Editions!@CUR.owner_label = @participant_label
Business Process Management and Access Control
This manual is in pilot operation.
|
Overview
In various operations within the Business Process Management feature, only the data within the ledger cell range that can be written in forms included in the specified Submission Package form list is targeted for writing (data reflection) to the ledger [1].
The judgment of whether writing is possible is primarily applied based on Ledger Access Control functions and input restrictions set in the form. However, there are exceptions where these are not applied or are applied in a special manner, as detailed in the table below.
(✓: Applied, -: Not applied)
Access Restriction Function | Ledger Access Control Functions | Input Restrictions by Form | |||
---|---|---|---|---|---|
Various Operations in Business Process Management |
Cell Protection [2] |
||||
1. Reflection process at the time of Reception and Reintake of Submission Package |
✓ |
✓ [3] |
✓ or - [4] |
✓ |
✓ |
✓ |
✓ [3] |
✓ or - [4] |
✓ |
✓ |
|
✓ |
✓ [3] |
✓ |
✓ |
✓ |
Ledger Editions Used in Business Processes and Access Control
As mentioned in the explanation about Workspaces, ledger editions are created for each participant unit participating in a business process (please refer to "Ledger Edition for Business Processes"). To control access to these ledger editions, the area definition expression in Access Permission Types can include conditions related to the ledger editions. Here, we explain how to describe the area definition expression targeting typical access control needs when using business process features.
Enabling Access to Own Participant Unit’s Edition
Use the owner_label property of the Ledger Edition object and the @participant_label function.
Element of Expression | Meaning |
---|---|
Editions!@CUR |
The currently accessed ledger edition |
Editions!@CUR.owner_label |
Label of the participant unit that owns the ledger edition above |
= |
Tests if the values on both sides are equal |
@participant_label |
Label of the participant unit itself performing data read/write. |
Enabling Access to Submission Packages Submitted or Approved by Own Participant Unit
Use the is_submission property of the Ledger Edition object.
Editions!@CUR.is_submission
Translating the provided text while adhering to the glossaries:
Element of Expression | Meaning |
---|---|
Editions!@CUR |
The currently accessed ledger edition |
Editions!@CUR.is_submission |
Returns True if the ledger edition represents a Submission Package, otherwise False |
Regarding Ledger Edition for Submission Packages, if it’s not a package submitted, received, or receivable by one’s own participant unit, the access request itself will result in an error, so the condition expression above merely checks whether the ledger edition is a Submission Package.
Enabling Access to Public Editions
Use the key property of the Ledger Edition object.
Editions!@CUR.key = "PUBLIC"
Element of Expression | Meaning |
---|---|
Editions!@CUR |
The currently accessed ledger edition |
Editions!@CUR.key |
The key of the ledger edition above |
= |
Tests if the values on both sides are equal |
"PUBLIC" |
The constant "PUBLIC" |
Since the property "key" is optional, the condition expression above can also be written as follows:
Editions!@CUR = "PUBLIC"
Describing Conditions for Typical Cases
In typical cases, access to the ledger edition is only possible if one of the above three conditions is met. In this case, the condition expression would be as follows:
Editions!@CUR.owner_label = @participant_label OR
Editions!@CUR.is_submission OR
Editions!@CUR = "PUBLIC"
Moreover, for Finalizer Participant Units, it is usually necessary to grant additional access rights to the shared workspace edition, among others (such as when using the shared workspace as their workspace without assigning a private ledger edition to the Finalizer Participant Unit). In this case, the condition expression would be modified as follows:
Editions!@CUR.owner_label = @participant_label OR
Editions!@CUR.is_submission OR
Editions!@CUR = "PUBLIC" OR
Editions!@CUR = "WORKSPACE" ....
Of course, the condition expressions above can be combined with other expressions for use.