Set workflow permissions via ACL
In an access control list (ACL), you can assign and manage users as Execution authorized persons for user-defined versions (ERWF) and improvement processes (CIP). This way you can control who is allowed to execute transitions in ERWF and CIP in objects via the assigned ACL. Assignment via ACL is suitable if all users and participants of a workflow are known at the beginning and are not determined dynamically via queries.
Requirements: Only when category attributes (such as creator or reviewer) are referenced in the Execution authorized persons attribute can you assign users to these category attributes in the ACL. See also Set permissions in the transition.
Note: The ACL is evaluated exactly once for each start transition. All assigned users are transferred to the newly created workflow object.
Attention: Since the ACL is only evaluated at the beginning of a start transition, other users can be assigned as Execution authorized persons later in the workflow or through other assignments.
Structure of an ACL for workflows
-
1. Column : Users / groups assigned as executors.
-
1. Row : Category attributes from the Execution authorized persons attributes in the source category transitions. For the ERWF, the column Also visible to is also evaluated. This column allows you to configure which users are additionally allowed to see data of the workflow.
-
Cells: In the individual cells you define which directory object is assigned to a specific category attribute. Here you can assign directory objects as executors only (check mark) or not (question mark).
See also: Create ACL
Source of the workflow type
In ACLs, you can select a source in the Customized version or CIP tab. The source is the category used for the ERWF or CIP in each case. For each source, the permission can thus be managed per ACL.