Managing Workflow Security Roles

v8.3-8.4

Understanding Workflow Security Roles

Security workflow roles are a tool that enable Cora SeQuence developers to achieve segregation of duties. They achieve this by assigning users and groups to a workflow security role depending on the level of access and visibility they need to perform their work.

When you upgrade from a previous product version, you can use the old permission model (organization-based permission) or the new permission model (role-based permission). When you import a workflow to a newly installed Cora SeQuence environment, you can only use the new permissions model.

IMPORTANT: By default, task recipients and form creators are granted read permission on the process, and read and write permission on the relevant activity.

Custom Workflow Security Roles

When you create a custom workflow security role, there are several assignment options for each permission.

Option
Description
Permission Assignment Options
Allow
The permission is assigned to the workflow security role.
Deny
The permission is restricted to the workflow security role. Cases in which a user or user group are assigned workflow security roles that conflict, the Deny assignment overrides Allow and Not set assignments.
Not set
The permission is not assigned or restricted to the workflow security role.

Working with Permissions

Administrator Console

The place where you create, edit, and remove workflow security roles.

  • Navigate to Administration > Security > Workflow Roles.
  • View all available workflow security roles.
  • Create, edit, and delete custom workflow security roles.

Note: You cannot edit or delete system roles.

App Studio

The place where you assign users and groups to a workflow security roles. Role assignments are applied to all instances of the workflow.

  • Assign users and groups to workflow security roles.
  • Security roles apply to all workflow versions in a single workflow space.
  • For the Sharing Activity, you can define workflow security roles using a group expression or user expression.

v8.5

Understanding Workflow Security Roles

Security workflow roles are a tool that enable Cora SeQuence developers to achieve segregation of duties. They achieve this by assigning users and groups to a workflow security role depending on the level of access and visibility they need to perform their work.

There are two categories for security workflow roles. The permissions granted and denied for these roles are defined for a specific workflow space. This means that a user can be granted permissions for one workflow space, but denied the same permission for a different workflow space.

  • Workflow Design Time: determines levels of access for developing workflows.
  • Workflow Runtime: determines levels of access in Flowtime.

When you upgrade from a previous product version, you can use the old permission model (organization-based permission) or the new permission model (role-based permission).

IMPORTANT: By default, task recipients and form creators are granted read permission on the process, and read and write permission on the relevant activity.


Working with Permissions

Administrator Console

The place where you create, edit, and remove workflow security roles.

  • Navigate to Administration > Security > Workflow Roles.
  • View all available workflow security roles.
  • Create, edit, and delete custom workflow security roles.

Note: You cannot edit or delete system roles.

App Studio

The place where you assign users and groups to a workflow security roles. Role assignments are applied to all instances of the workflow.

  • Assign users and groups to workflow security roles.
  • Security roles apply to all workflow versions in a single workflow space.
  • For the Sharing Activity, you can define workflow security roles using a group expression or user expression.

About this Article
  • Created: 03/13/2017 5:14 am EDT
  • Last updated: 03/21/2018 4:03 am EDT
In This Article