Configure ACLs according to user accounts to allow (or disable) starting, and participating in, workflows.
Actions on workflows can be undertaken if:
- you are working with the admin account
- the account has been assigned to the default group workflow-users:
- this group holds all the privileges necessary for your users to perform workflow actions.
- when the account is in this group it only has access to workflows that it has initiated.
- the account has been assigned to the default group workflow-administrators:
- this group holds all the privileges necessary for your privileged users to monitor and administer workflows.
- when the account is in this group it has access to all workflows.
These are the minimum requirements. Your account must also be either the assigned participant or a member of the assigned group to take specific steps.
Workflow models inherit a default access control list (ACL) for controlling how users can interact with workflows. To customize user access for a workflow, modify the Access Control List (ACL) in the repository for the folder containing the workflow model node:
For information about using CRXDE Lite to configure ACLs, see Access Right Management.
If the workflow model is stored within /var/workflow/models then you can assign a specific ACL, relevant to only that workflow, on the folder:
Comparable to the DAM workflows stored under
You can then add an ACL to the folder itself.
In the Add New Entry dialog add a new ACE with the following properties:
- Principal: content-authors
- Type: Deny
- Privileges: jcr:read
As with Apply an ACL for the specific workflow model to /var/workflow/models you can include a rep:glob to limit access to a specific workflow.
The Access Control List table now includes the restriction for content-authors on the prototypes folder.