Business Process Management and Access Control

« Submission Route Definition | Notice Function »

Business Process Management and Access Control

This manual is in pilot operation.

Overview

In various operations within the Business Process Management feature, only the data within the ledger cell range that can be written in forms included in the specified Submission Package form list is targeted for writing (data reflection) to the ledger ^[1].

The judgment of whether writing is possible is primarily applied based on Ledger Access Control functions and input restrictions set in the form. However, there are exceptions where these are not applied or are applied in a special manner, as detailed in the table below.

(✓: Applied, -: Not applied)

Access Restriction Function	Ledger Access Control Functions	Input Restrictions by Form
Various Operations in Business Process Management	Ledger Mask and Change Table	Access Permission Type	Open/Close Ledgers	Local Ledger Mask	Cell Protection ^[2]
1. Reflection process at the time of Reception and Reintake of Submission Package	✓	✓ ^[3]	✓ or - ^[4]	✓	✓
2. Data Publication to Shared Workspace Edition	✓	✓ ^[3]	✓ or - ^[4]	✓	✓
3. Data Intake from Shared Workspace Edition ^[5]	✓	✓ ^[3]	✓	✓	✓

Access Restriction Function

Ledger Access Control Functions

Input Restrictions by Form

Various Operations in Business Process Management

Ledger Mask and
Change Table

Access Permission Type

Open/Close Ledgers

Local Ledger Mask

Cell Protection ^[2]

1. Reflection process at the time of Reception and Reintake of Submission Package

✓

✓ ^[3]

✓ or - ^[4]

✓

2. Data Publication to Shared Workspace Edition

✓

✓ ^[3]

✓ or - ^[4]

✓

3. Data Intake from Shared Workspace Edition ^[5]

✓

✓ ^[3]

✓

Ledger Editions Used in Business Processes and Access Control

As mentioned in the explanation about Workspaces, ledger editions are created for each participant unit participating in a business process (please refer to "Ledger Edition for Business Processes"). To control access to these ledger editions, the area definition expression in Access Permission Types can include conditions related to the ledger editions. Here, we explain how to describe the area definition expression targeting typical access control needs when using business process features.

Enabling Access to Own Participant Unit’s Edition

Use the owner_label property of the Ledger Edition object and the @participant_label function.

  Editions!@CUR.owner_label = @participant_label

Element of Expression	Meaning
Editions!@CUR	The currently accessed ledger edition
Editions!@CUR.owner_label	Label of the participant unit that owns the ledger edition above
=	Tests if the values on both sides are equal
@participant_label	Label of the participant unit itself performing data read/write.

Element of Expression

Meaning

Editions!@CUR

The currently accessed ledger edition

Editions!@CUR.owner_label

Label of the participant unit that owns the ledger edition above

Tests if the values on both sides are equal

@participant_label

Label of the participant unit itself performing data read/write.

Enabling Access to Submission Packages Submitted or Approved by Own Participant Unit

Use the is_submission property of the Ledger Edition object.

  Editions!@CUR.is_submission

Translating the provided text while adhering to the glossaries:

Element of Expression	Meaning
Editions!@CUR	The currently accessed ledger edition
Editions!@CUR.is_submission	Returns True if the ledger edition represents a Submission Package, otherwise False

Element of Expression

Meaning

Editions!@CUR

The currently accessed ledger edition

Editions!@CUR.is_submission

Returns True if the ledger edition represents a Submission Package, otherwise False

Regarding Ledger Edition for Submission Packages, if it’s not a package submitted, received, or receivable by one’s own participant unit, the access request itself will result in an error, so the condition expression above merely checks whether the ledger edition is a Submission Package.

Enabling Access to Public Editions

Use the key property of the Ledger Edition object.

  Editions!@CUR.key = "PUBLIC"

Element of Expression	Meaning
Editions!@CUR	The currently accessed ledger edition
Editions!@CUR.key	The key of the ledger edition above
=	Tests if the values on both sides are equal
"PUBLIC"	The constant "PUBLIC"

Element of Expression

Meaning

Editions!@CUR

The currently accessed ledger edition

Editions!@CUR.key

The key of the ledger edition above

Tests if the values on both sides are equal

"PUBLIC"

The constant "PUBLIC"

Since the property "key" is optional, the condition expression above can also be written as follows:

  Editions!@CUR = "PUBLIC"

Describing Conditions for Typical Cases

In typical cases, access to the ledger edition is only possible if one of the above three conditions is met. In this case, the condition expression would be as follows:

  Editions!@CUR.owner_label = @participant_label OR
  Editions!@CUR.is_submission OR
  Editions!@CUR = "PUBLIC"

Moreover, for Finalizer Participant Units, it is usually necessary to grant additional access rights to the shared workspace edition, among others (such as when using the shared workspace as their workspace without assigning a private ledger edition to the Finalizer Participant Unit). In this case, the condition expression would be modified as follows:

  Editions!@CUR.owner_label = @participant_label OR
  Editions!@CUR.is_submission OR
  Editions!@CUR = "PUBLIC" OR
  Editions!@CUR = "WORKSPACE" ....

Of course, the condition expressions above can be combined with other expressions for use.