主权项 |
1. A computer-implemented method for executing a workflow, wherein the workflow comprises a set of individual activities, the individual activities executable according to alternative execution paths, each of the execution paths through the workflow comprising a plurality of tasks, each task having an associated access policy, the method comprising:
computing a global workflow access type and a partial workflow access type, wherein
the global workflow access type specifies a right to execute all of the individual activities belonging to the workflow, andthe partial workflow access type specifies a right to execute all tasks of a plurality of tasks of a particular path of the alternative execution paths in the workflow based on one or more access policies corresponding to the plurality of tasks, so that the workflow is executable along the particular path; receiving a request from a user to execute the workflow; executing an access control based on a workflow access type assigned to the user, wherein
if the user is assigned the global workflow access type, authorizing the user to execute all of the individual activities belonging to the workflow,if the user is assigned the partial workflow access type, authorizing the user to access all tasks of a corresponding plurality of tasks of the particular path, andif the user is not assigned the global workflow access type or the partial workflow access type, rejecting the user before executing the workflow. |