Learning Center

Rights-Based Approval Routing (RBAR)

The greatest security challenge for workflow automation is the disconnect that occurs between the security-sensitive actions executed in a workflow and the actual security delegation policies determining who may perform these actions (and against which specific objects), as defined by the security system of record.


EmpowerID solves this security problem by using the transparent enforcement of delegation policies through the inherent security of its unique workflow architecture, without requiring specific modifications to accommodate the security. In fact, designing a secure workflow does not require knowledge of the security mechanism by the workflow's designer. This permits accelerated secure workflow and application design that has not been possible with workflow products until now.


EmpowerID's default workflow approval routing mechanism, called Rights-Based Approval Routing (RBAR), routes requests based upon delegation of protected actions, called operations. Operations are workflow shapes that represent protected code actions that can be delegated using role assignments. These special operation workflow shapes contain a miniature authorization and approval workflow inside of them, called the operation approval base. This hidden (embedded) workflow is shared by all operations of the same type and provides a real-time authorization check to determine whether a person attempting to execute an action against a resource has a role that allows them to do so. If the person in question does not have the required rights, the mini workflow handles the required approval routing, creation of task tracking dashboard entries, and email notifications.


RBAR unifies workflow and RBAC security to enforce real-time evaluation and routing of who can approve what based on the actual rights delegated to the current person at that time for the affected resource. Approvals route to approvers with the necessary privileges to perform the intended operation.


Rights-Based Approval Routing (RBAR) is EmpowerID’s own unique technology for securing actions in a workflow by securing the identity and the rights of a user operating the workflow as well as the subsequent routing of approvals.