guest_user_and_data_object_section_update (#2098)

docs/Building_Diagrams/data_objects.md

@@ -48,3 +48,71 @@ Examples of Data Objects include documents, forms, reports, databases, or any ot
 | ![id_field](images/id_field.png) | **ID:** Example - updateCustomerInformation | A descriptive name given to the element, providing a human-readable label or title. |
 | ![documentation_field](images/documentation_field.png) | **Element Documentation:** URL, Raw Data, Plain Text | Additional information or documentation related to the element, such as URLs, plain text, or raw data. |
 | ![data_object_prop](images/data_object_prop.png) | **Element Documentation:** inventory_items | Enter an existing data object ID |
+
+## Handling Sensitive Data Using Data Objects
+
+Handling sensitive data, such as credit card numbers and passwords, requires careful management to ensure security and privacy.
+This documentation outlines the process of creating and managing sensitive data objects within SpiffWorkflow, along with setting appropriate permissions.
+
+### Process Breakdown
+
+#### 1. Identifying Sensitive Data
+- Determine what constitutes sensitive data within your workflow.
+This could include personal information, financial details, or confidential business information.
+
+#### 2. Data Object Creation and Script Task Integration
+
+- **Script Task Setup**: Develop a script task that interacts with the data object.
+The script should be designed to handle the sensitive data securely, ensuring it's not exposed or logged inadvertently.
+- **Data Object Creation**: Create a data object in the workflow to store the sensitive data.
+This object acts as a container for the data, separating it from the main workflow logic.
+
+#### 3. Assigning Data Categories
+
+- **Categorization**: Assign a specific category to the data object that reflects its sensitive nature.
+For example, categories like `confidential` or `private` or the name of the field can be used.
+
+#### 4. Implementing Access Controls
+
+- **Permission Rules**: Establish permission rules, using a Decision Model and Notation (DMN) table or another mechanism as described under [Admin and Permissions](/DevOps_installation_integration/admin_and_permissions.md).
+This step involves specifying who can access the sensitive data.
+- **Access Restrictions**: Define the access level (e.g., read, write, deny) for different user groups or roles.
+For instance, you might restrict read access to certain groups while denying it to others.
+- **URL-Based Permissions**: Use URL patterns to enforce permissions.
+For example, a URL pattern like `/process-data/confidential/*` can be used to control access to all data objects categorized as confidential.
+
+### Example: Steps to Handle Sensitive Data
+
+#### 1. Creating a Script Task with Sensitive Data
+- **Initial Setup**: Start by creating a script task where the script sets a variable (e.g., `a=1`).
+This variable `a` could represent sensitive data like a credit card number.
+- **Execution**: Run the task to observe the value of `a`.
+![image](images/private_data_object.png)
+
+#### 2. Converting to a Data Object
+
+- **Data Object Creation**: Create a data object and name it (e.g., `a`).
+Link this data object to the script task and set the data object ID to `a`.
+- **Assign a Category**: Assume the data object represents a credit card number.
+Assign a category to this data object, such as `creditcards`.
+- **Visibility**: The credit card data is visible until permissions are set to restrict access.
+![image](images/category.png)
+- **Process Execution**: Upon running the process, the value of the data object will be `1`.
+![image](images/sensitive_value.png)
+
+#### 3. Setting Permissions with DMN Table
+
+- **Access Control**: To control who can see the credit card data, you could set permissions in a DMN Table.
+- **Permission Configuration**: Set the following permissions:
+  - `permission_groups` to `"everybody"`
+  - `permissions` to `"DENY:read"`
+  - `permission_urls` to `"/process-data/creditcards/"`
+
+![image](images/setting_permissions.png)
+
+#### 4. Implementing Restricted Access
+
+With these permissions, access to the credit card data is denied to everyone, ensuring that no unauthorized individuals can view this sensitive information.
+
+By following these steps, SpiffWorkflow users can securely handle sensitive data within their processes.
+The combination of data objects, categorization, and precise permission settings ensures that sensitive information like credit card numbers is protected and accessible only to those with the necessary authorization.

docs/Building_Diagrams/guest_user.md

@@ -0,0 +1,44 @@
+# Guest User Task
+The Guest User Task feature in SpiffArena allows users who are not logged into the system to complete specified human tasks. This functionality enhances accessibility and usability, enabling a broader range of users to interact with the process models without requiring an account.
+
+## Key Features
+
+- **Task Accessibility**: Allows guest users to complete tasks marked as "allow guest" in the process model.
+- **Direct Navigation**: Guests can access tasks via a constructed URL, eliminating the need for login credentials.
+- **Security Measures**: Guests are redirected to the login screen if they attempt to navigate away from the task page, ensuring secure access control.
+
+## Testing Instructions
+
+To verify the functionality of the Guest User Task feature, follow these steps:
+
+1. **Create a Process Model**:
+
+Design a process model that includes a manual or user task. Ensure you check the **"allow guest"** checkbox.
+
+![Guest user](images/guest_user1.png)
+
+2. **Start the Process Model**:
+
+Initiate the process model using the same user account that created it.
+
+3. **Access the Task GUID**:
+
+Navigate to the process instance show page and retrieve the GUID of the human task.
+
+![Guest user](images/guest_user2.png)
+
+4. **Construct the Access URL**:
+
+Create a URL in this format:
+     ```
+     [domain]/public/tasks/[process_instance_id]/[task_guid]
+     ```
+
+Replace `[domain]`, `[process_instance_id]`, and `[task_guid]` with appropriate values.
+
+5. **Test as a Guest User**:
+
+Open an incognito or private browsing window (not logged into Spiff). Navigate to the constructed URL. Confirm that the guest user can complete the task.
+![Guest user](images/guest_user3.png)
+
+The Guest User Task feature improves usability for non-logged-in users by allowing them to complete designated tasks seamlessly. 

docs/index.md

@@ -27,6 +27,7 @@ Building_Diagrams/data.md
 Building_Diagrams/multiinstance.md
 Building_Diagrams/dmn.md
 Building_Diagrams/pools_and_lanes.md
+Building_Diagrams/guest_user.md
 Building_Diagrams/Builtin_examples.md
 ```
 
@@ -35,7 +36,6 @@ Building_Diagrams/Builtin_examples.md
 :caption: Debugging Diagrams
 Debugging_Diagrams/bpmn_unit_tests.md
 Debugging_Diagrams/process_error_handling.md
-Debugging_Diagrams/Private_data.md
 ```
 
 ```{toctree}