6 BPM Access Control Scenarios You Didn’t Think Of

Neil Miller

October 25th, 2016 BPM  

Role-based access control in a Business Process Management Solution

One deal-breaker you may discover too late when exploring a business process management (BPM)  is access control. Workflows have lots of data, and not all of it is meant for everyone to see. However, many business users assume that restricting access to certain data is a feature that comes with any BPM software. Unfortunately, that’s not the case.

Role Based Access Control

Types of Access

First, think through the types of access you want to have.

Access to Edit the Process

Each process has an administrator, but who else is authorized to go in and make changes? Does your BPM tool let you see who made what changes at what time? Can your process administrator make changes in the middle of a process? Do you want her to be able to edit information midstream? How transparent and comprehensive is your documentation for each item?

Access to Reports

Your business process management tool should allow you to define who has access to see the metrics of how a process is going and who is able to see a bird’s-eye view of all completed and in-progress tasks.

Editing Data During the Workflow

When the form comes up for a task owner, the process admin should have three of the following options for each data field in the chosen business process management solution:

  • Make a field editable for the task owner
  • Make a field read-only
  • Hide a field entirely

This way, the process admin will be able to control exactly what is seen at each task to maintain privacy and accountability.

Static vs. Data-based Permissions

Some data fields should always be hidden on certain tasks. However, you may have some fields that you want to show or hide based on data entered earlier. The best BPM software should allow you to perform this dynamically.

Built for power. Built for humans.

Get a Free 7-day Trial with KiSSFLOW!

Specific Scenarios

Here are some scenarios that business users find themselves stuck in after choosing a business process management tool that doesn’t offer good control over data access.

  • In a Leave Application process, Armando only wants ‘Reason for Leave’ to be seen by each person’s manager and not by HR later on in the process.
  • In a Meeting Agenda process, Laura wants anyone from her leadership team to be able to approve an agenda item, but the leadership team is in flux and she doesn’t want to manually change the process each time.
  • In a Budget Approval item, Sergey wants to give editable access to certain fields to everyone’s reporting manager.
  • In a New Hire process, Marquita wants to hide compensation information from the website team when they publish the job listing.
  • In an Employee Onboarding process, Ken wants to automatically skip a step that sends out a mass email if the employee has requested certain information not be made public.
  • In a Vendor Payment process, Caroline wants specific line items to display for Accounts Receivable only if the initiator indicates so with a slider.

This is just a sample of some of the situations you may run into while building your automated business process. Do your research and make sure that the business process management software you are considering can be flexible enough to accommodate all of these situations. Even if you don’t currently need this functionality in your business process management solution, you will definitely require it later.