You're viewing help content for version:

Configure ACLs according to user accounts to allow (or disable) starting, and participating in, workflows. 

Required User Permissions for Workflows

Actions on workflows can be undertaken if:

  • you are working with the admin account
  • the account has been assigned to the default group workflow-users:
    • this group holds all the privileges necessary for your users to perform workflow actions.
    • when the account is in this group it only has access to workflows that it has initiated.
  • the account has been assigned to the default group workflow-administrators:
    • this group holds all the privileges necessary for your privileged users to monitor and administer workflows.
    • when the account is in this group it has access to all workflows.

Note:

These are the minimum requirements. Your account must also be either the assigned participant or a member of the assigned group to take specific steps.

Configuring Access to Workflows

Workflow models inherit a default access control list (ACL) for controlling how users can interact with workflows. To customize user access for a workflow, modify the Access Control List (ACL) in the repository for the folder containing the workflow model node:

Note:

For information about using CRXDE Lite to configure ACLs, see Access Right Management.

Apply an ACL for the specific workflow model to /var/workflow/models

If the workflow model is stored within /var/workflow/models then you can assign a specific ACL, relevant to only that workflow, on the folder:  

  1. Open CRXDE Lite in your web browser (for example, http://localhost:4502/crx/de).

  2. In the node tree, select the node for the workflow models folder:

    /var/workflow/models

  3. Click the Access Control tab.

  4. In the Local Access Control Policies (Access Control List) table, click the plus icon to Add Entry.

  5. In the Add New Entry dialog add a new ACE with the following properties:

    • Principal: content-authors
    • Type: Deny
    • Privileges: jcr:read
    • rep:glob: reference to the specific workflow
    WF-108

    The Access Control List table now includes the restriction for content-authors on the prototype-wfm-01 workflow model.

    WF-109
  6. Click Save All.

    The prototype-wfm-01 workflow is no longer available to members of the content-authors group.

Create a subfolder in /var/workflow/models and apply the ACL to that

Your development team can create the workflows in a sub-folder of

/var/workflow/models

Comparable to the DAM workflows stored under

/var/workflow/models/dam/

You can then add an ACL to the folder itself.

  1. Open CRXDE Lite in your web browser (for example, http://localhost:4502/crx/de).

  2. In the node tree, select the node for the individual folder in the workflow models folder; for example:

    /var/workflow/models/prototypes

  3. Click the Access Control tab.

  4. In the Applicable Access Control Policy table, click the plus icon to Add an entry.

  5. In the Local Access Control Policies (Access Control List) table, click the plus icon to Add Entry.

  6. In the Add New Entry dialog add a new ACE with the following properties:

    • Principal: content-authors
    • Type: Deny
    • Privileges: jcr:read

    Note:

    As with Apply an ACL for the specific workflow model to /var/workflow/models you can include a rep:glob to limit access to a specific workflow.

    WF-110

    The Access Control List table now includes the restriction for content-authors on the prototypes folder.

    WF-111
  7. Click Save All.

    The models in the prototypes folder are no longer available to members of the content-authors group.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy