cancel
Showing results for 
Search instead for 
Did you mean: 

Roles - SAP_BPM_SUPERADMIN vs SAP_BPM_NAVIGATION

0 Kudos

Hello All,

In my application we have built a custom bpm inbox where any user can claim, complete,release the task. For claiming/completing/releasing the task, i added SAP_BPM_SUPERADMIN role. But as per the security analysis, as any end user will have ability to claim,release,complete the task- ideally everyone will have the admin access which is vulnerable.

Could you please advise if SAP_BPM_NAVIGATION can be used instead of superAdmin? What is the acutal difference between these two roles?

Regards,

Lakxman

Accepted Solutions (0)

Answers (2)

Answers (2)

junwu
Active Contributor
0 Kudos

can you tell me your current design?

how the inbox is developed?

0 Kudos

The current design is,

We have different inbox for different team. A user will have a role specific to that team. A user can see and search the tasks from his team- in all status (New,already claimed by another user,completed etc)

If he searches a New task, he can claim it and do manipulation of the task. He cannot directly claim a task being worked by anyother user. He has to first unlock it and then only claim.

If he has wrongly picked a task and wants to release, he can do that.

Please let me know if you need any details. Thanks.

junwu
Active Contributor
0 Kudos

you are just telling the business requirement..... i didn't get any design related infor from that...

I want to know how technically you did it, using bpm api? how to determine the task is available to that user?...

anyway can you assign that role to the administrator of the process? maybe that will help.

0 Kudos

Hi Jun,

Yes, we are using the BPM API in Web dynpro Java. Whenever a user claims a task, we have an entry in our application DB that this user is currently having the task. When he leaves the task(either Release/Complete) we update back the record.

But is that possible to Start,Stop,Claim,release and complete the task without using the SAP_BPM_SUPERADMIN role?

junwu
Active Contributor
0 Kudos

i cannot help further, if you are not able to tell your technical design.

junwu
Active Contributor
0 Kudos

bpm end user is enough

0 Kudos

Hi Jun,

Thank you for the reply. But I need to give the user rights to claim a task, release a task,delete a task and complete the task.

Could you please let me know if all these could be done using the bpm end user role?

Regards,

Lakxman