Controlling bpm'online Access Rights Using a Custom Lookup

A frequent request from our customers is the ability to control security via a lookup. This type of security set up falls outside the typical object permission setup within bpm’online. This post teaches you how to use a business process and custom lookup object to implement this team based security without the need for any custom development. Learn how to control the security of an account record by using a new lookup field that will be added the page via Section Wizard. Below are the five steps it takes to create a business process to control bpm’online access rights using a custom lookup.

STEP #1 – Set up the Necessary Organization Roles

Organizational Roles are set up under “Users and Administration” on the System Designer page. This functionality is only available to System Administrator users by default.

Organizational Roles

In this example, three new divisions have been created; The East, Central and West Region Organizational Roles

STEP #2 – Add a Custom Lookup Object

In the second step, you must create a new Object within your “Custom” package.

This is done through the configuration page of the Advanced Settings, which are also launched through the System Designer and only available to administrators.

You will use the Base Lookup object for inheritance and will need to add an extra column that targets the system administration object lookup list.



STEP #3 – Place a New Field on the Account Page to Control Security

A new column will need to be added to the Account section to control your new lookup object.

This can be done using a replacing object for Accounts or handled automatically by using the Section Wizard.

We will need to make sure to target our new lookup object and place the new field on to the page layout.

Account Page

STEP #4 – Populate the Lookup List and Link to System Administration Objects

Once the field has been placed on the Account page, you will need to populate the lookup list.

Using the lookup section, you first need to register your new lookup and then add entries to the list.

Most importantly, you will need to link your entries to the proper system administration objects for your process to work correctly.


STEP #5 – Design and Test the Business Process

1. bpm’online Process Elements


  • Signal Start Event – To automatically launch the process

Read Data

  • Read Data System Action – To read the record that has launched the process and region information

Change Access Rights

  • Change Access Rights System Action – To set the proper permissions


  • Terminate End Event – To finish the process

2. Final Process Diagram

Final Process Diagram

Learn how the process elements in Step 5 are used by watching this video demonstration, or watch the entire process here

Tim Casey
bpm'online Practice Lead

Tim works as the bpm’online Practice Lead with Technology Advisors Inc. Previously, he worked as a Business Analyst with the services team. Prior to joining TAI, Tim held a number of Consulting, Sales Engineering, and Sales roles working with unified communication and networking technology.

Related Articles

February 13, 2019

Our Microsoft Office Exchange server is hosted by Microsoft on their Office 365 Cloud and our SugarCRM instance is setup to send emails from If we want to allow our Sugar users to send emails from within Sugar without having to setup their own SMTP credentials individually, we must grant the user access to send emails as each user. If this is not setup properly, we receive an error like: SMTP -> ERROR: DATA END command failed. Reply: STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to process message due to a permanent exception with message Cannot submit message.

February 4, 2019

Did you know that less than 40% of businesses have a CRM adoption rate above 90%? That means 60% of all businesses have poor CRM adoption. If this sounds like your current situation, the good news is you’re not alone. The bad news? No one is using the CRM your company invested thousands of dollars in.