Cisco Cisco Process Orchestrator 3.0 Guida Utente

Process Orchestrator objects have an owner. For example, Process Orchestrator targets, processes, 
calendar, target group, global variables, etc. all have an owner field. Owners are security principals; by 
default, they reflect the user who created an object. However, they can be set to any Active Directory 
security principal. In addition, in the preferences section of the UI, users can specify a security principal 
such as a group name to use for all objects they create. This concept is useful in team development.

One type of RBAC object definition within an RBAC permission is an Owner security permission. This 
has two possible settings:

The connected user matches objects the user owns, either directly or indirectly. For example, if the 
user running the Process Orchestrator console is a member of a group specified in an owner field, 
the permission would match that object.

Exactly the specified user matches objects where the user is an explicit match.

This feature can be used to give a simple yet powerful way to say users can act on objects they create. It 
can also be used to specify access to objects according to the security principal of the connecting user. 
If groups are used for owner fields rather than the ID of the user who created the object, users of that 
group will have access. This is very useful in team development scenarios.

Object views have an optional column that can be used to manage object ownership. 

A security role is a list of permissions that enhances product use through logical groupings of powers 
and objects for reuse in multiple places. A security permission is a pairing of a scope that defines the 
objects and powers over those objects. 

After a security role has been defined, it is available in a list of available security roles on the 
Administration > Security view.