Enabling Users to Act on a Specific Workflow Step
You must specify who can act on each step in the request resolution workflow. Only users who are specified on the Security tab in the Workflow Step window can process a request at that step.
To specify who can act on a specific workflow step:
-
Log on to PPM.
-
From the menu bar, select Open > Administration > Open Workbench.
The PPM Workbench opens.
-
From the shortcut bar, select Configuration > Workflows.
The Workflow Workbench opens.
-
Click List.
-
On the Results tab, locate and open the workflow.
The Workflow window opens to the Layout tab.
-
Double-click the step you want to configure.
The Workflow Step window opens.
-
Click the Security tab, and then click New.
The Workflow Step Security dialog box opens.
-
In the list at the top of the window, select one of the following methods for specifying the step security:
-
Security Group Name
-
Username
-
Standard Token
-
User Defined Token
Selecting a value from this list automatically updates the other fields in the window. For example, selecting Enter a Username changes the Security Group field label to Username.
-
-
Specify the security groups, usernames, or tokens to control the access to this step.
-
Click OK.
The security specification is added to the Security tab. You can add more specifications to the step by clicking New and repeating these steps. You can, therefore, control step security using a combination of security groups, usernames, and tokens.
-
Click OK.
Tip: Consider assigning a security group to each decision, execution and condition step, even if many of the steps proceed automatically. If a command fails, or a condition is not met, it may be necessary to manually override the step.
Also consider assigning a "Request Manager" security group to each step. You can provide that group with global access to act on every step in the process. This helps avoid bottlenecks by giving a small group permission to process stalled requests.
Avoid allowing just one person to act on a workflow step. If that user changes roles or leaves the company, a process update (reconfiguration) would be required. Instead, use a token or security group to configure access dynamically.