Deal all,

Does any knows an answer for the next question?

I know RBAC is supported by CP4BA. Is ABAC (Attribute based access control) also supported by CP4BA?

Thanks in advance.

Ab.

Hi Ab,

CP4BA has many "capabilities".

In Workflow RBAC would mean: This user can administrate running process instances.
Workflow is finer grained. We can set this role in various scopes, down to the process instance level. We call that "instance based authorization".

Using the team services in Workflow you can implement a static attribute based authorization scheme: Tasks are assigned to teams. The team can be calculated by custom code. The custom code can query users by attributes (e.g. from LDAP) and return only those where the manager flag is true or the language is Spanish or whatever.

See https://www.ibm.com/docs/en/baw/24.x?topic=team-using-services-define-dynamic-teams 

This is static, though. That is, if you learned Spanish and have your attribute updated, the task assignment might not change.

Workflow even allows you to maintain user attributes in the product database, independent of LDAP.

https://www.ibm.com/docs/en/baw/24.x?topic=interface-creating-user-attribute-definition

HTH

Jens

Deal all,

Does any knows an answer for the next question?

I know RBAC is supported by CP4BA. Is ABAC (Attribute based access control) also supported by CP4BA?

Thanks in advance.

Ab.