In this article, a modified version of the ProductRetailDemo model is used as a reference. Here is the use case: there are 2 existing groups of business users having different privileges:

  • One BusinessUser role has have access to the SHOES families only, 

  • The BusinessUser2 role has access to the CLOTHING families only.

  • This can be implemented by creating 2 roles and adding privilege grants, like in this sample.

    • BusinessUser Filter

      FID_Family like '%CLOTHING%' or FID_Family is null
    • BusinessUser2 Filter

      FID_Family like '%SHOES%' or FID_Family is null


Now, the new requirement is to give both roles access to the same workflow task to create a product. This seems not possible as the Assign To Role expects a single role.

The trick is to create a third role that will be assigned to all users in addition to their existing business user role.

1. Create a technical role AllBusinessUsers:


2. Assign the role to all users that already the BusinessUser or BusinessUser2. In the following example, we assigned the new role to users businessuser and businessuser2 :


3. In the Application Builder, open the Add Product workflow, select the Create a Product task, and then set Assigned to roles to AllBusinessUsers:


4. Save and deploy the model.

5. Open a new incognito window and connect successively with users having the BusinessUser and BusinessUser2 roles. Business users still have their data filtered according to their initial role, but both now have access to the Add Product menu, to start the product workflow creation.


The assignment of the extra role can be easily automated using roles mapping by setting up an Identity Manager.