Permission Descriptions for Users and Groups
Overview
In Workflow, a permission allows a Workflow user or group member to view a type of information or perform an action in Workflow. Below are some examples of Workflow permissions:
Start Requests
View the list of Processes
Edit Processes
Edit Workflow Screens
Create Environment Variables
Permissions are organized into categories, such as for Processes, Requests, and Screens.
Assign Permissions to Users and Groups
While permissions apply to Workflow users, those permissions can be assigned from a Workflow user account or a Workflow group:
User-level permissions: Permissions can be assigned to a Workflow user account. These permission assignments only apply to that user account. From user-level permissions, you can assign Administrator-level permissions or all permissions to a Workflow user account. Instead of assigning individual permissions to a Workflow user account, the following options are also available:
Super Admin: Assign the Make this user a Super Admin option to grant unrestricted access to the entire Workflow instance. In doing so, Workflow does not check permissions for Workflow user accounts with this setting selected, allowing such users to administer and install packages which might otherwise require permissions be granted to a Workflow user account to perform. Workflow users whose account have this setting may do the following:
​Start a Request for any Process in that Workflow instance regardless of whether any Process model grants such a user permission to do so.
View the Tasks as displayed in the Task column of Request summaries by clicking a link to that Task. Workflow users that do not have the Make this user a Super Admin option do not have a hyperlink to Tasks from Request summaries.
All permissions: Assign the Assign all permissions to this user option to assign all permissions to that Workflow user account.
See Edit a User Account.
Group-level permissions: Permissions can be assigned to a Workflow group. A group assigns the same permissions to all Workflow user account members. Using Workflow groups makes it easy to manage permissions for multiple Workflow user accounts with identical permission assignments. From group-level permissions, you can assign all permissions to a Workflow group. See Edit a Group.
User and Group Permissions are Cumulative
User-level and group-level permission assignments are cumulative. This means that a Workflow user account has all the group-level permission assignments from all its group memberships, but also has the flexibility of permission assignments that apply only to that Workflow user account. For example, a Workflow user account might be a member of a group whereby its members can view the list of all Processes. However, a Workflow Administrator can assign the permission to edit Processes to only the one Workflow user account.
Best Practice to Assign Permissions
Workflow recommends creating Workflow groups based on how you define Workflow usage roles in your organization. Based on usage roles you define, assign permissions to Workflow groups so that all group members have the same permission set. Below is an example how you might create groups to assign permissions:
Workflow user: Most Workflow users start or participate in Requests and perform Tasks. Their permission assignments may be limited to Requests. Note that if you want specific Workflow users and/or groups to start and/or cancel Requests, those must be set from the following functional areas and are outside the scope of the permission settings discussed in this topic:
Cancel Requests
Start Requests
Workflow Administrator: Workflow Administrators administer the Workflow environment and its users. Their permission assignments may be limited to Auth Clients, Collections, Comments, Groups, Requests, Translations, and Users categories. Assign specific Workflow Administrators in their Workflow user accounts the Make this user a Super Admin option.
Permission Descriptions
Permissions are organized into categories. Permissions are described below by category and how each permission affects Workflow functionality. These permissions function identically in Workflow user accounts and groups.
Groups
The Groups category contains the following permissions:
Create Groups: View a Workflow group from the Groups page. Selecting this permission also selects the Edit Groups permission. See Create a New Group.
Delete Groups: Delete a Workflow group from the Groups page. See Delete a Group.
Edit Groups: Edit a Workflow group from the Groups page. See Edit a Group.
View Groups: View the table of Workflow groups on the Groups page. See View All Groups.
Select the View Groups permission to use any of the other permissions in this category.
Processes
The Processes category contains the following permissions:
Edit Processes: Edit a Process model and/or its configuration from the Processes page.
View Processes: View the table of Processes on the Processes page. See View All Processes.
Requests
The Requests category contains the following permissions:
Edit Request Data: View the Data tab for a completed Request and edit the completed Request data that is in JSON format. See Editable Request Data.
Edit Task Data: View the Data tab for an assigned Task and edit the Task data that is in JSON format. See Editable Task Data.
View All Requests: View the All Requests page and Request information accessible from that page. See View All Requests.
Users
The Users category contains the following permissions:
Create Users: Create a Workflow user account from the Users page. Selecting this permission also selects the Edit Users permission. See Create a New User Account.
Delete Users: Delete a Workflow user account from the Users page. See Delete a User Account.
Edit Users: Edit a Workflow user account from the Users page. See Edit a User Account.
View Other Users Profiles: View another Workflow user's profile. If a Workflow is not granted this new permission, then that user receives an Error 404 (not found) page when clicking on another user's avatar or manually adjusting the URL to view another user's profile page. See View Another User's Profile Information.
View Users: View the table of Workflow user accounts on the Users page. See View All Users Accounts.
Select the View Users permission to use any of the other permissions in this category.
Last updated