviewer too.

Accessibility : You can control the Run, Launch buttons through roles.

now to wrap up

  • Visibility and Dual Control mechanism were there since early SPs.
  • Accessibility can be implemented though the note you gave plus prerequisite notes if there are any >>> 2904880 - FS-PER Rel 3.0 SP09: Display authorization in My Activies - authorization check doesn't work

i hope this is clearer now.

regards,

Justine

former_member672444
Explorer
‎2020 Jun 16 11:35 PM
0 Kudos

Thank you very much Justine,

I implemented the indicated note I did the tests and it works as you describe

Regards,

Alejandro

former_member672444
Explorer
‎2020 May 26 6:22 PM
0 Kudos

Hello,

I did the same test as Stefano and even reviewed the roles but I can't see where it can be configured so that a user can only view and execute a process / activity. In the example shared by Stefano that the user "USER01" can only view a single process.

In role / NXI / P1_EXECUTION_USER_ALL I only see options to limit access to: environments, functions, type of functions, versions. I also see options to limit users to: view, run, edit, delete. But I don't see an option to limit access to a specific process or activity.

Stefano: Did you manage to limit the visualization and access to specific processes / activities through roles?

Please, if you did, I would be very grateful if you could share how you did.

Regards,

Alejandro

Show replies
Show replies
ulifei
Explorer
‎2020 Jun 09 6:39 AM
0 Kudos

That is exactly what i want to know also, should you get any feedback, please also let me know, thank you very much

NathSomera
Product and Topic Expert
Product and Topic Expert
‎2020 Jun 09 9:53 AM
0 Kudos

Hello

At the moment there is no option to limit visibility on a specific activity or process. As long as the user is assigned to a Team, he will be able to see all the processes and activity. As mentioned by Stefano, you can only limit access to the environment, functions and so on...

Hope it helps :) Thank you,
Nath
former_member682090
Explorer
‎2020 May 25 9:28 AM
0 Kudos

Thank you.

I'll work on the roles assigned to the users.

Regards,

Stefano

Show replies
Show replies
Ask a Question