Flow Action form - Completing the Security tab

Complete this optional tab to specify privileges or when conditions that restrict user access to this flow action. If you leave the Security tab blank, the flow action is available to every user working on an assignment that references this flow action (who has RuleSet-list access to this rule).

Also use this tab to configure optional logging of each use at runtime of this rule.


For example, you can restrict a Cancel flow action to only users who hold certain privileges. You can restrict use of a DeferToTomorrow flow action to be visible only after 4:00 P.M.

Order is not significant in these arrays. Access to the flow action requires that users hold at least one of the privileges listed and that at least one of the when condition rules evaluates to true.

Field Description
Privilege Class Optional. Enter the Applies To class — first key part — of a class the system is to use to find a privilege rule. Leave blank to refer to a privilege with an Applies To key part that matches the first key part of this flow.
Privilege Name Optional. Enter the — name second key part — of a privilege to restrict access to this flow action to those users who hold the privilege.

The system uses the Privilege Class and Privilege Name values with class inheritance to look for the privilege rule.

A user that holds any one of the privileges in this array can see and select the flow action. You hold a privilege if at least one access role in your access role list that grants access to the privilege. The association of access role names and privileges is defined by Access of Role to Object rules.

Allow User to Perform Action When All Conditions Are True Optional. Identify one or more when condition rules to control whether, when, or which users at runtime can select and complete this flow action. This feature can support your business logic by conditionalizing the availability of this flow action, based on data associated with the work item, the user, or other facts.

For example, you can define a flow action on assignments involving more than $2,000 to appear only to managers. Or you could set a when condition for a flow action to appear in the UI only before a 4:00 P.M. daily cutoff time.


Complete these optional fields to record each time a user requests this flow action. Each time the flow action is requested, your application can add an instance of the Log-DataAccessAudit class, to support later compliance auditing, reporting, and analysis. The added instance identifies the date, time, Operator ID, flow action, Customer party (if any) and work item ID.

Logging occurs upon initial selection of the flow action, whether or not the flow action is completed. You can create report definition rules to report on Log-DataAccessAudit instances, or export the data for analysis.

(On the Display Options tab of the Harness form, you can provide a similar logging capability for user forms.)

Enable this feature only if detailed auditing is needed in your application. Auditing increases the database workload of your application and can produce large volumes of log data.

Field Description
Auditing These fields allow you to log each access of this flow action. A similar capability is available for harnesses.
Audit Use? Select to enable auditing for this flow action.
When Optional. Enter the When Name key part of a when condition rule that is evaluated each time a user displays a user form based on this harness. To find this rule at runtime, rule resolution uses the Applies To key part of this harness as the Applies To key part of the when rule. If the when rule evaluates to true, the activity in the Audit Activity is executed.

If blank, the activity is always executed.

Audit Activity Enter the Activity Name key part of an activity to run when a user selects this flow action (and the When condition, if not blank, evaluates to true). To find this activity at runtime, rule resolution uses the Applies To key part of this harness as the Applies To key part of the activity.

You can use the standard activity Work-.Audit here, or a similar activity that meets the needs of your application and adds an instance to the Log-DataAccessAudit class. The Work-.Audit activity records the full name and identifier of a work party with the party role Customer, if present. Your application can choose to record a different role or other facts about the work item. Your activity can use the Obj-Save method with WriteNow enabled, to ensure that logging occurs even when the flow action is selected but not completed.

Parameters If the activity uses input parameters, click to provide values for each parameter. The system automatically completes the following four parameter values; you do not need to complete them.
  • pyRuleKey — Handle ( pzInsKey ) of the flow action.
  • pyRuleClass — Rule-Obj-FlowAction
  • pyRuleAppliesToClass — The Applies To key part of this flow action
  • pyRulePurpose — The Action Name key part of this flow action.

Process category

About Flow Actions