CTOT #45: Authorizing Access to Business Processes
An important aspect of business processes is who is allowed to start them. Not everyone is allowed to initiate every kind of process, and it is not just a matter of presentation. If you aren’t allowed to start a process, there should be no way of going around the UI in order to kick it off anyway. Proper authorization should be guaranteed at runtime. In this week’s episode, CTO Michael Rowley will discuss different strategies for process authorization. He will describe standard authorization features that support simple authorization tests as well as architectural patterns that can be used to support more complex authorization scenarios.