Managing Workflow Security Roles

v8.3

Understanding Workflow Security Roles

Security workflow roles are a tool that enable Sequence developers to achieve segregation of duties. They achieve this by assigning users and groups to a workflow security role depending on the level of access and visibility they need to perform their work.

When you upgrade from a previous product version, you can use the old permission model (organization-based permission) or the new permission model (role-based permission).

IMPORTANT: By default, task recipients and form creators are granted read permission on the process, and read and write permission on the relevant activity.

Custom Workflow Security Roles

When you create a custom workflow security role, there are several assignment options for each permission.

Option
Description
Permission Assignment Options
Allow
The permission is assigned to the workflow security role.
Deny
The permission is restricted to the workflow security role. Cases in which a user or user group are assigned workflow security roles that conflict, the Deny assignment overrides Allow and Not set assignments.
Not set
The permission is not assigned or restricted to the workflow security role.

Working with Permissions

Administrator Console

The place where you create, edit, and remove workflow security roles.

  • Navigate to Administration > Security > Workflow Roles.
  • View all available workflow security roles.
  • Create, edit, and delete custom workflow security roles.

Note: You cannot edit or delete system roles.

App Studio

The place where you assign users and groups to a workflow security roles. Role assignments are applied to all instances of the workflow.

  • Assign users and groups to workflow security roles.
  • Security roles apply to all workflow versions in a single workflow space.
  • For the Sharing Activity, you can define workflow security roles using a group expression or user expression.
About this Article
  • Created: 03/13/2017 5:14 am EDT
  • Last updated: 05/18/2017 8:44 am EDT
In This Article