Configuring access to configuration sets based on security role

The developer who has access to Infor Process Designer (IPD) can run the process flow and can access all the configuration sets created on the server. If you do not want to give access to all the configuration sets created for everyone who is working on the process flow development, perform this procedure:

These are the three delivered security classes which have access to all configuration sets that are created, or will be created:

  • ProcessServerAllAccess_ST
  • ProcessServerReadAccess_ST
  • ProcessDesigner_ST
  1. Remove the PfiConfiguration reference from the security classes which you usually give to the process flow developer:
    PfiConfiguration KeyField
                grants access
                    to all ontology
                    for all inquiries
                    unconditionally
    

    Removing the PfiConfiguration reference from these classes impacts both IPD and the Process Server Administrator, or Infor Rich Client, access for the configuration sets.

  2. Create a new security class with only one configuration set, for example:
    Access Rights 
            	PfiConfiguration KeyField 
                	grants access 
                    	to all ontology 
                    	for all inquiries 
                 	   when (PfiConfiguration = "main") 
    

    The example shows how to create the security class to give read access for the main configuration set. The value of PfiConfiguration depends on the name of the configuration set. In the example, the configuration set name is "main". To give both read and edit access to the configuration set, replace the word "inquiries" with "actions".

  3. Create a new security role and assign newly created configuration set security class to it.

    One or more security classes can be added to the new configuration set security role based on your need. For example, if you want to give access to "main" and "system" configuration sets to everyone or to multiple users, you can assign both security classes to the same security role.

  4. Assign the configuration set security roles to the users whom you want to give the access to.

    The new security class should be created for every configuration set. If you create a new configuration set, a corresponding security class should be created which should be assigned to an existing role. If a role does not exist, create one as described in Step 3.