The first rule to remember about security access within EPX is that, by default, new users do not have any access to any object. In order for new users to access objects, either the access required must be explicitly granted for each object, or the user must be assigned to a group that already has the required access.
Access privileges on objects can be granted either directly to a user, or to the group containing that user. A user can be a member of one or more groups. A user’s total privileges are the union of its own privileges and the privileges of the groups of which the user is a member.
Another principle governing access within Design Console is the notion of ownership. If a user creates an object or links a data source, the user will also have access to that object that he or she has defined or created. Objects are owned by users who create them. The default administrative user, “system”, has all privileges on all objects.
In general, EPX security is very similar to the security model commonly encountered in commercial relational database systems such as Oracle. Every object within EPX has security parameters. The many objects include users, groups, roles, work items, process flows, subflows, personal subflows, remote subflows, BICs, DSN objects, scheduled events, databases, tables, views, procedures, triggers, indexes, columns, etc.
The set of operations that are applicable to these objects vary according to the object. Operations include:
Read – Allows a user to view an object in Design Console.
Write – Allows a user to make updates to an object in Design Console.
Create – Allows a user to create an object in Design Console for some folder in the Navigator pane.
Delete – Allows a user to delete an object in Design Console.
The Security tab associated with an EPX object editor allows you to assign (or revoke) access privileges to users and groups. You can also perform this association from the Security tab in the User or Group editor.
To allow a user to view an object in Design Console, you must set the user’s Read privilege for each of those objects.