Hello , I would like to know if it's possible in YAWL to define conflicting users , conflicting roles , conflicting permissions and conflicting tasks . Also I wonder if the principle of the least privilege is applied in YAWL .
Thank you

For every work item that is offered by the system, YAWL computes a set of users as specified in the workflow specification. This can depend on users, roles, capabilities etc. 

If the work item is also started by the system, YAWL then chooses one user from the set previously computed. There are several strategies for doing this (round robin, random, ...).

Please explain in more detail what conflict means to you in this setting.

The principle of least privilege is something that you would have to watch for when giving rights and roles to users.

 

So the least privilege isn't applied automatically ?
By conflicting users for example , I mean that for a user x , is there a possibility to specify a user y , (generally a family member or friend ) .So that if x makes an order , y can't approve it .
There is a table of thoses concepts .
thank you for your help

There is a mechanism for the four-eyes principle in YAWL. You can specify that the user selected for a certain task must not be identical to the user that executed a previous task in the same case.

What do you mean by applying the least principle automatically?

flowergirl

Sun, 06/28/2015 - 08:27

So if I understand your answer , we can define conflicting tasks for a user , but what about conflicting users. can I specify that if the user selected for a task is X , so the user Y can't execute the next task in the same case ?
By least privilege , I mean if a user wants to make a task that requires a specific permission, even if he has other permissions , at the moment he wants to execute that task , he can only benefit from the permission needed and not all the permissions he has.
Thank you for your help.

YAWL can select users at runtime via variables. Together with automated tasks that call codelets (Java programs) you can implement anything you can imagine. But this requires some programming and is not an inbuilt feature as the four-eyes principle.

In YAWL there is the following set of privileges that you can assign to a user:

C





For each task you can specify privileges for each task:

  • Allow work item suspension
  • Allow work item reallocation
  • Allow work item deallocation
  • Allow work item delegarion
  • Allow work item to be skipped
  • Allow work item to be piled

So once you  have a work item assigned to you the only priviledges are about starting work items concurrently and delegating them to others etc.