Understanding Workflow Security Roles
Security workflow roles are a tool that enable Sequence developers to achieve segregation of duties. They achieve this by assigning users and groups to a workflow security role depending on the level of access and visibility they need to perform their work.
When you upgrade from a previous product version, you can use the old permission model (organization-based permission) or the new permission model (role-based permission).
IMPORTANT: By default, task recipients and form creators are granted read permission on the process, and read and write permission on the relevant activity.
Custom Workflow Security Roles
When you create a custom workflow security role, there are several assignment options for each permission.
|Allow||The permission is assigned to the workflow security role.|
|Deny||The permission is restricted to the workflow security role. Cases in which a user or user group are assigned workflow security roles that conflict, the Deny assignment overrides Allow and Not set assignments.|
|Not set||The permission is not assigned or restricted to the workflow security role.|
Working with Permissions
The place where you create, edit, and remove workflow security roles.
- Navigate to Administration > Security > Workflow Roles.
- View all available workflow security roles.
- Create, edit, and delete custom workflow security roles.
Note: You cannot edit or delete system roles.
The place where you assign users and groups to a workflow security roles. Role assignments are applied to all instances of the workflow.
- Assign users and groups to workflow security roles.
- Security roles apply to all workflow versions in a single workflow space.
- For the Sharing Activity, you can define workflow security roles using a group expression or user expression.