Controlling bpm'online Access Rights Using a Custom Lookup

A frequent request from our customers is the ability to control security via a lookup. This type of security set up falls outside the typical object permission setup within bpm’online. This post teaches you how to use a business process and custom lookup object to implement this team based security without the need for any custom development. Learn how to control the security of an account record by using a new lookup field that will be added the page via Section Wizard. Below are the five steps it takes to create a business process to control bpm’online access rights using a custom lookup.

STEP #1 – Set up the Necessary Organization Roles

Organizational Roles are set up under “Users and Administration” on the System Designer page. This functionality is only available to System Administrator users by default.

Organizational Roles

In this example, three new divisions have been created; The East, Central and West Region Organizational Roles

STEP #2 – Add a Custom Lookup Object

In the second step, you must create a new Object within your “Custom” package.

This is done through the configuration page of the Advanced Settings, which are also launched through the System Designer and only available to administrators.

You will use the Base Lookup object for inheritance and will need to add an extra column that targets the system administration object lookup list.



STEP #3 – Place a New Field on the Account Page to Control Security

A new column will need to be added to the Account section to control your new lookup object.

This can be done using a replacing object for Accounts or handled automatically by using the Section Wizard.

We will need to make sure to target our new lookup object and place the new field on to the page layout.

Account Page

STEP #4 – Populate the Lookup List and Link to System Administration Objects

Once the field has been placed on the Account page, you will need to populate the lookup list.

Using the lookup section, you first need to register your new lookup and then add entries to the list.

Most importantly, you will need to link your entries to the proper system administration objects for your process to work correctly.


STEP #5 – Design and Test the Business Process

1. bpm’online Process Elements


  • Signal Start Event – To automatically launch the process

Read Data

  • Read Data System Action – To read the record that has launched the process and region information

Change Access Rights

  • Change Access Rights System Action – To set the proper permissions


  • Terminate End Event – To finish the process

2. Final Process Diagram

Final Process Diagram

Learn how the process elements in Step 5 are used by watching this video demonstration, or watch the entire process here

Tim Casey
bpm'online Practice Lead

Tim works as the bpm’online Practice Lead with Technology Advisors Inc. Previously, he worked as a Business Analyst with the services team. Prior to joining TAI, Tim held a number of Consulting, Sales Engineering, and Sales roles working with unified communication and networking technology.

Related Articles

September 12, 2018

Have you ever received this notification in SugarCRM: “Warning: User licenses exceeded by 1”? Knowing how many active users are in your system can avoid this roadblock in the future. So, how can you check the number of active users in SugarCRM? Do the following:

August 14, 2018

Bpm’online has rich functionality to manage security access to users. The greater level of granular control however comes with complexity that can get very confusing to manage as your organization grows.

Setting up security for temporary workers is a common need and is often setup such that it is just for "this one user, this one time".  A common question we get is about providing read-only access so they can view information, but not really make updates.