V9.5
Overview
You can create security workflow roles to determine access levels for designing workflows or accessing Flowtime processes. You define security role permissions per workflow space. This means that a user can be granted permissions for one workflow space, but denied the same permission for a different workflow space.
You manage workflow security roles in the Administration website, under Administration > Security.
There are two types of security roles: Workflow Design Time and Workflow Runtime.
| Role type | Description | System roles |
|---|---|---|
| Workflow Design Time | Determines levels of access for developing workflows. |
|
| Workflow Runtime | Determines levels of access in Flowtime. Security roles apply to all workflow versions in a single workflow space. |
|
You can assign permissions to security roles from the workflow list in the Administration website, or from the App Studio page, when designing the workflow.
Create or edit security workflow roles
- To create or edit workflow roles, go to Administration > Security, and select a type of role.
- Click Add Security Role to create a new role.
- Click the edit button next to an existing role to edit.
- Set the required permission levels.
To learn about what each permission does, point to the question mark (
).
).NOTE
You cannot edit or delete system roles.
Assign workflow runtime permissions
You need to assign security roles for users for each workflow. Role assignments apply for all instances of the workflow.
- In the App Studio, select Set Permissions.
- In the Set Workflow Runtime Permissions, select one of the options:
- Assign Everyone: assigns the role to all users.
- Edit Assigned: enables you to assign the role to specific groups or users.
IMPORTANT
By default, task recipients and form creators are granted read permission on the process, and read and write permission on the relevant activity.
Sharing Activity
When you set up a Sharing Activity, you can use expressions to assign workflow security roles to groups or users.
List of permissions
Workflow Design Time
| General | View Edit Manage Versions Set Runtime Permissions Set Design-Time Permissions Manage Attached Objects Check-In On Behalf of Others |
Workflow Runtime
| General | View Start Execute Share |
| Recipient Assignment | Add Remove Reassign |
| Social | View Questions View Comments Add Questions Add Comments |
| Admin | Abort Roll Back Modify |
| Super Admin | Delete |
NOTE
On upgrade from a previous product version, you can use the previous permission model (organization-based permission) or the new permission model (role-based permission).
V8.7
Overview
You can create security workflow roles to determine access levels for designing workflows or accessing Flowtime processes. You define security role permissions per workflow space. This means that a user can be granted permissions for one workflow space, but denied the same permission for a different workflow space.
You manage workflow security roles in the Administration website, under Administration>Security.
There are two types of security roles: Workflow Design Time and Workflow Runtime.
| Role type | Description | System roles |
|---|---|---|
| Workflow Design Time | Determines levels of access for developing workflows. |
|
| Workflow Runtime | Determines levels of access in Flowtime. Security roles apply to all workflow versions in a single workflow space. |
|
You can assign permissions to security roles from the workflow list in the Administration website, or from the App Studio page, when designing the workflow.
Create or edit security workflow roles
- To create or edit workflow roles, go to Administration > Security, and select a type of role.
- To edit an existing role, click the edit button next to it.
- To create a new role, click Add Security Role.
- Set the required permission levels.
To learn about what each permission does, point to the question mark ().
Note: You cannot edit or delete system roles.
Assign workflow runtime permissions
You need to assign security roles for users for each workflow. Role assignments apply for all instances of the workflow.
- In the App Studio, select Set Permissions.
- In the Set Workflow Runtime Permissions, select one of the options:
- Assign Everyone: assigns the role to all users.
- Edit Assigned: enables you to assign the role to specific groups or users.
IMPORTANT: By default, task recipients and form creators are granted read permission on the process, and read and write permission on the relevant activity.
Sharing Activity
When you set up a Sharing Activity, you can use expressions to assign workflow security roles to groups or users.
List of permissions
Workflow Design Time
| General | View Edit Manage Versions Set Runtime Permissions Set Design-Time Permissions Manage Attached Objects Check-In On Behalf of Others NEW |
Workflow Runtime
| General | View Start Execute Share |
| Recipient Assignment | Add Remove Reassign |
| Social | View Questions View Comments Add Questions Add Comments |
| Super Admin | Abort Roll Back Delete Modify |
NOTE: When you upgrade from a previous product version, you can use the previous permission model (organization-based permission) or the new permission model (role-based permission).
V8.5
Understanding Workflow Security Roles
Security workflow roles are a tool that enable developers to achieve segregation of duties. They achieve this by assigning users and groups to a workflow security role depending on the level of access and visibility they need to perform their work.
There are two categories for security workflow roles. The permissions granted and denied for these roles are defined for a specific workflow space. This means that a user can be granted permissions for one workflow space, but denied the same permission for a different workflow space.
- Workflow Design Time: determines levels of access for developing workflows.
- Workflow Runtime: determines levels of access in Flowtime.
When you upgrade from a previous product version, you can use the old permission model (organization-based permission) or the new permission model (role-based permission).
IMPORTANT: By default, task recipients and form creators are granted read permission on the process, and read and write permission on the relevant activity.
Working with Permissions
Administrator Console
The place where you create, edit, and remove workflow security roles.
- Navigate to Administration > Security > Workflow Roles.
- View all available workflow security roles.
- Create, edit, and delete custom workflow security roles.
Note: You cannot edit or delete system roles.
App Studio
The place where you assign users and groups to a workflow security roles. Role assignments are applied to all instances of the workflow.
- Assign users and groups to workflow security roles.
- Security roles apply to all workflow versions in a single workflow space.
- For the Sharing Activity, you can define workflow security roles using a group expression or user expression.
V8.3-8.4
Understanding Workflow Security Roles
Security workflow roles are a tool that enable developers to achieve segregation of duties. They achieve this by assigning users and groups to a workflow security role depending on the level of access and visibility they need to perform their work.
When you upgrade from a previous product version, you can use the old permission model (organization-based permission) or the new permission model (role-based permission). When you import a workflow to a newly installed Cora SeQuence environment, you can only use the new permissions model.
IMPORTANT: By default, task recipients and form creators are granted read permission on the process, and read and write permission on the relevant activity.
Custom Workflow Security Roles
When you create a custom workflow security role, there are several assignment options for each permission.
| Option | Description |
|---|---|
| Allow | The permission is assigned to the workflow security role. |
| Deny | The permission is restricted to the workflow security role. Cases in which a user or user group are assigned workflow security roles that conflict, the Deny assignment overrides Allow and Not set assignments. |
| Not set | The permission is not assigned or restricted to the workflow security role. |
Working with Permissions
Administrator Console
The place where you create, edit, and remove workflow security roles.
- Navigate to Administration > Security > Workflow Roles.
- View all available workflow security roles.
- Create, edit, and delete custom workflow security roles.
Note: You cannot edit or delete system roles.
App Studio
The place where you assign users and groups to a workflow security roles. Role assignments are applied to all instances of the workflow.
- Assign users and groups to workflow security roles.
- Security roles apply to all workflow versions in a single workflow space.
- For the Sharing Activity, you can define workflow security roles using a group expression or user expression.
— Alex on 12/14/2017
Thanks for the great idea! I updated the article with image of how workflow permissions appear in App Studio.
— Y on 12/13/2017
Is there a picture of how it looks in app studio?