Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to implement ACL in activiti?

rahulbabarit
Champ in-the-making
Champ in-the-making

‎06-14-2011 02:00 AM

Hi All,

We are looking for implementing ACL (Access Control List) for our web application which uses activiti workflows. Is there any support for ACL in activiti itself? I appreciate your suggestions on how to implement ACL in activiti.

Thanks,
Rahul Babar
Labels:
0 Kudos
4 REPLIES 4

frederikherema1
Star Contributor
Star Contributor

‎06-14-2011 03:13 AM

The only thing activiti offers out of the box are users and groups (used for task assignement and authentication). More fine-grained access control (eg. limiting visibility of process-definitions or not allowing to start process-instance for certain definition) don't exist I'm affraid.

It all depends on how you want to use it. You can write a layer on top of activiti, which filters the result of certain calls to activiti, based on the user and checks all attempts to eg. start a process. Depends on how fine-grained you want your ACL's and how much you want to expose of the engine.
0 Kudos

heymjo
Champ on-the-rise
Champ on-the-rise

‎06-14-2011 08:29 AM

somewhat related: Would it be reasonable / feasible to have an extension point that allows you to delegate the candidate selection to a custom interface ?

pseudocode:


<userTask id="theTask" name="my task" activiti:customCandidates="group(management), permission={UK,CZ,BE}" />

with something like this to be implemted by the app


// returns candidate users
public List<String> resolveCustomCandidates(String candidateExpression) {

  //candidateExpression = group(management), permission={UK,CZ,BE}
  //this impl is responsible for parsing the expression and returning the list of candidates
}

Thanks
Jorg
0 Kudos

frederikherema1
Star Contributor
Star Contributor

‎06-14-2011 08:37 AM

If you're using activiti with spring, this is possible (workaround), by defining a bean in your clontext and using it in the candidateGroups expressions:

activiti:candidateGroups="${candidateHandler.getGroupDandicates("group(management), permission={UK,CZ,BE}}")

Also, If you're not using spring, you can pass the objects you want to be available in expressions, to the ProcessEngineConfiguration "beans" property.
0 Kudos

heymjo
Champ on-the-rise
Champ on-the-rise

‎06-14-2011 09:44 AM

that's a good enough 'workaround' , thanks !

Jorg
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC