Permission Descriptions for Users and Groups

Understand how each permission affects access for ProcessMaker users and groups.

Overview

In ProcessMaker, a permission allows a ProcessMaker user or group member to view a type of information or perform an action in ProcessMaker. Below are some examples of ProcessMaker permissions:

  • Start Requests

  • View the list of Processes

  • Edit Processes

  • Edit ProcessMaker Screens

  • Create Environment Variables

  • View Task Assignments through the ProcessMaker REST API

Permissions are organized into categories, such as for Processes, Requests, and Screens.

Assign Permissions to Users and Groups

While permissions apply to ProcessMaker users, those permissions can be assigned from a ProcessMaker user account or a ProcessMaker group:

  • User-level permissions: Permissions can be assigned to a ProcessMaker user account. These permission assignments only apply to that user account. From user-level permissions, you can assign Administrator-level permissions or all permissions to a ProcessMaker user account. Instead of assigning individual permissions to a ProcessMaker user account, the following options are also available:

    • Super Admin: Assign the Make this user a Super Admin option to grant unrestricted access to the entire ProcessMaker instance. In doing so, ProcessMaker does not check permissions for ProcessMaker user accounts with this setting selected, allowing such users to administer and install packages which might otherwise require permissions be granted to a ProcessMaker user account to perform.

    • All permissions: Assign the Assign all permissions to this user option to assign all permissions to that ProcessMaker user account.

    See Edit a User Account.

  • Group-level permissions: Permissions can be assigned to a ProcessMaker group. A group assigns the same permissions to all ProcessMaker user account members. Using ProcessMaker groups makes it easy to manage permissions for multiple ProcessMaker user accounts with identical permission assignments. From group-level permissions, you can assign all permissions to a ProcessMaker group. See Edit a Group.

User and Group Permissions are Cumulative

User-level and group-level permission assignments are cumulative. This means that a ProcessMaker user account has all the group-level permission assignments from all its group memberships, but also has the flexibility of permission assignments that apply only to that ProcessMaker user account. For example, a ProcessMaker user account might be a member of a group whereby its members can view the list of all Processes. However, a ProcessMaker Administrator can assign the permission to edit Processes to only the one ProcessMaker user account.

Best Practice to Assign Permissions

ProcessMaker recommends creating ProcessMaker groups based on how you define ProcessMaker usage roles in your organization. Based on usage roles you define, assign permissions to ProcessMaker groups so that all group members have the same permission set. Below is an example how you might create groups to assign permissions:

Permission Descriptions

Permissions are organized into categories. Permissions are described below by category and how each permission affects ProcessMaker functionality. These permissions function identically in ProcessMaker user accounts and groups.

Auth Clients

The Auth Clients category contains the following permissions:

Select the View Auth Clients permission to use any of the other permissions in this category.

Categories

The Categories category contains the following permissions:

Select the View Categories permission to use any of the other permissions in this category.

Collections

The Collections package must be installed in your ProcessMaker instance for the Collections category of permissions to display. The Collections package is not available in the ProcessMaker open-source edition. Contact ProcessMaker Sales or ask your ProcessMaker sales representative how the Collections package can be installed in your ProcessMaker instance.

The Collections category contains the following permissions:

  • View Collections: View the table of Collections on the Collections page. See LINK.

  • Create Categories: Create a Collection from the Collections page. Selecting this permission also selects the Edit Collections permission. See LINK.

  • Edit Collections: Edit a Collection from the Collections page. See LINK.

  • Delete Collections: Delete a Collection from the Collections page. See LINK.

Select the View Collections permission to use any of the other permissions in this category.

Comments

The Comments category contains the following permissions:

  • View Comments: View comments on a Request information page. See LINK.

  • Create Comments: Create a comment from a Request information page. Selecting this permission also selects the Edit Comments permission. See LINK.

  • Edit Comments: Edit a comment from a Request information page. See LINK.

  • Delete Comments: Delete a comment from a Request information page. See LINK.

Select the View Comments permission to use any of the other permissions in this category.

Environment Variables

The Environment Variables category contains the following permissions:

  • View Environment Variables: View the table of Environment Variables on the Environment Variables page. See View All Environment Variables.

  • Create Environment Variables: Create an Environment Variable from the Environment Variables page. Selecting this permission also selects the Edit Environment Variables permission. See Create a New Environment Variable.

  • Edit Environment Variables: Edit an Environment Variable from the Environment Variables page. See Edit an Environmental Variable.

  • Delete Environment Variables: Delete an Environment Variable from the Environment Variables page. See Delete an Environment Variable.

Select the View Environment Variables permission to use any of the other permissions in this category.

Files (API)

The Files (API) category contains the following permissions:

  • View Files: Returns the list of files associated to an API request. See "Files > Get" endpoint in the ProcessMaker REST API.

  • Create Files: Saves a new file specified in an API request. Selecting this permission also selects the Edit Files permission. See "Files > Post" endpoint in the ProcessMaker REST API.

