Controlling bpm'online Access Rights Using a Custom Lookup

A frequent request from our customers is the ability to control security via a lookup. This type of security set up falls outside the typical object permission setup within bpm’online. This post teaches you how to use a business process and custom lookup object to implement this team based security without the need for any custom development. Learn how to control the security of an account record by using a new lookup field that will be added the page via Section Wizard. Below are the five steps it takes to create a business process to control bpm’online access rights using a custom lookup.

STEP #1 – Set up the Necessary Organization Roles

Organizational Roles are set up under “Users and Administration” on the System Designer page. This functionality is only available to System Administrator users by default.

Organizational Roles

In this example, three new divisions have been created; The East, Central and West Region Organizational Roles

STEP #2 – Add a Custom Lookup Object

In the second step, you must create a new Object within your “Custom” package.

This is done through the configuration page of the Advanced Settings, which are also launched through the System Designer and only available to administrators.

You will use the Base Lookup object for inheritance and will need to add an extra column that targets the system administration object lookup list.



STEP #3 – Place a New Field on the Account Page to Control Security

A new column will need to be added to the Account section to control your new lookup object.

This can be done using a replacing object for Accounts or handled automatically by using the Section Wizard.

We will need to make sure to target our new lookup object and place the new field on to the page layout.

Account Page

STEP #4 – Populate the Lookup List and Link to System Administration Objects

Once the field has been placed on the Account page, you will need to populate the lookup list.

Using the lookup section, you first need to register your new lookup and then add entries to the list.

Most importantly, you will need to link your entries to the proper system administration objects for your process to work correctly.


STEP #5 – Design and Test the Business Process

1. bpm’online Process Elements


  • Signal Start Event – To automatically launch the process

Read Data

  • Read Data System Action – To read the record that has launched the process and region information

Change Access Rights

  • Change Access Rights System Action – To set the proper permissions


  • Terminate End Event – To finish the process

2. Final Process Diagram

Final Process Diagram

Learn how the process elements in Step 5 are used by watching this video demonstration, or watch the entire process here

Tim Casey's picture
Tim Casey
bpm'online Practice Lead

Tim works as the bpm’online Practice Lead with Technology Advisors Inc. Previously, he worked as a Business Analyst with the services team. Prior to joining TAI, Tim held a number of Consulting, Sales Engineering, and Sales roles working with unified communication and networking technology.

Related Articles

August 27, 2019

Bpm'online has a quick and easy way to build a detail area (a.k.a. one-to-many relationship). You've probably already tried using the detail wizard and bpm'online auto-magically generated the functionality for you behind the scenes. So easy!

June 27, 2019

Did you know the subscription level of your Sugar Cloud instance dictates your data storage capacity? If you didn’t know, you probably haven’t hit your data limit; but you may be closer than you think! If you exceed capacity, you could be charged fees. No one likes fees.

So, let’s consider some key aspects of your Sugar storage: