Adding info about what it is required for users to manage approvals
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/02a4685a Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/02a4685a Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/02a4685a Branch: refs/heads/master Commit: 02a4685a100e7bf9952ad5c3e83c51f85bd5dc6c Parents: 243df5b Author: Francesco Chicchiriccò <[email protected]> Authored: Fri Sep 23 12:37:54 2016 +0200 Committer: Francesco Chicchiriccò <[email protected]> Committed: Fri Sep 23 12:38:06 2016 +0200 ---------------------------------------------------------------------- .../reference-guide/concepts/workflow.adoc | 21 +++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/02a4685a/src/main/asciidoc/reference-guide/concepts/workflow.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide/concepts/workflow.adoc b/src/main/asciidoc/reference-guide/concepts/workflow.adoc index 15e5f2a..b88ac7f 100644 --- a/src/main/asciidoc/reference-guide/concepts/workflow.adoc +++ b/src/main/asciidoc/reference-guide/concepts/workflow.adoc @@ -119,6 +119,25 @@ Managers could also be asked to complete the information provided before the req In order to define an approval form, a dedicated BPMN `userTask` needs to be defined, following the rules established for http://www.activiti.org/userguide/index.html#forms[Activiti forms^]. +[NOTE] +.What is required for administrators to manage approval? +==== +The following conditions must be met, for an User `U` to act as administrator for approval: + +. `U` must own the following <<entitlements,entitlements>>, for all the required realms: +.. `WORKFLOW_FORM_CLAIM` +.. `WORKFLOW_FORM_LIST` +.. `WORKFLOW_FORM_READ` +.. `WORKFLOW_FORM_SUBMIT` +.. `USER_READ` +. The BPMN `userTask` must either indicate `U` among `candidateUsers` or at least one of the groups assigned to `U` +among `candidateGroups`, as required by +http://www.activiti.org/userguide/index.html#bpmnUserTaskUserAssignmentExtension[Activiti's task assignment rules^] + +The special super-user `admin` is entitled to manage all approvals, even those not specifying any +`candidateUsers` or `candidateGroups`. +==== + [[sample-selfreg-approval]] .Approving self-registration ==== @@ -141,7 +160,7 @@ http://www.activiti.org/userguide/index.html#activitiModeler[Activiti Modeler^]. ---- <1> `formKey` and `id` must be unique across the workflow definition, `name` is displayed by the admin console; `candidateGroups` and `candidateUsers` might be defined, even both, to indicate which Groups or Users should be -managing these approvals +managing these approvals; if none are specified, only `admin` is entitled to manage such approval <2> `expression` will be evaluated against the current requesting `user` (as workflow variable) and related properties; read-only form input can be defined by setting `writable="false"` <3> exporting approval inputs into workflow variables is possible via the `variable` attribute; required form input can
