Business processes, which may also be referred to as business flows or workflows, provide a level of abstraction above programming languages such as Java or C++, making them easier for non-programmers to use to describe desired processing within a particular business process. Example languages used to define business processes include, for example, the Business Process Execution Language (BPEL), which is an XML-based executable language for specifying orchestration between web services that comprise a business process; Business Process Modeling Notation (BPMN), and/or BPM.
FIG. 1 shows an illustration of a typical networked computing environment. As shown in FIG. 1, a typical networked computing environment can include a plurality of clients 100, such as Client 1, Client 2, and Client N connected to a network 102, such as the Internet. The clients can be, for example, personal computers, workstations, mobile computing devices, or any other networkable device. Also connected to the network are a plurality of servers 104 such as Server 1, Server 2, and Server N. These servers can include application servers and web servers which provide services in response to requests that are received over the network from the clients or other servers or services. A developer system 106 can provide a software developer with access to the network to create, modify, and/or deploy business processes, which can then be utilized by the plurality of clients. The developer can deploy the business processes to a production server 108, which is typically a computer server system that stores and executes the business processes. The production server can access additional business processes stored in a database 110. The production server can receive service requests from the plurality of clients, or the plurality of servers, and execute an appropriate business process. Execution of the appropriate business process can include invoking one or more web services offered by the plurality of servers.
Business processes are comprised of activities. Each activity defines actions and logic to be executed. Activities can contain other activities, and such activities are referred to herein as container activities. Each container activity includes one or more contained activities which can either be primitive activities (i.e., activities which do not contain any additional activities) or another container activity.
Activities within the business processes can assign tasks to be completed by a user or a group of users before execution of the business process can continue. Access to these tasks can be controlled by Role Based Access Control (RBAC) based on application roles and privileges associated with those application roles.
In traditional RBAC systems, actions are tied to permissions which are then granted to roles to which users and groups belong. However, RBAC provides a coarse-grain access control which is not always adequate to meet user needs or provide customizable solutions to different customers.