Access Groups and Permissions

Access Groups are the main way to determine who has access to a document. Basically, they represent a group of people who could have access to a document. For instance, managers and employees could be two groups of people who have access to a workorder document.

In a Document Definition, you can define which Access Groups exists. However, the membership of an Access Group can differ per document. A document contains lists of Access Group members; one for each Access Group defined in the Document Definition. This implies that a person who is member of the managers Access Group in one workorder may not be member of the managers Access Group in another workorder.

In a Document Definitions, permissions can be set per Access Group. These permissions determine which fields a person may see and edit and which lines may be created and deleted. If an access group does not have view access to any field, the document as a whole is invisible for members of the Access Group.

If there are statuses defined in the Document Definition, the permissions granted to an Access Group can differ per status. In this case, a person's permissions depend on the combination of one's Access Group and the status of the document. For instances, an employee may edit certain fields when workorder has the concept status, but not when the workorder has the final status.

Permissions in BizzStream are extremely powerful because the Access Groups are defined in Document Definitions whereas Access Group members are stored in each document individually. This allows us to deal with a variety of situations. For instance, you could model a business process were certain persons have access to all documents that are based on a particular Document Definition. It is also possible to model processes where a person has access to some documents (say a project), but not to others. This flexibility allows BizzStream to deal with situations where other systems fail.