  • Edit Files: Update a file specified in an API request. See "Files > Update" endpoint in the ProcessMaker REST API.

  • Delete Files: Deletes a specified file in an API request. See "Files > Delete" endpoint in the ProcessMaker REST API.

Groups

The Groups category contains the following permissions:

  • View Groups: View the table of ProcessMaker groups on the Groups page. See View All Groups.

  • Create Groups: View a ProcessMaker group from the Groups page. Selecting this permission also selects the Edit Groups permission. See Create a New Group.

  • Edit Groups: Edit a ProcessMaker group from the Groups page. See Edit a Group.

  • Delete Groups: Delete a ProcessMaker group from the Groups page. See Delete a Group.

Select the View Groups permission to use any of the other permissions in this category.

Notifications (API)

The Notifications (API) category contains the following permissions:

  • View Notifications: Returns all notifications to which the user has access. See "Notifications > Get" endpoint in the ProcessMaker REST API.

  • Create Notifications: Save a new notification through an API request. Selecting this permission also selects the Edit Notifications permission. See "Notifications > Post" endpoint in the ProcessMaker REST API.

  • Edit Notifications: Updates a notification through an API request. See "Notifications > Update" endpoint in the ProcessMaker REST API.

  • Delete Notifications: Deletes a specified notification through an API request. See "Notifications > Delete" endpoint in the ProcessMaker REST API.

Processes

The Processes category contains the following permissions:

Select the View Processes permission to use any of the other permissions in this category.

Requests

The Requests category contains the following permission:

Screens

The Screens category contains the following permissions:

  • View Screens: View the table of ProcessMaker Screens on the Screens page. See View All Screens.

  • Create Screens: Create a ProcessMaker Screen from the Screens page. Selecting this permission also selects the Edit Screens permission. See Create a New Screen.

  • Edit Screens: Edit a ProcessMaker Screen and/or its configuration from the Screens page. See Edit a Screen and Edit Screen Configuration.

  • Delete Screens: Delete a ProcessMaker Screen from the Screens page. See Delete a Screen.

  • Import Screens: Import a ProcessMaker Screen from the Screens page. See Import a Screen.

  • Export Screens: Export a ProcessMaker Screen from the Screens page. See Export a Screen.

Select the View Screens permission to use any of the other permissions in this category.

Scripts

The Scripts category contains the following permissions:

  • View Scripts: View the table of ProcessMaker Scripts on the Scripts page. See View All Scripts.

  • Create Scripts: Create a ProcessMaker Script from the Scripts page. Selecting this permission also selects the Edit Scripts permission. See Create a New Script.

  • Edit Scripts: Edit a ProcessMaker Script and/or its configuration from the Scripts page. See Edit a Script and Edit Script Configuration.

  • Delete Scripts: Delete a ProcessMaker Script from the Scripts page. See Delete a Script.

Select the View Scripts permission to use any of the other permissions in this category.

Task Assignments (API)

The Task Assignments (API) category contains the following permissions:

  • View Task Assignments: Returns all assignments assigned to the user.

  • Create Task Assignments: Saves a new task assignment to a specified user in an API request. Selecting this permission also selects the Edit Task Assignments permission.

  • Edit Task Assignments: Updates a task assignment through an API request.

  • Delete Task Assignments: Deletes a specified task assignment through an API request.

Users

The Users category contains the following permissions:

  • View Users: View the table of ProcessMaker user accounts on the Users page. See View All Users Accounts.

  • Create Users: Create a ProcessMaker user account from the Users page. Selecting this permission also selects the Edit Users permission. See Create a New User Account.

  • Edit Users: Edit a ProcessMaker user account from the Users page. See Edit a User Account.

  • Delete Users: Delete a ProcessMaker user account from the Users page. See Delete a User Account.

Select the View Users permission to use any of the other permissions in this category.

Vocabularies

The Vocabularies package must be installed in your ProcessMaker instance for the Vocabularies category of permissions to display. The Vocabularies package is not available in the ProcessMaker open-source edition. Contact ProcessMaker Sales or ask your ProcessMaker sales representative how the Vocabularies package can be installed in your ProcessMaker instance.

The Vocabularies category contains the following permissions:

  • View Vocabularies: View the table of ProcessMaker Vocabularies on the Vocabularies page. See View All Vocabularies.

  • Create Vocabularies: Create a ProcessMaker Vocabulary from the Vocabularies page. Selecting this permission also selects the Edit Vocabularies permission. See Create a New Vocabulary.

  • Edit Vocabularies: Edit a ProcessMaker Vocabulary from the Vocabularies page. See Edit a Vocabulary.

  • Delete Vocabularies: Delete a ProcessMaker Vocabulary from the Vocabularies page. See Delete a Vocabulary.

Select the View Vocabularies permission to use any of the other permissions in this category.

Related Topics