Description of problem: In BPMS 6.0.1, a user with an 'analyst' role can Build&Deploy projects ("Build & Deploy" in Project Editor) even though the "Deployments" menu is properly hidden to the user. 'analyst' permission isn't clearly defined but according to the following docs, 'analyst' should not be able to build&deploy (or at least deploy) projects, I guess. Official docs: https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_BPM_Suite/6.0/html-single/Administration_And_Configuration_Guide/index.html#Access_control2 --- analyst: creates and designs processes and forms and instantiates the processes. This role is the similar to a developer, without access to asset repository and deployments. --- Community docs: http://docs.jboss.org/drools/release/6.0.1.Final/drools-docs/html/wb.Workbench.html#wb.Configuration --- Analyst is a weaker version of developer and does not have access to the asset repository or the ability to deploy projects. --- web.xml in BPMS business-central.war: --- Analyst - Responsible for creating and designing processes into the system. Creates process flows and handles process change requests. Needs to test processes that they create. Also creates forms and dashboards. --- Steps to Reproduce: 1. Create a user with a role 'analyst' 2. Log in to business-central 3. Go to [Project Authoring] and Build&Deploy a project ("Build & Deploy" in Project Editor) Actual results: - The user can build a project (and the artifact is deployed to Artifact repository and its process shows up in "Process Definitions") Expected results: - The user cannot build a project
I'm not very confident about if 'analyst' should be able to Build&Deploy. If 'analyst' should be able to, then we should make docs more clear.
Analyst should be able to click the Build & Deploy button. The deployments view is hidden however, as we believe this is too technical for him. Removing access to the Build & Deploy button is not recommended imho, it would prevent an analyst from deploying anything, so would always require intervention from a developer, preventing any form of self-service. Note that (especially in future versions, when we improve our support for promotion of assets / projects), there might be additional steps / verification behind that Build & Deploy button (that you will be able to configure) before a project is actually deployed.
Reassigning as doc issue.
If I understand it correctly, the roles description in Admin guide should mention that analyst is allowed to build&deploy project in the authoring perspective (although he is not allowed to access assert repository and deployments).
I am unsure what needs to be done here in terms of changing the documentation. At the moment, the docs [1] say: "analyst: creates and designs processes and forms and instantiates the processes. This role is the similar to a developer, without access to asset repository and deployments." This is exactly right in terms of what the user with the analyst role is allowed to do. >> This user doesn't have access to the deployments. << If I add in here that the analyst is allowed to 'deploy' but not access these deployments, that will get very confusing, IMHO. I am going to close this as NOTABUG. Please feel free to reopen if you think otherwise with an explanation. [1] https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BPM_Suite/6.0/html/Administration_And_Configuration_Guide/chap-Business_Central_configuration.html#Access_control2
Hi Vikram, > If I add in here that the analyst is allowed to 'deploy' but not access these deployments, that will get very confusing, IMHO. Yes, it's confusing. But it is the actual behaviour. So... isn't it better to writing it in docs than not writing when software has a confusing behaviour?
Thanks Toshiya. I have made a change to the analyst description to clarify that they can deploy. This can be verified here [1]. Moving this to CLOSED-->NEXTRELEASE and marking it for a 6.1 release. [1] https://documentation-devel.engineering.redhat.com/site/documentation/en-US/Red_Hat_JBoss_BPM_Suite/6.1/html-single/Administration_And_Configuration_Guide/index.html#Access_control2
Verified: "analyst: ... and deploys artifacts."